Skip to content

Commit

Permalink
Correctly escape single quotes in json paths
Browse files Browse the repository at this point in the history
  • Loading branch information
@brendt
brendt committed Apr 10, 2019
1 parent e62dff8 commit be1896c
Show file tree
Hide file tree
Showing 2 changed files with 21 additions and 0 deletions.
2 changes: 2 additions & 0 deletions src/Illuminate/Database/Query/Grammars/Grammar.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1119,6 +1119,8 @@ protected function wrapJsonFieldAndPath($column)
*/
protected function wrapJsonPath($value, $delimiter = '->')
{
$value = preg_replace("/([\\\\]+)?\\'/", "\\'", $value);

return '\'$."'.str_replace($delimiter, '"."', $value).'"\'';
}

Expand Down
19 changes: 19 additions & 0 deletions tests/Database/DatabaseQueryBuilderTest.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2252,6 +2252,25 @@ public function testMySqlWrappingJsonWithBooleanAndIntegerThatLooksLikeOne()
$this->assertEquals('select * from `users` where json_extract(`items`, \'$."available"\') = true and json_extract(`items`, \'$."active"\') = false and json_unquote(json_extract(`items`, \'$."number_available"\')) = ?', $builder->toSql());
}

public function testJsonPathEscaping()
{
$expectedJsonEscape = <<<SQL
select json_unquote(json_extract(`json`, '$."\'))#"'))
SQL;

$builder = $this->getMySqlBuilder();
$builder->select("json->'))#");
$this->assertEquals($expectedJsonEscape, $builder->toSql());

$builder = $this->getMySqlBuilder();
$builder->select("json->\'))#");
$this->assertEquals($expectedJsonEscape, $builder->toSql());

$builder = $this->getMySqlBuilder();
$builder->select("json->\\\'))#");
$this->assertEquals($expectedJsonEscape, $builder->toSql());
}

public function testMySqlWrappingJson()
{
$builder = $this->getMySqlBuilder();
Expand Down

0 comments on commit be1896c

Please sign in to comment.