Page MenuHomePhabricator

D19800.id.diff
No OneTemporary

D19800.id.diff

diff --git a/src/xsprintf/qsprintf.php b/src/xsprintf/qsprintf.php
--- a/src/xsprintf/qsprintf.php
+++ b/src/xsprintf/qsprintf.php
@@ -26,8 +26,10 @@
* Escapes a string for insertion into a pure binary column, ignoring
* tests for characters outside of the basic multilingual plane.
*
- * %C, %LC ("Column")
- * Escapes a column name or a list of column names.
+ * %C, %LC, %LK ("Column", "Key Column")
+ * Escapes a column name or a list of column names. The "%LK" variant
+ * escapes a list of key column specifications which may look like
+ * "column(32)".
*
* %K ("Comment")
* Escapes a comment.
@@ -36,6 +38,9 @@
* Injects a query fragment from a prior call to qsprintf(). The list
* variants join a list of query fragments with AND, OR, comma, or space.
*
+ * %Z ("Raw Query")
+ * Injects a raw, unescaped query fragment. Dangerous!
+ *
* %R ("Database and Table Reference")
* Behaves like "%T.%T" and prints a full reference to a table including
* the database. Accepts a AphrontDatabaseTableRefInterface.
@@ -176,6 +181,27 @@
foreach ($value as $k => $v) {
$value[$k] = $escaper->escapeColumnName($v);
}
+ $value = implode(', ', $value);
+ break;
+ case 'K': // ...key columns.
+ // This is like "%LC", but for escaping column lists passed to key
+ // specifications. These should be escaped as "`column`(123)". For
+ // example:
+ //
+ // ALTER TABLE `x` ADD KEY `y` (`u`(16), `v`(32));
+
+ foreach ($value as $k => $v) {
+ $matches = null;
+ if (preg_match('/\((\d+)\)\z/', $v, $matches)) {
+ $v = substr($v, 0, -(strlen($matches[1]) + 2));
+ $prefix_len = '('.((int)$matches[1]).')';
+ } else {
+ $prefix_len = '';
+ }
+
+ $value[$k] = $escaper->escapeColumnName($v).$prefix_len;
+ }
+
$value = implode(', ', $value);
break;
case 'Q':
@@ -258,6 +284,10 @@
$type = 's';
break;
+ case 'Z': // Raw Query Fragment
+ $type = 's';
+ break;
+
case '~': // Like Substring
case '>': // Like Prefix
case '<': // Like Suffix
@@ -337,6 +367,7 @@
case 'Ld':
case 'Ls':
case 'LC':
+ case 'LK':
case 'LB':
case 'Lf':
case 'LQ':
@@ -412,7 +443,16 @@
}
break;
+ case 'Z':
+ if (!is_string($value)) {
+ throw new AphrontParameterQueryException(
+ $query,
+ pht('Value for "%%Z" conversion should be a raw string.'));
+ }
+ break;
+
case 'LC':
+ case 'LK':
case 'T':
case 'C':
if (!is_string($value)) {

File Metadata

Mime Type
text/plain
Expires
Sun, Nov 24, 5:12 AM (42 m, 5 s)
Storage Engine
blob
Storage Format
Encrypted (AES-256-CBC)
Storage Handle
6781246
Default Alt Text
D19800.id.diff (2 KB)

Event Timeline