Commit 3f001aee by Klimov Paul

Escaping of the special characters at 'MATCH' statement added

parent 092ca93a
......@@ -4,6 +4,7 @@ Yii Framework 2 sphinx extension Change Log
2.0.0-rc under development
--------------------------
- Bug #3668: Escaping of the special characters at 'MATCH' statement added (klimov-paul)
- Enh: Added support for using sub-queries when building a DB query with `IN` condition (qiangxue)
......
......@@ -128,4 +128,19 @@ class Connection extends \yii\db\Connection
{
throw new NotSupportedException('"' . __METHOD__ . '" is not supported.');
}
/**
* Escapes all special characters from 'MATCH' statement argument.
* Make sure you are using this method whenever composing 'MATCH' search statement.
* @param string $str string to be escaped.
* @return string the properly escaped string.
*/
public function escapeMatchValue($str)
{
return str_replace(
['/', '"', "'", '(', ')', '|', '-', '!', '@', '~', '&', '^', '$', '=', "\x00", "\n", "\r", "\x1a"],
['\\/', '\\"', "\\'", '\\(', '\\)', '\\|', '\\-', '\\!', '\\@', '\\~', '\\&', '\\^', '\\$', '\\=', "\\x00", "\\n", "\\r", "\\x1a"],
$str
);
}
}
......@@ -72,8 +72,10 @@ class Query extends Component implements QueryInterface
*/
public $from;
/**
* @var string text, which should be searched in fulltext mode.
* @var string|Expression text, which should be searched in fulltext mode.
* This value will be composed into MATCH operator inside the WHERE clause.
* Note: this value will be processed by [[Connection::escapeMatchValue()]],
* if you need to compose complex match condition use [[Expression]].
*/
public $match;
/**
......@@ -381,13 +383,14 @@ class Query extends Component implements QueryInterface
/**
* Sets the fulltext query text. This text will be composed into
* MATCH operator inside the WHERE clause.
* Note: this value will be processed by [[Connection::escapeMatchValue()]],
* if you need to compose complex match condition use [[Expression]].
* @param string $query fulltext query text.
* @return static the query object itself
*/
public function match($query)
{
$this->match = $query;
return $this;
}
......
......@@ -63,10 +63,15 @@ class QueryBuilder extends Object
$params = empty($params) ? $query->params : array_merge($params, $query->params);
if ($query->match !== null) {
if ($query->match instanceof Expression) {
$query->andWhere('MATCH(' . $query->match->expression . ')');
$params = array_merge($query->match->params);
} else {
$phName = self::PARAM_PREFIX . count($params);
$params[$phName] = (string) $query->match;
$params[$phName] = $this->db->escapeMatchValue($query->match);
$query->andWhere('MATCH(' . $phName . ')');
}
}
$from = $query->from;
if ($from === null && $query instanceof ActiveQuery) {
......
......@@ -253,4 +253,35 @@ class QueryTest extends SphinxTestCase
->count('*', $connection);
$this->assertEquals(2, $count);
}
/**
* @depends testRun
*/
public function testWhereQuotedValue()
{
$connection = $this->getConnection();
$query = new Query;
$rows = $query->from('yii2_test_article_index')
->andWhere(['author_id' => 'some"'])
//->match('about"')
->all($connection);
$this->assertEmpty($rows);
}
/**
* @depends testRun
*
* @see https://github.com/yiisoft/yii2/issues/3668
*/
public function testMatchSpecialCharValue()
{
$connection = $this->getConnection();
$query = new Query;
$rows = $query->from('yii2_test_article_index')
->match('about"@^')
->all($connection);
$this->assertNotEmpty($rows);
}
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment