Fix MSSQL escaping #3382
Merged
Fix MSSQL escaping #3382
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
kibertoad
commented
Aug 4, 2019
| @@ -207,7 +207,15 @@ Object.assign(Client_MSSQL.prototype, { | |||
| }, | |||
|
|
|||
| wrapIdentifierImpl(value) { | |||
| return value !== '*' ? `[${value.replace(/\[/g, '[')}]` : '*'; | |||
There was a problem hiding this comment.
.replace(/\[/g, '[')}] path was removed because it doesn't seem to do anything. Please correct me if that's wrong.
elhigu
reviewed
Aug 16, 2019
test/unit/dialects/mssql.js
Outdated
| .toSQL(); | ||
| console.log(sql); | ||
| expect(sql.sql).to.equal( | ||
| 'select * from [projects] where "id] = 1 UNION SELECT 1, @@version -- --" = ?' |
There was a problem hiding this comment.
I would like this to be verified with integration test + to test identifier that has both " and [] chars in it.
There was a problem hiding this comment.
(I had no idea that mssql supports " quoting for identifiers.)
There was a problem hiding this comment.
[] are illegal symbols as per MSSQL documentation, apparently, so we don't need to test that. As advised by snyk people, I replaced our escaping logic with the one that sequelize uses, which removes [] in the first place.
And MSSQL does not support arrays.
…tgriesser/knex into fix/mssql-escape � Conflicts: � CHANGELOG.md � package.json
This was referenced Mar 15, 2021
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.