Escape value passed to sequelize.json

Sveinn Fannar Kristjansson
Commit 1fd04f79 authored Sep 24, 2014 by Sveinn Fannar Kristjansson
Showing with 10 additions and 7 deletions
lib/dialects/abstract/query-generator.js
lib/utils.js
test/utils.test.js
--- a/lib/dialects/abstract/query-generator.js
+++ b/lib/dialects/abstract/query-generator.js
@@ -1268,7 +1268,7 @@ module.exports = (function() {
          result = (value === 'NULL') ? key + ' IS NULL' : [key, value].join('=');
        }
      } else if (smth instanceof Utils.json) {
-        result = smth.toString();
+        result = smth.toString(this);
      } else if (Utils._.isPlainObject(smth)) {
        if (prepend) {
          if (tableName) options.keysEscaped = true;

--- a/lib/utils.js
+++ b/lib/utils.js
@@ -625,7 +625,7 @@ Utils.col.prototype.toString = function(queryGenerator, parentModel) {
  return queryGenerator.quote(this.col, parentModel);
 };

-Utils.json.prototype.toString = function () {
+Utils.json.prototype.toString = function (queryGenerator) {
  var _ = Utils._;

  // A recursive parser for nested where conditions
@@ -666,7 +666,7 @@ Utils.json.prototype.toString = function () {
    }

    if (this.value) {
-      str += util.format(" = '%s'", this.value);
+      str += util.format(" = %s", queryGenerator.escape(this.value));
    }

    return str;

--- a/test/utils.test.js
+++ b/test/utils.test.js
@@ -148,6 +148,8 @@ describe(Support.getTestDialectTeaser("Utils"), function() {
  });

  describe('json', function () {
+    var queryGeneratorStub = { escape: function (value) { return "'" + value + "'"; } };
+
    it('successfully parses a complex nested condition hash', function() {
      var conditions = {
        metadata: {
@@ -156,23 +158,24 @@ describe(Support.getTestDialectTeaser("Utils"), function() {
        },
        another_json_field: { x: 1 }
      };
-      expect((new Utils.json(conditions)).toString()).to.deep.equal("metadata#>>'{language}' = 'icelandic' and metadata#>>'{pg_rating,dk}' = 'G' and another_json_field#>>'{x}' = '1'");
+      var expected = "metadata#>>'{language}' = 'icelandic' and metadata#>>'{pg_rating,dk}' = 'G' and another_json_field#>>'{x}' = '1'";
+      expect((new Utils.json(conditions)).toString(queryGeneratorStub)).to.deep.equal(expected);
    });

    it('successfully parses a string using dot notation', function () {
      var path = 'metadata.pg_rating.dk';
-      expect((new Utils.json(path)).toString()).to.equal("metadata#>>'{pg_rating,dk}'");
+      expect((new Utils.json(path)).toString(queryGeneratorStub)).to.equal("metadata#>>'{pg_rating,dk}'");
    });

    it('allows postgres json syntax', function () {
      var path = 'metadata->pg_rating->>dk';
-      expect((new Utils.json(path)).toString()).to.equal(path);
+      expect((new Utils.json(path)).toString(queryGeneratorStub)).to.equal(path);
    });

    it('can take a value to compare against', function () {
      var path = 'metadata.pg_rating.is';
      var value = 'U';
-      expect((new Utils.json(path, value)).toString()).to.equal("metadata#>>'{pg_rating,is}' = 'U'");
+      expect((new Utils.json(path, value)).toString(queryGeneratorStub)).to.equal("metadata#>>'{pg_rating,is}' = 'U'");
    });
  });