Commit 3f001aee by Klimov Paul

Escaping of the special characters at 'MATCH' statement added

parent 092ca93a
...@@ -4,6 +4,7 @@ Yii Framework 2 sphinx extension Change Log ...@@ -4,6 +4,7 @@ Yii Framework 2 sphinx extension Change Log
2.0.0-rc under development 2.0.0-rc under development
-------------------------- --------------------------
- Bug #3668: Escaping of the special characters at 'MATCH' statement added (klimov-paul)
- Enh: Added support for using sub-queries when building a DB query with `IN` condition (qiangxue) - Enh: Added support for using sub-queries when building a DB query with `IN` condition (qiangxue)
......
...@@ -128,4 +128,19 @@ class Connection extends \yii\db\Connection ...@@ -128,4 +128,19 @@ class Connection extends \yii\db\Connection
{ {
throw new NotSupportedException('"' . __METHOD__ . '" is not supported.'); throw new NotSupportedException('"' . __METHOD__ . '" is not supported.');
} }
/**
* Escapes all special characters from 'MATCH' statement argument.
* Make sure you are using this method whenever composing 'MATCH' search statement.
* @param string $str string to be escaped.
* @return string the properly escaped string.
*/
public function escapeMatchValue($str)
{
return str_replace(
['/', '"', "'", '(', ')', '|', '-', '!', '@', '~', '&', '^', '$', '=', "\x00", "\n", "\r", "\x1a"],
['\\/', '\\"', "\\'", '\\(', '\\)', '\\|', '\\-', '\\!', '\\@', '\\~', '\\&', '\\^', '\\$', '\\=', "\\x00", "\\n", "\\r", "\\x1a"],
$str
);
}
} }
...@@ -72,8 +72,10 @@ class Query extends Component implements QueryInterface ...@@ -72,8 +72,10 @@ class Query extends Component implements QueryInterface
*/ */
public $from; public $from;
/** /**
* @var string text, which should be searched in fulltext mode. * @var string|Expression text, which should be searched in fulltext mode.
* This value will be composed into MATCH operator inside the WHERE clause. * This value will be composed into MATCH operator inside the WHERE clause.
* Note: this value will be processed by [[Connection::escapeMatchValue()]],
* if you need to compose complex match condition use [[Expression]].
*/ */
public $match; public $match;
/** /**
...@@ -381,13 +383,14 @@ class Query extends Component implements QueryInterface ...@@ -381,13 +383,14 @@ class Query extends Component implements QueryInterface
/** /**
* Sets the fulltext query text. This text will be composed into * Sets the fulltext query text. This text will be composed into
* MATCH operator inside the WHERE clause. * MATCH operator inside the WHERE clause.
* Note: this value will be processed by [[Connection::escapeMatchValue()]],
* if you need to compose complex match condition use [[Expression]].
* @param string $query fulltext query text. * @param string $query fulltext query text.
* @return static the query object itself * @return static the query object itself
*/ */
public function match($query) public function match($query)
{ {
$this->match = $query; $this->match = $query;
return $this; return $this;
} }
......
...@@ -63,9 +63,14 @@ class QueryBuilder extends Object ...@@ -63,9 +63,14 @@ class QueryBuilder extends Object
$params = empty($params) ? $query->params : array_merge($params, $query->params); $params = empty($params) ? $query->params : array_merge($params, $query->params);
if ($query->match !== null) { if ($query->match !== null) {
$phName = self::PARAM_PREFIX . count($params); if ($query->match instanceof Expression) {
$params[$phName] = (string) $query->match; $query->andWhere('MATCH(' . $query->match->expression . ')');
$query->andWhere('MATCH(' . $phName . ')'); $params = array_merge($query->match->params);
} else {
$phName = self::PARAM_PREFIX . count($params);
$params[$phName] = $this->db->escapeMatchValue($query->match);
$query->andWhere('MATCH(' . $phName . ')');
}
} }
$from = $query->from; $from = $query->from;
......
...@@ -253,4 +253,35 @@ class QueryTest extends SphinxTestCase ...@@ -253,4 +253,35 @@ class QueryTest extends SphinxTestCase
->count('*', $connection); ->count('*', $connection);
$this->assertEquals(2, $count); $this->assertEquals(2, $count);
} }
/**
* @depends testRun
*/
public function testWhereQuotedValue()
{
$connection = $this->getConnection();
$query = new Query;
$rows = $query->from('yii2_test_article_index')
->andWhere(['author_id' => 'some"'])
//->match('about"')
->all($connection);
$this->assertEmpty($rows);
}
/**
* @depends testRun
*
* @see https://github.com/yiisoft/yii2/issues/3668
*/
public function testMatchSpecialCharValue()
{
$connection = $this->getConnection();
$query = new Query;
$rows = $query->from('yii2_test_article_index')
->match('about"@^')
->all($connection);
$this->assertNotEmpty($rows);
}
} }
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment