Jeroen De Dauw has submitted this change and it was merged.
Change subject: Add escaping for table names
......................................................................
Add escaping for table names
Change-Id: I3dfb4db365a6f507a9cf8884f2d149ee8a82e628
---
M src/MySQL/MySQLSchemaSqlBuilder.php
M src/SQLite/SQLiteSchemaSqlBuilder.php
M tests/phpunit/MySQL/MySQLSchemaSqlBuilderTest.php
M tests/phpunit/SQLite/SQLiteSchemaSqlBuilderTest.php
4 files changed, 24 insertions(+), 10 deletions(-)
Approvals:
Jeroen De Dauw: Looks good to me, approved
jenkins-bot: Verified
diff --git a/src/MySQL/MySQLSchemaSqlBuilder.php
b/src/MySQL/MySQLSchemaSqlBuilder.php
index 17a0389..1299552 100644
--- a/src/MySQL/MySQLSchemaSqlBuilder.php
+++ b/src/MySQL/MySQLSchemaSqlBuilder.php
@@ -5,6 +5,7 @@
use Wikibase\Database\Escaper;
use Wikibase\Database\Schema\Definitions\FieldDefinition;
use Wikibase\Database\Schema\SchemaModificationSqlBuilder;
+use Wikibase\Database\TableNameFormatter;
/**
* MySQL implementation of SchemaModificationSqlBuilder.
@@ -17,12 +18,11 @@
class MySQLSchemaSqlBuilder implements SchemaModificationSqlBuilder {
protected $fieldSqlBuilder;
+ protected $tableNameFormatter;
- /**
- * @param Escaper $fieldValueEscaper
- */
- public function __construct( Escaper $fieldValueEscaper ) {
+ public function __construct( Escaper $fieldValueEscaper,
TableNameFormatter $tableNameFormatter ) {
$this->fieldSqlBuilder = new MySQLFieldSqlBuilder(
$fieldValueEscaper );
+ $this->tableNameFormatter = $tableNameFormatter;
}
/**
@@ -32,6 +32,8 @@
* @return string
*/
public function getRemoveFieldSql( $tableName, $fieldName ) {
+ $tableName = $this->tableNameFormatter->formatTableName(
$tableName );
+ //todo escape $fieldName
return "ALTER TABLE {$tableName} DROP {$fieldName}";
}
@@ -42,6 +44,7 @@
* @return string
*/
public function getAddFieldSql( $tableName, FieldDefinition $field ) {
+ $tableName = $this->tableNameFormatter->formatTableName(
$tableName );
return "ALTER TABLE {$tableName} ADD " .
$this->fieldSqlBuilder->getFieldSQL( $field );
}
diff --git a/src/SQLite/SQLiteSchemaSqlBuilder.php
b/src/SQLite/SQLiteSchemaSqlBuilder.php
index 5b04949..a904b71 100644
--- a/src/SQLite/SQLiteSchemaSqlBuilder.php
+++ b/src/SQLite/SQLiteSchemaSqlBuilder.php
@@ -5,6 +5,7 @@
use Wikibase\Database\Escaper;
use Wikibase\Database\Schema\Definitions\FieldDefinition;
use Wikibase\Database\Schema\SchemaModificationSqlBuilder;
+use Wikibase\Database\TableNameFormatter;
/**
* SQLite implementation of SchemaModificationSqlBuilder.
@@ -17,12 +18,11 @@
class SQLiteSchemaSqlBuilder implements SchemaModificationSqlBuilder {
protected $fieldSqlBuilder;
+ protected $tableNameFormatter;
- /**
- * @param Escaper $fieldValueEscaper
- */
- public function __construct( Escaper $fieldValueEscaper ) {
+ public function __construct( Escaper $fieldValueEscaper,
TableNameFormatter $tableNameFormatter ) {
$this->fieldSqlBuilder = new SQLiteFieldSqlBuilder(
$fieldValueEscaper );
+ $this->tableNameFormatter = $tableNameFormatter;
}
/**
@@ -42,6 +42,7 @@
* @return string
*/
public function getAddFieldSql( $tableName, FieldDefinition $field ) {
+ $tableName = $this->tableNameFormatter->formatTableName(
$tableName );
return "ALTER TABLE {$tableName} ADD COLUMN " .
$this->fieldSqlBuilder->getFieldSQL( $field );
}
diff --git a/tests/phpunit/MySQL/MySQLSchemaSqlBuilderTest.php
b/tests/phpunit/MySQL/MySQLSchemaSqlBuilderTest.php
index 098a50d..1094833 100644
--- a/tests/phpunit/MySQL/MySQLSchemaSqlBuilderTest.php
+++ b/tests/phpunit/MySQL/MySQLSchemaSqlBuilderTest.php
@@ -23,7 +23,12 @@
->method( 'getEscapedValue' )
->will( $this->returnArgument(0) );
- return new MySQLSchemaSqlBuilder( $mockEscaper );
+ $mockTableNameFormatter = $this->getMock(
'Wikibase\Database\TableNameFormatter' );
+ $mockTableNameFormatter->expects( $this->atLeastOnce() )
+ ->method( 'formatTableName' )
+ ->will( $this->returnArgument(0) );
+
+ return new MySQLSchemaSqlBuilder( $mockEscaper,
$mockTableNameFormatter );
}
public function testGetRemoveFieldSql(){
diff --git a/tests/phpunit/SQLite/SQLiteSchemaSqlBuilderTest.php
b/tests/phpunit/SQLite/SQLiteSchemaSqlBuilderTest.php
index 7f30163..eb43f41 100644
--- a/tests/phpunit/SQLite/SQLiteSchemaSqlBuilderTest.php
+++ b/tests/phpunit/SQLite/SQLiteSchemaSqlBuilderTest.php
@@ -23,7 +23,12 @@
->method( 'getEscapedValue' )
->will( $this->returnArgument(0) );
- return new SQLiteSchemaSqlBuilder( $mockEscaper );
+ $mockTableNameFormatter = $this->getMock(
'Wikibase\Database\TableNameFormatter' );
+ $mockTableNameFormatter->expects( $this->atLeastOnce() )
+ ->method( 'formatTableName' )
+ ->will( $this->returnArgument(0) );
+
+ return new SQLiteSchemaSqlBuilder( $mockEscaper,
$mockTableNameFormatter );
}
public function testGetAddFieldSql(){
--
To view, visit https://gerrit.wikimedia.org/r/87050
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I3dfb4db365a6f507a9cf8884f2d149ee8a82e628
Gerrit-PatchSet: 2
Gerrit-Project: mediawiki/extensions/WikibaseDatabase
Gerrit-Branch: master
Gerrit-Owner: Addshore <[email protected]>
Gerrit-Reviewer: Jeroen De Dauw <[email protected]>
Gerrit-Reviewer: jenkins-bot
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
