php/yii2
1
0
Fork 0
mirror of https://github.com/yiisoft/yii2.git synced 2025-11-10 02:13:17 +08:00
Code Issues Packages Projects Releases Wiki Activity

Escaping of the special characters at 'MATCH' statement added

Browse Source
This commit is contained in:
Klimov Paul
2014-06-03 13:47:15 +03:00
parent 092ca93a3c
commit 3f001aeed0
5 changed files with 60 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
extensions/sphinx/CHANGELOG.md
View File

@ -4,6 +4,7 @@ Yii Framework 2 sphinx extension Change Log
2.0.0-rc under development
--------------------------
- Bug #3668: Escaping of the special characters at 'MATCH' statement added (klimov-paul)
- Enh: Added support for using sub-queries when building a DB query with `IN` condition (qiangxue)

15
extensions/sphinx/Connection.php
View File

@ -128,4 +128,19 @@ class Connection extends \yii\db\Connection
{
throw new NotSupportedException('"' . __METHOD__ . '" is not supported.');
}
/**
* Escapes all special characters from 'MATCH' statement argument.
* Make sure you are using this method whenever composing 'MATCH' search statement.
* @param string $str string to be escaped.
* @return string the properly escaped string.
*/
public function escapeMatchValue($str)
{
return str_replace(
['/', '"', "'", '(', ')', '|', '-', '!', '@', '~', '&', '^', '$', '=', "\x00", "\n", "\r", "\x1a"],
['\\/', '\\"', "\\'", '\\(', '\\)', '\\|', '\\-', '\\!', '\\@', '\\~', '\\&', '\\^', '\\$', '\\=', "\\x00", "\\n", "\\r", "\\x1a"],
$str
);
}
}

7
extensions/sphinx/Query.php
View File

@ -72,8 +72,10 @@ class Query extends Component implements QueryInterface
*/
public $from;
/**
* @var string text, which should be searched in fulltext mode.
* @var string|Expression text, which should be searched in fulltext mode.
* This value will be composed into MATCH operator inside the WHERE clause.
* Note: this value will be processed by [[Connection::escapeMatchValue()]],
* if you need to compose complex match condition use [[Expression]].
*/
public $match;
/**
@ -381,13 +383,14 @@ class Query extends Component implements QueryInterface
/**
* Sets the fulltext query text. This text will be composed into
* MATCH operator inside the WHERE clause.
* Note: this value will be processed by [[Connection::escapeMatchValue()]],
* if you need to compose complex match condition use [[Expression]].
* @param string $query fulltext query text.
* @return static the query object itself
*/
public function match($query)
{
$this->match = $query;
return $this;
}

11
extensions/sphinx/QueryBuilder.php
View File

@ -63,9 +63,14 @@ class QueryBuilder extends Object
$params = empty($params) ? $query->params : array_merge($params, $query->params);
if ($query->match !== null) {
$phName = self::PARAM_PREFIX . count($params);
$params[$phName] = (string) $query->match;
$query->andWhere('MATCH(' . $phName . ')');
if ($query->match instanceof Expression) {
$query->andWhere('MATCH(' . $query->match->expression . ')');
$params = array_merge($query->match->params);
} else {
$phName = self::PARAM_PREFIX . count($params);
$params[$phName] = $this->db->escapeMatchValue($query->match);
$query->andWhere('MATCH(' . $phName . ')');
}
}
$from = $query->from;

31
tests/unit/extensions/sphinx/QueryTest.php
View File

@ -253,4 +253,35 @@ class QueryTest extends SphinxTestCase
->count('*', $connection);
$this->assertEquals(2, $count);
}
/**
* @depends testRun
*/
public function testWhereQuotedValue()
{
$connection = $this->getConnection();
$query = new Query;
$rows = $query->from('yii2_test_article_index')
->andWhere(['author_id' => 'some"'])
//->match('about"')
->all($connection);
$this->assertEmpty($rows);
}
/**
* @depends testRun
*
* @see https://github.com/yiisoft/yii2/issues/3668
*/
public function testMatchSpecialCharValue()
{
$connection = $this->getConnection();
$query = new Query;
$rows = $query->from('yii2_test_article_index')
->match('about"@^')
->all($connection);
$this->assertNotEmpty($rows);
}
}