From 1faa45c55268f07ee641adaf99e886ea08f288ea Mon Sep 17 00:00:00 2001 From: DarkDef Date: Fri, 3 Jul 2020 12:27:31 +0300 Subject: [PATCH] Fix #18134: Expression as columnName should not be quoted in likeCondition --- framework/CHANGELOG.md | 1 + framework/db/conditions/LikeConditionBuilder.php | 4 +++- tests/framework/db/QueryBuilderTest.php | 9 ++++++--- 3 files changed, 10 insertions(+), 4 deletions(-) diff --git a/framework/CHANGELOG.md b/framework/CHANGELOG.md index 48b5131..647e69e 100644 --- a/framework/CHANGELOG.md +++ b/framework/CHANGELOG.md @@ -25,6 +25,7 @@ Yii Framework 2 Change Log - Enh #15202: Add optional param `--silent-exit-on-exception` in `yii\console\Controller` (egorrishe) - Bug #18110: Add quotes to return value of viewName in MSSQL schema. It is `[someView]` now (darkdef) - Bug #17985: Convert migrationNamespaces to array if needed (darkdef) +- Bug #18134: Expression as columnName should not be quoted in likeCondition (darkdef) 2.0.35 May 02, 2020 diff --git a/framework/db/conditions/LikeConditionBuilder.php b/framework/db/conditions/LikeConditionBuilder.php index 8071efd..140e3e6 100644 --- a/framework/db/conditions/LikeConditionBuilder.php +++ b/framework/db/conditions/LikeConditionBuilder.php @@ -66,7 +66,9 @@ class LikeConditionBuilder implements ExpressionBuilderInterface return $not ? '' : '0=1'; } - if (strpos($column, '(') === false) { + if ($column instanceof ExpressionInterface) { + $column = $this->queryBuilder->buildExpression($column, $params); + } elseif (is_string($column) && strpos($column, '(') === false) { $column = $this->queryBuilder->db->quoteColumnName($column); } diff --git a/tests/framework/db/QueryBuilderTest.php b/tests/framework/db/QueryBuilderTest.php index f578388..354bf6d 100644 --- a/tests/framework/db/QueryBuilderTest.php +++ b/tests/framework/db/QueryBuilderTest.php @@ -1200,7 +1200,7 @@ abstract class QueryBuilderTest extends DatabaseTestCase '([[id]], [[name]]) IN ((:qp0, :qp1), (:qp2, :qp3))', [':qp0' => 1, ':qp1' => 'oy', ':qp2' => 2, ':qp3' => 'yo'], ], - + // in object conditions [new InCondition('id', 'in', 1), '[[id]]=:qp0', [':qp0' => 1]], [new InCondition('id', 'in', [1]), '[[id]]=:qp0', [':qp0' => 1]], @@ -1208,7 +1208,7 @@ abstract class QueryBuilderTest extends DatabaseTestCase [new InCondition('id', 'not in', [1]), '[[id]]<>:qp0', [':qp0' => 1]], [new InCondition('id', 'in', [1, 2]), '[[id]] IN (:qp0, :qp1)', [':qp0' => 1, ':qp1' => 2]], [new InCondition('id', 'not in', [1, 2]), '[[id]] NOT IN (:qp0, :qp1)', [':qp0' => 1, ':qp1' => 2]], - + // exists [['exists', (new Query())->select('id')->from('users')->where(['active' => 1])], 'EXISTS (SELECT [[id]] FROM [[users]] WHERE [[active]]=:qp0)', [':qp0' => 1]], [['not exists', (new Query())->select('id')->from('users')->where(['active' => 1])], 'NOT EXISTS (SELECT [[id]] FROM [[users]] WHERE [[active]]=:qp0)', [':qp0' => 1]], @@ -2480,7 +2480,7 @@ abstract class QueryBuilderTest extends DatabaseTestCase '[[location]].[[title_ru]] LIKE :qp0', [':qp0' => 'vi%'], ], - + // like object conditions [new LikeCondition('name', 'like', new Expression('CONCAT("test", name, "%")')), '[[name]] LIKE CONCAT("test", name, "%")', []], [new LikeCondition('name', 'not like', new Expression('CONCAT("test", name, "%")')), '[[name]] NOT LIKE CONCAT("test", name, "%")', []], @@ -2490,6 +2490,9 @@ abstract class QueryBuilderTest extends DatabaseTestCase [new LikeCondition('name', 'not like', [new Expression('CONCAT("test", name, "%")'), '\ab_c']), '[[name]] NOT LIKE CONCAT("test", name, "%") AND [[name]] NOT LIKE :qp0', [':qp0' => '%\\\ab\_c%']], [new LikeCondition('name', 'or like', [new Expression('CONCAT("test", name, "%")'), '\ab_c']), '[[name]] LIKE CONCAT("test", name, "%") OR [[name]] LIKE :qp0', [':qp0' => '%\\\ab\_c%']], [new LikeCondition('name', 'or not like', [new Expression('CONCAT("test", name, "%")'), '\ab_c']), '[[name]] NOT LIKE CONCAT("test", name, "%") OR [[name]] NOT LIKE :qp0', [':qp0' => '%\\\ab\_c%']], + + // like with expression as columnName + [['like', new Expression('name'), 'string'], 'name LIKE :qp0', [':qp0' => "%string%"]], ]; // adjust dbms specific escaping