IDEMPIERE-4462 (#263)

Integrate patch from Paul Bowden (Adaxa) Co-authored-by: Paul Bowden <pbowden@adaxa.com>
2020-09-18 12:45:20 +02:00 · 2020-09-18 12:45:20 +02:00 · 599e13dda3
parent 703ce7bda8
commit 599e13dda3
2 changed files with 36 additions and 8 deletions
--- a/org.adempiere.base/src/org/compiere/dbPort/Convert.java
+++ b/org.adempiere.base/src/org/compiere/dbPort/Convert.java
@ -293,13 +293,13 @@ public abstract class Convert
 	 * @param retVars
 	 * @return string
 	 */
-	protected String replaceQuotedStrings(String inputValue, Vector<String>retVars) {
+	protected String replaceQuotedStrings(String inputValue, Vector<String>retVars, String nonce) {
 		// save every value  
 		// Carlos Ruiz - globalqss - better matching regexp
 		retVars.clear();
 		
 		// First we need to replace double quotes to not be matched by regexp - Teo Sarca BF [3137355 ]
-		final String quoteMarker = "<--QUOTE"+System.currentTimeMillis()+"-->";
+		final String quoteMarker = "<--QUOTE"+nonce+"-->";
 		inputValue = inputValue.replace("''", quoteMarker);
 		
 		Pattern p = Pattern.compile("'[[^']*]*'");
@ -309,7 +309,7 @@ public abstract class Convert
 		while (m.find()) {
 			String var = inputValue.substring(m.start(), m.end()).replace(quoteMarker, "''"); // Put back quotes, if any
 			retVars.addElement(var);
-			m.appendReplacement(retValue, "<--" + i + "-->");
+			m.appendReplacement(retValue, "<--QS" + i + "QS" + nonce + "-->");
 			i++;
 		}
 		m.appendTail(retValue);
@ -324,12 +324,12 @@ public abstract class Convert
 	 * @param retVars
 	 * @return string
 	 */
-	protected String recoverQuotedStrings(String retValue, Vector<String>retVars) {
+	protected String recoverQuotedStrings(String retValue, Vector<String>retVars, String nonce) {
 		for (int i = 0; i < retVars.size(); i++) {
 			//hengsin, special character in replacement can cause exception
 			String replacement = (String) retVars.get(i);
 			replacement = escapeQuotedString(replacement);
-			retValue = retValue.replace("<--" + i + "-->", replacement);
+			retValue = retValue.replace("<--QS" + i + "QS" + nonce + "-->", replacement);
 		}
 		return retValue;
 	}
--- a/org.compiere.db.postgresql.provider/src/org/compiere/dbPort/Convert_PostgreSQL.java
+++ b/org.compiere.db.postgresql.provider/src/org/compiere/dbPort/Convert_PostgreSQL.java
@ -19,6 +19,7 @@ import java.util.Map;
 import java.util.StringTokenizer;
 import java.util.TreeMap;
 import java.util.Vector;
+import java.util.concurrent.ThreadLocalRandom;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;

@ -47,6 +48,8 @@ public class Convert_PostgreSQL extends Convert_SQL92 {

 	private TreeMap<String,String> m_map;

+	private String sharedNonce = generateNonce();
+
 	/** Logger */
 	private static final CLogger log = CLogger.getCLogger(Convert_PostgreSQL.class);

@ -88,7 +91,15 @@ public class Convert_PostgreSQL extends Convert_SQL92 {
 		/** Vector to save previous values of quoted strings **/
 		Vector<String> retVars = new Vector<String>();
 		
-		String statement = replaceQuotedStrings(sqlStatement, retVars);
+		String nonce = sharedNonce;
+
+		// check for collision with nonce
+		while ( sqlStatement.contains(nonce))
+		{
+			nonce = generateNonce();
+		}
+
+		String statement = replaceQuotedStrings(sqlStatement, retVars, nonce);
 		statement = convertWithConvertMap(statement);
 		statement = convertSimilarTo(statement);
 		statement = DB_PostgreSQL.removeNativeKeyworkMarker(statement);
@ -106,7 +117,7 @@ public class Convert_PostgreSQL extends Convert_SQL92 {
 		else if (isCreate && cmpString.indexOf(" VIEW ") != -1)
 			;
 		else if (cmpString.indexOf("ALTER TABLE") != -1) {
-			statement = recoverQuotedStrings(statement, retVars);
+			statement = recoverQuotedStrings(statement, retVars, nonce);
 			retVars.clear();
 			statement = convertDDL(convertComplexStatement(statement));
 		/*
@ -124,7 +135,7 @@ public class Convert_PostgreSQL extends Convert_SQL92 {
 			statement = convertComplexStatement(convertAlias(statement));
 		}
 		if (retVars.size() > 0)
-			statement = recoverQuotedStrings(statement, retVars);
+			statement = recoverQuotedStrings(statement, retVars, nonce);
 		result.add(statement);

 		if ("true".equals(System.getProperty("org.idempiere.db.debug"))) {
@ -176,6 +187,20 @@ public class Convert_PostgreSQL extends Convert_SQL92 {
 		return "Y".equals(Env.getContext(Env.getCtx(), "P|IsUseSimilarTo"));
 	}

+	/**
+	 * Generate fairly hard to guess numeric string
+	 */
+	private String generateNonce() {
+
+		String newNonce = Long.toString(ThreadLocalRandom.current()
+				.nextLong(100000000000000000L,
+						999999999999999999L)).intern();
+
+		sharedNonce = newNonce;
+
+		return newNonce;
+	}
+
 	@Override
 	protected String escapeQuotedString(String in)
 	{
@ -921,6 +946,9 @@ public class Convert_PostgreSQL extends Convert_SQL92 {
 		}
 		if (token.startsWith("'") && token.endsWith("'"))
 			return false;
+		// quoted string substitution marker
+		else if ( token.matches("QS\\d+QS\\d{18}") )
+			return false;
 		else 
 		{
 			try {