BUGFIX More solid string-parsing through regular expressions in SQLQuery->filtersOnID() and SQLQuery->filtersOnFK(), incl. unit tests

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@69951 467b73ca-7a2a-4603-9d3b-597d59a354a9
2024-10-22 12:05:37 +00:00 · 2009-01-10 02:33:42 +00:00 · 2009-01-10 02:33:42 +00:00 · fb113e589e
commit fb113e589e
parent 48a9a5c0ba
2 changed files with 93 additions and 4 deletions
--- a/core/model/SQLQuery.php
+++ b/core/model/SQLQuery.php
@ -428,23 +428,30 @@ class SQLQuery extends Object {
 	
 	/**
 	 * Checks whether this query is for a specific ID in a table
+	 * 
+	 * @todo Doesn't work with combined statements (e.g. "Foo='bar' AND ID=5")
 	 *
 	 * @return boolean
 	 */
 	function filtersOnID() {
-		return ($this->where && count($this->where) == 1 && 
-			(strpos($this->where[0], ".`ID` = ") || strpos($this->where[0], ".ID = ") || strpos($this->where[0], "ID = ") )
+		return (
+			$this->where 
+			&& count($this->where) == 1  
+			&& preg_match('/^(.*\.)?("|`)?ID("|`)?\s?=/', $this->where[0])
 		);
 	}
 	
 	/**
 	 * Checks whether this query is filtering on a foreign key, ie finding a has_many relationship
+	 * 
+	 * @todo Doesn't work with combined statements (e.g. "Foo='bar' AND ParentID=5")
 	 *
 	 * @return boolean
 	 */
 	function filtersOnFK() { 
-		return ($this->where &&
-		(strpos($this->where[0], "ID` = ") || (strpos($this->where[0], "ID = ") > 0))
+		return (
+			$this->where
+			&& preg_match('/^(.*\.)?("|`)?[a-zA-Z]+ID("|`)?\s?=/', $this->where[0])
 		);
 	}
 	
--- a/tests/SQLQueryTest.php
+++ b/tests/SQLQueryTest.php
@ -112,6 +112,88 @@ class SQLQueryTest extends SapphireTest {
 	function testSelectWithComplexOrderbyClause() {
 		// @todo Test "ORDER BY RANDOM() ASC,MyName DESC" etc.
 	}
+	
+	function testFiltersOnID() {
+		$query = new SQLQuery();
+		$query->where[] = "ID = 5";
+		$this->assertTrue(
+			$query->filtersOnID(),
+			"filtersOnID() is true with simple unquoted column name"
+		);
+		
+		$query = new SQLQuery();
+		$query->where[] = "ID=5";
+		$this->assertTrue(
+			$query->filtersOnID(),
+			"filtersOnID() is true with simple unquoted column name and no spaces in equals sign"
+		);
+		/*
+		$query = new SQLQuery();
+		$query->where[] = "Foo='Bar' AND ID=5";
+		$this->assertTrue(
+			$query->filtersOnID(),
+			"filtersOnID() is true with combined SQL statements"
+		);
+		*/
+		
+		$query = new SQLQuery();
+		$query->where[] = "Identifier = 5";
+		$this->assertFalse(
+			$query->filtersOnID(),
+			"filtersOnID() is false with custom column name (starting with 'id')"
+		);
+		
+		$query = new SQLQuery();
+		$query->where[] = "ParentID = 5";
+		$this->assertFalse(
+			$query->filtersOnID(),
+			"filtersOnID() is false with column name ending in 'ID'"
+		);
+		
+		$query = new SQLQuery();
+		$query->where[] = "MyTable.ID = 5";
+		$this->assertTrue(
+			$query->filtersOnID(),
+			"filtersOnID() is true with table and column name"
+		);
+		
+		$query = new SQLQuery();
+		$query->where[] = "MyTable.`ID`= 5";
+		$this->assertTrue(
+			$query->filtersOnID(),
+			"filtersOnID() is true with table and quoted column name "
+		);
+	}
+	
+	function testFiltersOnFK() {
+		$query = new SQLQuery();
+		$query->where[] = "ID = 5";
+		$this->assertFalse(
+			$query->filtersOnFK(),
+			"filtersOnFK() is true with simple unquoted column name"
+		);
+		
+		$query = new SQLQuery();
+		$query->where[] = "Identifier = 5";
+		$this->assertFalse(
+			$query->filtersOnFK(),
+			"filtersOnFK() is false with custom column name (starting with 'id')"
+		);
+		
+		$query = new SQLQuery();
+		$query->where[] = "MyTable.ParentID = 5";
+		$this->assertTrue(
+			$query->filtersOnFK(),
+			"filtersOnFK() is true with table and column name"
+		);
+		
+		$query = new SQLQuery();
+		$query->where[] = "MyTable.`ParentID`= 5";
+		$this->assertTrue(
+			$query->filtersOnFK(),
+			"filtersOnFK() is true with table and quoted column name "
+		);
+	}
 }

 class SQLQueryTest_DO extends DataObject implements TestOnly {