Addshore has uploaded a new change for review.
https://gerrit.wikimedia.org/r/87050
Change subject: Add escaping for table names
......................................................................
Add escaping for table names
Change-Id: I3dfb4db365a6f507a9cf8884f2d149ee8a82e628
---
M src/MySQL/MySQLSchemaSqlBuilder.php
M src/SQLite/SQLiteSchemaSqlBuilder.php
M tests/phpunit/MySQL/MySQLSchemaSqlBuilderTest.php
M tests/phpunit/SQLite/SQLiteSchemaSqlBuilderTest.php
4 files changed, 26 insertions(+), 4 deletions(-)
git pull
ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/WikibaseDatabase
refs/changes/50/87050/1
diff --git a/src/MySQL/MySQLSchemaSqlBuilder.php
b/src/MySQL/MySQLSchemaSqlBuilder.php
index 17a0389..d06463d 100644
--- a/src/MySQL/MySQLSchemaSqlBuilder.php
+++ b/src/MySQL/MySQLSchemaSqlBuilder.php
@@ -5,6 +5,7 @@
use Wikibase\Database\Escaper;
use Wikibase\Database\Schema\Definitions\FieldDefinition;
use Wikibase\Database\Schema\SchemaModificationSqlBuilder;
+use Wikibase\Database\TableNameFormatter;
/**
* MySQL implementation of SchemaModificationSqlBuilder.
@@ -17,12 +18,15 @@
class MySQLSchemaSqlBuilder implements SchemaModificationSqlBuilder {
protected $fieldSqlBuilder;
+ protected $tableNameFormatter;
/**
* @param Escaper $fieldValueEscaper
+ * @param TableNameFormatter $tableNameFormatter
*/
- public function __construct( Escaper $fieldValueEscaper ) {
+ public function __construct( Escaper $fieldValueEscaper,
TableNameFormatter $tableNameFormatter ) {
$this->fieldSqlBuilder = new MySQLFieldSqlBuilder(
$fieldValueEscaper );
+ $this->tableNameFormatter = $tableNameFormatter;
}
/**
@@ -32,6 +36,8 @@
* @return string
*/
public function getRemoveFieldSql( $tableName, $fieldName ) {
+ $tableName = $this->tableNameFormatter->formatTableName(
$tableName );
+ //todo escape $fieldName
return "ALTER TABLE {$tableName} DROP {$fieldName}";
}
@@ -42,6 +48,7 @@
* @return string
*/
public function getAddFieldSql( $tableName, FieldDefinition $field ) {
+ $tableName = $this->tableNameFormatter->formatTableName(
$tableName );
return "ALTER TABLE {$tableName} ADD " .
$this->fieldSqlBuilder->getFieldSQL( $field );
}
diff --git a/src/SQLite/SQLiteSchemaSqlBuilder.php
b/src/SQLite/SQLiteSchemaSqlBuilder.php
index 5b04949..86c6632 100644
--- a/src/SQLite/SQLiteSchemaSqlBuilder.php
+++ b/src/SQLite/SQLiteSchemaSqlBuilder.php
@@ -5,6 +5,7 @@
use Wikibase\Database\Escaper;
use Wikibase\Database\Schema\Definitions\FieldDefinition;
use Wikibase\Database\Schema\SchemaModificationSqlBuilder;
+use Wikibase\Database\TableNameFormatter;
/**
* SQLite implementation of SchemaModificationSqlBuilder.
@@ -17,12 +18,15 @@
class SQLiteSchemaSqlBuilder implements SchemaModificationSqlBuilder {
protected $fieldSqlBuilder;
+ protected $tableNameFormatter;
/**
* @param Escaper $fieldValueEscaper
+ * @param TableNameFormatter $tableNameFormatter
*/
- public function __construct( Escaper $fieldValueEscaper ) {
+ public function __construct( Escaper $fieldValueEscaper,
TableNameFormatter $tableNameFormatter ) {
$this->fieldSqlBuilder = new SQLiteFieldSqlBuilder(
$fieldValueEscaper );
+ $this->tableNameFormatter = $tableNameFormatter;
}
/**
@@ -42,6 +46,7 @@
* @return string
*/
public function getAddFieldSql( $tableName, FieldDefinition $field ) {
+ $tableName = $this->tableNameFormatter->formatTableName(
$tableName );
return "ALTER TABLE {$tableName} ADD COLUMN " .
$this->fieldSqlBuilder->getFieldSQL( $field );
}
diff --git a/tests/phpunit/MySQL/MySQLSchemaSqlBuilderTest.php
b/tests/phpunit/MySQL/MySQLSchemaSqlBuilderTest.php
index 098a50d..9b844bf 100644
--- a/tests/phpunit/MySQL/MySQLSchemaSqlBuilderTest.php
+++ b/tests/phpunit/MySQL/MySQLSchemaSqlBuilderTest.php
@@ -23,7 +23,12 @@
->method( 'getEscapedValue' )
->will( $this->returnArgument(0) );
- return new MySQLSchemaSqlBuilder( $mockEscaper );
+ $mockTableNameFormatter = $this->getMock(
'Wikibase\Database\TableNameFormatter' );
+ $mockTableNameFormatter->expects( $this->any() )
+ ->method( 'formatTableName' )
+ ->will( $this->returnArgument(0) );
+
+ return new MySQLSchemaSqlBuilder( $mockEscaper,
$mockTableNameFormatter );
}
public function testGetRemoveFieldSql(){
diff --git a/tests/phpunit/SQLite/SQLiteSchemaSqlBuilderTest.php
b/tests/phpunit/SQLite/SQLiteSchemaSqlBuilderTest.php
index 7f30163..8832094 100644
--- a/tests/phpunit/SQLite/SQLiteSchemaSqlBuilderTest.php
+++ b/tests/phpunit/SQLite/SQLiteSchemaSqlBuilderTest.php
@@ -23,7 +23,12 @@
->method( 'getEscapedValue' )
->will( $this->returnArgument(0) );
- return new SQLiteSchemaSqlBuilder( $mockEscaper );
+ $mockTableNameFormatter = $this->getMock(
'Wikibase\Database\TableNameFormatter' );
+ $mockTableNameFormatter->expects( $this->any() )
+ ->method( 'formatTableName' )
+ ->will( $this->returnArgument(0) );
+
+ return new SQLiteSchemaSqlBuilder( $mockEscaper,
$mockTableNameFormatter );
}
public function testGetAddFieldSql(){
--
To view, visit https://gerrit.wikimedia.org/r/87050
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I3dfb4db365a6f507a9cf8884f2d149ee8a82e628
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/WikibaseDatabase
Gerrit-Branch: master
Gerrit-Owner: Addshore <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
