Commit 9fa77931 by Marcus Efraimsson Committed by GitHub

Merge pull request #12791 from eMerzh/fix_quote

fix custom variable quoting in sql* query interpolations
parents 9d374377 bb7e5838
...@@ -16,7 +16,7 @@ export class MssqlDatasource { ...@@ -16,7 +16,7 @@ export class MssqlDatasource {
interpolateVariable(value, variable) { interpolateVariable(value, variable) {
if (typeof value === 'string') { if (typeof value === 'string') {
if (variable.multi || variable.includeAll) { if (variable.multi || variable.includeAll) {
return "'" + value + "'"; return "'" + value.replace(/'/g, `''`) + "'";
} else { } else {
return value; return value;
} }
...@@ -31,7 +31,7 @@ export class MssqlDatasource { ...@@ -31,7 +31,7 @@ export class MssqlDatasource {
return value; return value;
} }
return "'" + val + "'"; return "'" + val.replace(/'/g, `''`) + "'";
}); });
return quotedValues.join(','); return quotedValues.join(',');
} }
......
...@@ -218,6 +218,13 @@ describe('MSSQLDatasource', function() { ...@@ -218,6 +218,13 @@ describe('MSSQLDatasource', function() {
}); });
}); });
describe('and variable contains single quote', () => {
it('should return a quoted value', () => {
ctx.variable.multi = true;
expect(ctx.ds.interpolateVariable("a'bc", ctx.variable)).toEqual("'a''bc'");
});
});
describe('and variable allows all and value is a string', () => { describe('and variable allows all and value is a string', () => {
it('should return a quoted value', () => { it('should return a quoted value', () => {
ctx.variable.includeAll = true; ctx.variable.includeAll = true;
......
...@@ -16,7 +16,7 @@ export class MysqlDatasource { ...@@ -16,7 +16,7 @@ export class MysqlDatasource {
interpolateVariable(value, variable) { interpolateVariable(value, variable) {
if (typeof value === 'string') { if (typeof value === 'string') {
if (variable.multi || variable.includeAll) { if (variable.multi || variable.includeAll) {
return "'" + value + "'"; return "'" + value.replace(/'/g, `''`) + "'";
} else { } else {
return value; return value;
} }
...@@ -31,7 +31,7 @@ export class MysqlDatasource { ...@@ -31,7 +31,7 @@ export class MysqlDatasource {
return value; return value;
} }
return "'" + val + "'"; return "'" + val.replace(/'/g, `''`) + "'";
}); });
return quotedValues.join(','); return quotedValues.join(',');
} }
......
...@@ -214,6 +214,13 @@ describe('MySQLDatasource', function() { ...@@ -214,6 +214,13 @@ describe('MySQLDatasource', function() {
}); });
}); });
describe('and variable contains single quote', () => {
it('should return a quoted value', () => {
ctx.variable.multi = true;
expect(ctx.ds.interpolateVariable("a'bc", ctx.variable)).toEqual("'a''bc'");
});
});
describe('and variable allows all and value is a string', () => { describe('and variable allows all and value is a string', () => {
it('should return a quoted value', () => { it('should return a quoted value', () => {
ctx.variable.includeAll = true; ctx.variable.includeAll = true;
......
...@@ -16,7 +16,7 @@ export class PostgresDatasource { ...@@ -16,7 +16,7 @@ export class PostgresDatasource {
interpolateVariable(value, variable) { interpolateVariable(value, variable) {
if (typeof value === 'string') { if (typeof value === 'string') {
if (variable.multi || variable.includeAll) { if (variable.multi || variable.includeAll) {
return "'" + value + "'"; return "'" + value.replace(/'/g, `''`) + "'";
} else { } else {
return value; return value;
} }
...@@ -27,7 +27,7 @@ export class PostgresDatasource { ...@@ -27,7 +27,7 @@ export class PostgresDatasource {
} }
var quotedValues = _.map(value, function(val) { var quotedValues = _.map(value, function(val) {
return "'" + val + "'"; return "'" + val.replace(/'/g, `''`) + "'";
}); });
return quotedValues.join(','); return quotedValues.join(',');
} }
......
...@@ -215,6 +215,13 @@ describe('PostgreSQLDatasource', function() { ...@@ -215,6 +215,13 @@ describe('PostgreSQLDatasource', function() {
}); });
}); });
describe('and variable contains single quote', () => {
it('should return a quoted value', () => {
ctx.variable.multi = true;
expect(ctx.ds.interpolateVariable("a'bc", ctx.variable)).toEqual("'a''bc'");
});
});
describe('and variable allows all and is a string', () => { describe('and variable allows all and is a string', () => {
it('should return a quoted value', () => { it('should return a quoted value', () => {
ctx.variable.includeAll = true; ctx.variable.includeAll = true;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment