Skip to content

public / sequelize

Go to a project

不要怂,就是干,撸起袖子干!

Commit 43c4f6b7 by SAURABH CHOPRA Committed by Sushant
Options

fix(sequelize.fn): escape dollarsign (#11533) (#11606)

1 parent 0201889b
Inline Side-by-side
Showing with 28 additions and 2 deletions
lib/dialects/abstract/query-generator.js
...@@ -943,7 +943,6 @@ class QueryGenerator { ...@@ -943,7 +943,6 @@ class QueryGenerator {
} }
} }
} }
return SqlString.escape(value, this.options.timezone, this.dialect); return SqlString.escape(value, this.options.timezone, this.dialect);
} }
...@@ -2134,7 +2133,7 @@ class QueryGenerator { ...@@ -2134,7 +2133,7 @@ class QueryGenerator {
if (_.isPlainObject(arg)) { if (_.isPlainObject(arg)) {
return this.whereItemsQuery(arg); return this.whereItemsQuery(arg);
} }
return this.escape(arg); return this.escape(typeof arg === 'string' ? arg.replace('$', '$$$') : arg);
}).join(', ')})`; }).join(', ')})`;
} }
if (smth instanceof Utils.Col) { if (smth instanceof Utils.Col) {
......
test/integration/instance/save.test.js
...@@ -428,6 +428,17 @@ describe(Support.getTestDialectTeaser('Instance'), () => { ...@@ -428,6 +428,17 @@ describe(Support.getTestDialectTeaser('Instance'), () => {
}); });
}); });
it('updates with function that contains escaped dollar symbol', function() {
return this.User.create({}).then(user => {
user.username = this.sequelize.fn('upper', '$sequelize');
return user.save().then(() => {
return this.User.findByPk(user.id).then(userAfterUpdate => {
expect(userAfterUpdate.username).to.equal('$SEQUELIZE');
});
});
});
});
describe('without timestamps option', () => { describe('without timestamps option', () => {
it("doesn't update the updatedAt column", function() { it("doesn't update the updatedAt column", function() {
const User2 = this.sequelize.define('User2', { const User2 = this.sequelize.define('User2', {
......
test/integration/model/create.test.js
...@@ -880,6 +880,16 @@ describe(Support.getTestDialectTeaser('Model'), () => { ...@@ -880,6 +880,16 @@ describe(Support.getTestDialectTeaser('Model'), () => {
}); });
}); });
it('should escape $ in sequelize functions arguments', function() {
return this.User.create({
secretValue: this.sequelize.fn('upper', '$sequelize')
}).then(user => {
return this.User.findByPk(user.id).then(user => {
expect(user.secretValue).to.equal('$SEQUELIZE');
});
});
});
it('should work with a non-id named uuid primary key columns', function() { it('should work with a non-id named uuid primary key columns', function() {
const Monkey = this.sequelize.define('Monkey', { const Monkey = this.sequelize.define('Monkey', {
monkeyId: { type: DataTypes.UUID, primaryKey: true, defaultValue: DataTypes.UUIDV4, allowNull: false } monkeyId: { type: DataTypes.UUID, primaryKey: true, defaultValue: DataTypes.UUIDV4, allowNull: false }
......
test/unit/dialects/abstract/query-generator.test.js
...@@ -98,6 +98,12 @@ describe('QueryGenerator', () => { ...@@ -98,6 +98,12 @@ describe('QueryGenerator', () => {
QG.handleSequelizeMethod(this.sequelize.where(this.sequelize.col('foo'), Op.not, null)) QG.handleSequelizeMethod(this.sequelize.where(this.sequelize.col('foo'), Op.not, null))
.should.be.equal('foo IS NOT NULL'); .should.be.equal('foo IS NOT NULL');
}); });
it('should correctly escape $ in sequelize.fn arguments', function() {
const QG = getAbstractQueryGenerator(this.sequelize);
QG.handleSequelizeMethod(this.sequelize.fn('upper', '$user'))
.should.include('$$user');
});
}); });
describe('format', () => { describe('format', () => {
......
Markdown is supported
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!