You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@cassandra.apache.org by "Sina Siadat (Jira)" <ji...@apache.org> on 2022/01/06 23:58:00 UTC

[jira] [Comment Edited] (CASSANDRA-17238) Constants$Literal.getText does not escape ' chars

    [ https://issues.apache.org/jira/browse/CASSANDRA-17238?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17469431#comment-17469431 ] 

Sina Siadat edited comment on CASSANDRA-17238 at 1/6/22, 11:57 PM:
-------------------------------------------------------------------

Yes, CQL keywords wouldn't need this kind of protection, but the problem here is for getText when type is Type.STRING. Is it ever used with inputs of that type? If so and if I'm not mistaken, getText for this CQL string:
{code:java}
'this is a ''quoted'' word'
{code}
would return
{code:java}
'this is a 'quoted' word'
{code}
which is probably an incorrect representation of the CQL string.


was (Author: JIRAUSER283097):
Yes, CQL keywords wouldn't need this kind of protection, but the problem here is for getText when type is Type.STRING. So, getText for this CQL string:
{code}
'this is a ''quoted'' word'
{code}
would return
{code}
'this is a 'quoted' word'
{code}
which is an incorrect representation of the CQL string.

> Constants$Literal.getText does not escape ' chars
> -------------------------------------------------
>
>                 Key: CASSANDRA-17238
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-17238
>             Project: Cassandra
>          Issue Type: Bug
>            Reporter: Sina Siadat
>            Priority: Normal
>
> The [current implementation|https://sourcegraph.com/github.com/apache/cassandra@b83d722b99de79d131f58512564b901b11907182/-/blob/src/java/org/apache/cassandra/cql3/Constants.java?L358-361] is only adding single quotes around the text:
> {code:java}
> public String getText()
> {
>     return type == Type.STRING ? String.format("'%s'", text) : text;
> }
> {code}
> So, getText for this string:
> {code}
> 'this is a ''quoted'' word'
> {code}
> would return
> {code}
> 'this is a 'quoted' word'
> {code}
> Something like this is necessary:
> {code:java}
> public String getText()
> {
>     return type == Type.STRING ? String.format("'%s'", StringUtils.replace(text, "'", "''")) : text;
> }
> {code}



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org