Skip to content

public / sequelize

Go to a project

不要怂,就是干,撸起袖子干!

Commit 4fe4b37b by Mick Hansen
Options

fix(query-interface/generator): make sure index queries are properly escapes (closes #1943)

1 parent ce7865c0
Inline Side-by-side
Showing with 18 additions and 22 deletions
lib/dialects/mysql/query-generator.js
...@@ -258,15 +258,15 @@ module.exports = (function() { ...@@ -258,15 +258,15 @@ module.exports = (function() {
return Utils._.compact([ return Utils._.compact([
'CREATE', options.indicesType, 'INDEX', options.indexName, 'CREATE', options.indicesType, 'INDEX', options.indexName,
(options.indexType ? ('USING ' + options.indexType) : undefined), (options.indexType ? ('USING ' + options.indexType) : undefined),
'ON', tableName, '(' + transformedAttributes.join(', ') + ')', 'ON', this.quoteIdentifiers(tableName), '(' + transformedAttributes.join(', ') + ')',
(options.parser ? 'WITH PARSER ' + options.parser : undefined) (options.parser ? 'WITH PARSER ' + options.parser : undefined)
]).join(' '); ]).join(' ');
}, },
showIndexQuery: function(tableName, options) { showIndexQuery: function(tableName, options) {
var sql = 'SHOW INDEX FROM `<%= tableName %>`<%= options %>'; var sql = 'SHOW INDEX FROM <%= tableName %> <%= options %>';
return Utils._.template(sql)({ return Utils._.template(sql)({
tableName: tableName, tableName: this.quoteIdentifiers(tableName),
options: (options || {}).database ? ' FROM `' + options.database + '`' : '' options: (options || {}).database ? ' FROM `' + options.database + '`' : ''
}); });
}, },
...@@ -279,7 +279,7 @@ module.exports = (function() { ...@@ -279,7 +279,7 @@ module.exports = (function() {
indexName = Utils._.underscored(tableName + '_' + indexNameOrAttributes.join('_')); indexName = Utils._.underscored(tableName + '_' + indexNameOrAttributes.join('_'));
} }
return Utils._.template(sql)({ tableName: tableName, indexName: indexName }); return Utils._.template(sql)({ tableName: this.quoteIdentifiers(tableName), indexName: indexName });
}, },
attributesToSQL: function(attributes) { attributesToSQL: function(attributes) {
......
lib/dialects/sqlite/query-generator.js
...@@ -307,7 +307,7 @@ module.exports = (function() { ...@@ -307,7 +307,7 @@ module.exports = (function() {
showIndexQuery: function(tableName) { showIndexQuery: function(tableName) {
var sql = "PRAGMA INDEX_LIST(<%= tableName %>)"; var sql = "PRAGMA INDEX_LIST(<%= tableName %>)";
return Utils._.template(sql, { tableName: tableName }); return Utils._.template(sql, { tableName: this.quoteIdentifiers(tableName) });
}, },
removeIndexQuery: function(tableName, indexNameOrAttributes) { removeIndexQuery: function(tableName, indexNameOrAttributes) {
...@@ -318,7 +318,7 @@ module.exports = (function() { ...@@ -318,7 +318,7 @@ module.exports = (function() {
indexName = Utils._.underscored(tableName + '_' + indexNameOrAttributes.join('_')); indexName = Utils._.underscored(tableName + '_' + indexNameOrAttributes.join('_'));
} }
return Utils._.template(sql, { tableName: tableName, indexName: indexName }); return Utils._.template(sql, { tableName: this.quoteIdentifiers(tableName), indexName: indexName });
}, },
describeTableQuery: function(tableName, schema, schemaDelimiter) { describeTableQuery: function(tableName, schema, schemaDelimiter) {
...@@ -328,7 +328,7 @@ module.exports = (function() { ...@@ -328,7 +328,7 @@ module.exports = (function() {
options.quoted = false; options.quoted = false;
var sql = "PRAGMA TABLE_INFO(<%= tableName %>);"; var sql = "PRAGMA TABLE_INFO(<%= tableName %>);";
return Utils._.template(sql, { tableName: this.addSchema({tableName: tableName, options: options})}); return Utils._.template(sql, { tableName: this.addSchema({tableName: this.quoteIdentifiers(tableName), options: options})});
}, },
removeColumnQuery: function(tableName, attributes) { removeColumnQuery: function(tableName, attributes) {
......
test/query-interface.test.js
...@@ -68,8 +68,8 @@ describe(Support.getTestDialectTeaser("QueryInterface"), function () { ...@@ -68,8 +68,8 @@ describe(Support.getTestDialectTeaser("QueryInterface"), function () {
describe('indexes', function() { describe('indexes', function() {
beforeEach(function(done) { beforeEach(function(done) {
var self = this var self = this
this.queryInterface.dropTable('Users').success(function() { this.queryInterface.dropTable('Group').success(function() {
self.queryInterface.createTable('Users', { self.queryInterface.createTable('Group', {
username: DataTypes.STRING, username: DataTypes.STRING,
isAdmin: DataTypes.BOOLEAN, isAdmin: DataTypes.BOOLEAN,
from: DataTypes.STRING from: DataTypes.STRING
...@@ -82,19 +82,19 @@ describe(Support.getTestDialectTeaser("QueryInterface"), function () { ...@@ -82,19 +82,19 @@ describe(Support.getTestDialectTeaser("QueryInterface"), function () {
it('adds, reads and removes an index to the table', function(done) { it('adds, reads and removes an index to the table', function(done) {
var self = this var self = this
this.queryInterface.addIndex('Users', ['username', 'isAdmin']).complete(function(err) { this.queryInterface.addIndex('Group', ['username', 'isAdmin']).complete(function(err) {
expect(err).to.be.null expect(err).to.be.null
self.queryInterface.showIndex('Users').complete(function(err, indexes) { self.queryInterface.showIndex('Group').complete(function(err, indexes) {
expect(err).to.be.null expect(err).to.be.null
var indexColumns = _.uniq(indexes.map(function(index) { return index.name })) var indexColumns = _.uniq(indexes.map(function(index) { return index.name }))
expect(indexColumns).to.include('users_username_is_admin') expect(indexColumns).to.include('group_username_is_admin')
self.queryInterface.removeIndex('Users', ['username', 'isAdmin']).complete(function(err) { self.queryInterface.removeIndex('Group', ['username', 'isAdmin']).complete(function(err) {
expect(err).to.be.null expect(err).to.be.null
self.queryInterface.showIndex('Users').complete(function(err, indexes) { self.queryInterface.showIndex('Group').complete(function(err, indexes) {
expect(err).to.be.null expect(err).to.be.null
indexColumns = _.uniq(indexes.map(function(index) { return index.name })) indexColumns = _.uniq(indexes.map(function(index) { return index.name }))
...@@ -107,14 +107,10 @@ describe(Support.getTestDialectTeaser("QueryInterface"), function () { ...@@ -107,14 +107,10 @@ describe(Support.getTestDialectTeaser("QueryInterface"), function () {
}) })
}) })
it('does not fail on reserved keywords', function (done) { it('does not fail on reserved keywords', function () {
this.queryInterface.addIndex('Users', ['from']).done(function(err) { return this.queryInterface.addIndex('Group', ['from']);
expect(err).to.be.null });;
});
done()
})
})
})
describe('describeTable', function() { describe('describeTable', function() {
it('reads the metadata of the table', function(done) { it('reads the metadata of the table', function(done) {
......
Markdown is supported
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!