midsuit
/
core-jgi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[ 3137355 ] PG query not valid when contains quotes and backslashes 

Link to SF Tracker: http://sourceforge.net/support/tracker.php?aid=3137355
This commit is contained in:
teo_sarca 2011-03-26 00:19:04 -05:00
parent f78d75b771
commit f12e817fd3
2 changed files with 22 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
org.adempiere.base/src/org/compiere/dbPort/Convert.java
View File

@ -52,6 +52,9 @@ import org.compiere.util.Ini;
* https://sourceforge.net/tracker/?func=detail&aid=2782095&group_id=176962&atid=879332
* <li>TODO: BF [ 2782611 ] Migration scripts are not UTF8
* https://sourceforge.net/tracker/?func=detail&aid=2782611&group_id=176962&atid=879332
* @author Teo Sarca
* <li>BF [ 3137355 ] PG query not valid when contains quotes and backslashes
* https://sourceforge.net/tracker/?func=detail&aid=3137355&group_id=176962&atid=879332
*/
public abstract class Convert
{
@ -291,12 +294,18 @@ public abstract class Convert
// save every value
// Carlos Ruiz - globalqss - better matching regexp
retVars.clear();
// First we need to replace double quotes to not be matched by regexp - Teo Sarca BF [3137355 ]
final String quoteMarker = "<--QUOTE"+System.currentTimeMillis()+"-->";
inputValue = inputValue.replace("''", quoteMarker);
Pattern p = Pattern.compile("'[[^']*]*'");
Matcher m = p.matcher(inputValue);
int i = 0;
StringBuffer retValue = new StringBuffer(inputValue.length());
while (m.find()) {
retVars.addElement(new String(inputValue.substring(m.start(), m.end())));
String var = inputValue.substring(m.start(), m.end()).replace(quoteMarker, "''"); // Put back quotes, if any
retVars.addElement(var);
m.appendReplacement(retValue, "<--" + i + "-->");
i++;
}

12
org.compiere.db.postgresql.provider/src/org/compiere/dbPort/Convert_PostgreSQLTest.java
View File

@ -472,4 +472,16 @@ public final class Convert_PostgreSQLTest extends TestCase{
r = convert.convert(sql);
assertEquals(sqe, r[0]);
}
/**
* Test BF [3137355 ] PG query not valid when contains quotes and backslashes.
* https://sourceforge.net/tracker/?func=detail&aid=3137355&group_id=176962&atid=879332
*/
public void test3137355()
{
sql = "INSERT INTO MyTable (a, b, c, d, xml) VALUES ('val1', 'val2', 'this ''is'' a string with ''quotes'' and backslashes ''\\''', 'val4')";
sqe = "INSERT INTO MyTable (a, b, c, d, xml) VALUES ('val1', 'val2', E'this ''is'' a string with ''quotes'' and backslashes ''\\\\''', 'val4')";
r = convert.convert(sql);
assertEquals(sqe, r[0]);
}
}