Skip to content

Commit

Permalink
Fix simulating query with -- comment
Browse files Browse the repository at this point in the history
Signed-off-by: Maximilian Krög <maxi_kroeg@web.de>
  • Loading branch information
MoonE committed May 31, 2024
1 parent 1d378bb commit 78c7dbd
Show file tree
Hide file tree
Showing 3 changed files with 101 additions and 39 deletions.
56 changes: 37 additions & 19 deletions libraries/classes/Controllers/Import/SimulateDmlController.php
Original file line number Diff line number Diff line change
Expand Up @@ -12,18 +12,24 @@
use PhpMyAdmin\SqlParser\Parser;
use PhpMyAdmin\SqlParser\Statements\DeleteStatement;
use PhpMyAdmin\SqlParser\Statements\UpdateStatement;
use PhpMyAdmin\SqlParser\Token;
use PhpMyAdmin\SqlParser\TokensList;
use PhpMyAdmin\SqlParser\Utils\Query;
use PhpMyAdmin\Template;

use function __;
use function array_filter;
use function array_values;
use function count;
use function explode;

final class SimulateDmlController extends AbstractController
{
/** @var SimulateDml */
private $simulateDml;

private string $error = '';
private array $data = [];

public function __construct(
ResponseRenderer $response,
Template $template,
Expand All @@ -35,42 +41,54 @@ public function __construct(

public function __invoke(): void
{
$error = '';
/** @var string $sqlDelimiter */
$sqlDelimiter = $_POST['sql_delimiter'];
$sqlData = [];
$lexer = new Lexer($GLOBALS['sql_query'], false, $sqlDelimiter);
$parser = new Parser($lexer->list);

$parser = $this->createParser($GLOBALS['sql_query'], $sqlDelimiter);
$this->process($parser);

if ($this->error) {
$this->response->addJSON('message', Message::rawError($this->error));
$this->response->addJSON('sql_data', false);

return;
}

$this->response->addJSON('sql_data', $this->data);
}

private function createParser(string $query, string $delimiter): Parser
{
$lexer = new Lexer($query, false, $delimiter);
$list = new TokensList(array_values(array_filter(
$lexer->list->tokens,
static fn ($token) => $token->type !== Token::TYPE_COMMENT

Check failure on line 65 in libraries/classes/Controllers/Import/SimulateDmlController.php

View workflow job for this annotation

GitHub Actions / analyse-php (7.2)

Syntax error, unexpected T_DOUBLE_ARROW on line 65

Check failure on line 65 in libraries/classes/Controllers/Import/SimulateDmlController.php

View workflow job for this annotation

GitHub Actions / analyse-php (7.2)

Syntax error, unexpected T_STRING, expecting T_PAAMAYIM_NEKUDOTAYIM on line 65
)));

Check failure on line 66 in libraries/classes/Controllers/Import/SimulateDmlController.php

View workflow job for this annotation

GitHub Actions / analyse-php (7.2)

Syntax error, unexpected ')' on line 66

return new Parser($list);
}

private function process(Parser $parser): void
{
foreach ($parser->statements as $statement) {
if (
! $statement instanceof UpdateStatement && ! $statement instanceof DeleteStatement
|| ! empty($statement->join)
|| count(Query::getTables($statement)) > 1
) {
$error = __('Only single-table UPDATE and DELETE queries can be simulated.');
$this->error = __('Only single-table UPDATE and DELETE queries can be simulated.');
break;
}

// Get the matched rows for the query.
$result = $this->simulateDml->getMatchedRows($parser, $statement);
$error = $this->simulateDml->getError();
$this->error = $this->simulateDml->getError();

if ($error !== '') {
if ($this->error !== '') {
break;
}

$sqlData[] = $result;
}

if ($error) {
$message = Message::rawError($error);
$this->response->addJSON('message', $message);
$this->response->addJSON('sql_data', false);

return;
$this->data[] = $result;
}

$this->response->addJSON('sql_data', $sqlData);
}
}
16 changes: 16 additions & 0 deletions test/classes/AbstractTestCase.php
Original file line number Diff line number Diff line change
Expand Up @@ -309,4 +309,20 @@ protected function callFunction($object, string $className, string $methodName,

return $method->invokeArgs($object, $params);
}

/**
* Get a private or protected property via reflection.
*
* @param object|null $object The object to inspect, pass null for static objects()
* @param string $className The class name
* @param string $propertyName The method name
* @phpstan-param class-string $className
*/
protected function getProperty(object|null $object, string $className, string $propertyName): mixed
{
$class = new ReflectionClass($className);
$property = $class->getProperty($propertyName);

return $property->getValue($object);
}
}
68 changes: 48 additions & 20 deletions test/classes/Import/SimulateDmlTest.php
Original file line number Diff line number Diff line change
Expand Up @@ -4,13 +4,15 @@

namespace PhpMyAdmin\Tests\Import;

use PhpMyAdmin\Controllers\Import\SimulateDmlController;
use PhpMyAdmin\Core;
use PhpMyAdmin\Html\Generator;
use PhpMyAdmin\Import\SimulateDml;
use PhpMyAdmin\SqlParser\Parser;
use PhpMyAdmin\SqlParser\Statements\DeleteStatement;
use PhpMyAdmin\SqlParser\Statements\UpdateStatement;
use PhpMyAdmin\Template;
use PhpMyAdmin\Tests\AbstractTestCase;
use PhpMyAdmin\Tests\Stubs\ResponseRenderer;
use PhpMyAdmin\Url;

use function count;
Expand All @@ -34,31 +36,44 @@ class SimulateDmlTest extends AbstractTestCase
public function testGetMatchedRows(string $sqlQuery, array $expectedPerQuery): void
{
$GLOBALS['db'] = 'PMA';
$object = new SimulateDml($this->dbi);
$parser = new Parser($sqlQuery);

$this->assertCount(count($expectedPerQuery), $parser->statements);
/** @var DeleteStatement|UpdateStatement $statement */
foreach ($parser->statements as $idx => $statement) {
$expected = $expectedPerQuery[$idx];

foreach ($expectedPerQuery as $expected) {
$this->dummyDbi->addSelectDb('PMA');
$this->dummyDbi->addResult($expected['simulated'], $expected['result'], $expected['columns']);
$simulatedData = $object->getMatchedRows($parser, $statement);
}

$controller = new SimulateDmlController(
new ResponseRenderer(),
new Template(),
new SimulateDml($this->dbi),
);
$parser = $this->callFunction($controller, SimulateDmlController::class, 'createParser', [$sqlQuery, ';']);
$this->assertCount(count($expectedPerQuery), $parser->statements);

$matchedRowsUrl = Url::getFromRoute('/sql', [
'db' => 'PMA',
'sql_query' => $expected['simulated'],
'sql_signature' => Core::signSqlQuery($expected['simulated']),
]);
$this->callFunction($controller, SimulateDmlController::class, 'process', [$parser]);

$this->assertAllSelectsConsumed();
$this->assertAllQueriesConsumed();
$this->assertEquals([
$this->assertAllSelectsConsumed();
$this->assertAllQueriesConsumed();

$error = $this->getProperty($controller, SimulateDmlController::class, 'error');
$this->assertSame('', $error);

$result = $this->getProperty($controller, SimulateDmlController::class, 'data');

foreach ($expectedPerQuery as $idx => $expectedData) {
/** @var DeleteStatement|UpdateStatement $statement */
$statement = $parser->statements[$idx];
$expected = [
'sql_query' => Generator::formatSql($statement->build()),
'matched_rows' => count($expected['result']),
'matched_rows_url' => $matchedRowsUrl,
], $simulatedData);
'matched_rows' => count($expectedData['result']),
'matched_rows_url' => Url::getFromRoute('/sql', [
'db' => 'PMA',
'sql_query' => $expectedData['simulated'],
'sql_signature' => Core::signSqlQuery($expectedData['simulated']),
]),
];

$this->assertEquals($expected, $result[$idx]);
}
}

Expand Down Expand Up @@ -235,6 +250,19 @@ public function providerForTestGetMatchedRows(): array
],
],
],
'statement with comment' => [
"UPDATE `t` SET `a` = 20 -- oops\nWHERE 0",
[
[
'simulated' =>
'SELECT *' .
' FROM (SELECT *, 20 AS `a ``new``` FROM `t` WHERE 0) AS `pma_tmp`' .
' WHERE NOT (`a`) <=> (`a ``new```)',
'columns' => ['id', 'a', 'b', 'a `new`'],
'result' => [],
],
],
],
];
}
}

0 comments on commit 78c7dbd

Please sign in to comment.