Skip to content

Commit

Permalink
Merge pull request civicrm#8548 from fuzionnz/CRM-18811
Browse files Browse the repository at this point in the history 
CRM-18811: Permit spaces in table and column aliases.
  • Loading branch information
@eileenmcnaughton
eileenmcnaughton authored Feb 15, 2017
2 parents db26a15 + f9b9aa4 commit 660a598
Show file tree
Hide file tree
Showing 2 changed files with 22 additions and 4 deletions.
13 changes: 9 additions & 4 deletions CRM/Utils/Rule.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -100,10 +100,15 @@ public static function mysqlColumnNameOrAlias($str) {
return FALSE;
}

// Ensure the string contains only valid characters:
// For column names: alphanumeric and underscores
// For aliases: backticks, alphanumeric hyphens and underscores.
if (!preg_match('/^((`[\w-]{1,64}`|[\w-]{1,64})\.)?(`[\w-]{1,64}`|[\w-]{1,64})$/i', $str)) {
// Ensure $str conforms to expected format. Not a complete expression of
// what MySQL permits; this should permit the formats CiviCRM generates.
//
// * Table name prefix is optional.
// * Table & column names & aliases:
// * Composed of alphanumeric chars, underscore and hyphens.
// * Maximum length of 64 chars.
// * Optionally surrounded by backticks, in which case spaces also OK.
if (!preg_match('/^((`[\w- ]{1,64}`|[\w-]{1,64})\.)?(`[\w- ]{1,64}`|[\w-]{1,64})$/i', $str)) {
return FALSE;
}

Expand Down
13 changes: 13 additions & 0 deletions tests/phpunit/CRM/Utils/TypeTest.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,8 @@

/**
* Class CRM_Utils_TypeTest
* @package CiviCRM
* @subpackage CRM_Utils_Type
* @group headless
*/
class CRM_Utils_TypeTest extends CiviUnitTestCase {
Expand Down Expand Up @@ -46,12 +48,23 @@ public function validateDataProvider() {
array('table.`Home-street_address`', 'MysqlColumnNameOrAlias', 'table.`Home-street_address`'),
array('`table-alias`.`Home-street_address`', 'MysqlColumnNameOrAlias', '`table-alias`.`Home-street_address`'),
array('`table-alias`.column', 'MysqlColumnNameOrAlias', '`table-alias`.column'),
// Spaces also permitted, only when enclosed in backticks.
array('`column alias`', 'MysqlColumnNameOrAlias', '`column alias`'),
array('`table alias`.column', 'MysqlColumnNameOrAlias', '`table alias`.column'),
array('`table alias`.`column alias`', 'MysqlColumnNameOrAlias', '`table alias`.`column alias`'),
array('table alias.column alias', 'MysqlColumnNameOrAlias', NULL),
array('table alias.column_alias', 'MysqlColumnNameOrAlias', NULL),
array('table_alias.column alias', 'MysqlColumnNameOrAlias', NULL),
// Functions are not permitted.
array('column_name, sleep(5)', 'MysqlColumnNameOrAlias', NULL),
// Length checking permits only 64 chars.
array(str_repeat('a', 64), 'MysqlColumnNameOrAlias', str_repeat('a', 64)),
array(str_repeat('a', 65), 'MysqlColumnNameOrAlias', NULL),
array(str_repeat('a', 64) . '.' . str_repeat('a', 64), 'MysqlColumnNameOrAlias', str_repeat('a', 64) . '.' . str_repeat('a', 64)),
array('`' . str_repeat('a', 64) . '`.`' . str_repeat('b', 64) . '`', 'MysqlColumnNameOrAlias', '`' . str_repeat('a', 64) . '`.`' . str_repeat('b', 64) . '`'),
array(str_repeat('a', 64) . '.' . str_repeat('a', 65), 'MysqlColumnNameOrAlias', NULL),
array(str_repeat('a', 65) . '.' . str_repeat('a', 64), 'MysqlColumnNameOrAlias', NULL),
// ORDER BY can be ASC or DESC, case not significant.
array('asc', 'MysqlOrderByDirection', 'asc'),
array('DESC', 'MysqlOrderByDirection', 'desc'),
array('DESCc', 'MysqlOrderByDirection', NULL),
Expand Down

0 comments on commit 660a598

Please sign in to comment.