Fix #18134: Expression as columnName should not be quoted in likeCondition

4 years ago · 1faa45c552
3 changed files with 10 additions and 4 deletions
--- a/framework/CHANGELOG.md
+++ b/framework/CHANGELOG.md
@ -25,6 +25,7 @@ Yii Framework 2 Change Log
 - Enh #15202: Add optional param `--silent-exit-on-exception` in `yii\console\Controller` (egorrishe)
 - Bug #18110: Add quotes to return value of viewName in MSSQL schema. It is `[someView]` now (darkdef)
 - Bug #17985: Convert migrationNamespaces to array if needed (darkdef)
+- Bug #18134: Expression as columnName should not be quoted in likeCondition (darkdef)


 2.0.35 May 02, 2020
--- a/framework/db/conditions/LikeConditionBuilder.php
+++ b/framework/db/conditions/LikeConditionBuilder.php
@ -66,7 +66,9 @@ class LikeConditionBuilder implements ExpressionBuilderInterface
            return $not ? '' : '0=1';
        }

-        if (strpos($column, '(') === false) {
+        if ($column instanceof ExpressionInterface) {
+            $column = $this->queryBuilder->buildExpression($column, $params);
+        } elseif (is_string($column) && strpos($column, '(') === false) {
            $column = $this->queryBuilder->db->quoteColumnName($column);
        }

--- a/tests/framework/db/QueryBuilderTest.php
+++ b/tests/framework/db/QueryBuilderTest.php
@ -1200,7 +1200,7 @@ abstract class QueryBuilderTest extends DatabaseTestCase
                '([[id]], [[name]]) IN ((:qp0, :qp1), (:qp2, :qp3))',
                [':qp0' => 1, ':qp1' => 'oy', ':qp2' => 2, ':qp3' => 'yo'],
            ],
-            
+
            // in object conditions
            [new InCondition('id', 'in', 1), '[[id]]=:qp0', [':qp0' => 1]],
            [new InCondition('id', 'in', [1]), '[[id]]=:qp0', [':qp0' => 1]],
@ -1208,7 +1208,7 @@ abstract class QueryBuilderTest extends DatabaseTestCase
            [new InCondition('id', 'not in', [1]), '[[id]]<>:qp0', [':qp0' => 1]],
            [new InCondition('id', 'in', [1, 2]), '[[id]] IN (:qp0, :qp1)', [':qp0' => 1, ':qp1' => 2]],
            [new InCondition('id', 'not in', [1, 2]), '[[id]] NOT IN (:qp0, :qp1)', [':qp0' => 1, ':qp1' => 2]],
-            
+
            // exists
            [['exists', (new Query())->select('id')->from('users')->where(['active' => 1])], 'EXISTS (SELECT [[id]] FROM [[users]] WHERE [[active]]=:qp0)', [':qp0' => 1]],
            [['not exists', (new Query())->select('id')->from('users')->where(['active' => 1])], 'NOT EXISTS (SELECT [[id]] FROM [[users]] WHERE [[active]]=:qp0)', [':qp0' => 1]],
@ -2480,7 +2480,7 @@ abstract class QueryBuilderTest extends DatabaseTestCase
                '[[location]].[[title_ru]] LIKE :qp0',
                [':qp0' => 'vi%'],
            ],
-            
+
            // like object conditions
            [new LikeCondition('name', 'like', new Expression('CONCAT("test", name, "%")')), '[[name]] LIKE CONCAT("test", name, "%")', []],
            [new LikeCondition('name', 'not like', new Expression('CONCAT("test", name, "%")')), '[[name]] NOT LIKE CONCAT("test", name, "%")', []],
@ -2490,6 +2490,9 @@ abstract class QueryBuilderTest extends DatabaseTestCase
            [new LikeCondition('name', 'not like', [new Expression('CONCAT("test", name, "%")'), '\ab_c']), '[[name]] NOT LIKE CONCAT("test", name, "%") AND [[name]] NOT LIKE :qp0', [':qp0' => '%\\\ab\_c%']],
            [new LikeCondition('name', 'or like', [new Expression('CONCAT("test", name, "%")'), '\ab_c']), '[[name]] LIKE CONCAT("test", name, "%") OR [[name]] LIKE :qp0', [':qp0' => '%\\\ab\_c%']],
            [new LikeCondition('name', 'or not like', [new Expression('CONCAT("test", name, "%")'), '\ab_c']), '[[name]] NOT LIKE CONCAT("test", name, "%") OR [[name]] NOT LIKE :qp0', [':qp0' => '%\\\ab\_c%']],
+
+            // like with expression as columnName
+            [['like', new Expression('name'), 'string'], 'name LIKE :qp0', [':qp0' => "%string%"]],
        ];

        // adjust dbms specific escaping