Merge pull request zendframework#441 from Mayflower/nested-sql-functions

froschdesign · froschdesign · commit e78669d5a58c · 2015-01-05T14:24:02.000+01:00
Loosen regex to allow nested function calls in SQL
diff --git a/library/Zend/Db/Select.php b/library/Zend/Db/Select.php
@@ -509,7 +509,7 @@ public function group($spec)
         }
 
         foreach ($spec as $val) {
-            if (preg_match('/^[\w]*\([^\)]*\)$/', (string) $val)) {
+            if (preg_match('/^([\w]*\(([^\)]|(?1))*\))$/', (string) $val)) {
                 $val = new Zend_Db_Expr($val);
             }
             $this->_parts[self::GROUP][] = $val;
@@ -601,7 +601,7 @@ public function order($spec)
                     $val = trim($matches[1]);
                     $direction = $matches[2];
                 }
-                if (preg_match('/^[\w]*\([^\)]*\)$/', $val)) {
+                if (preg_match('/^([\w]*\(([^\)]|(?1))*\))$/', (string) $val)) {
                     $val = new Zend_Db_Expr($val);
                 }
                 $this->_parts[self::ORDER][] = array($val, $direction);
@@ -943,7 +943,7 @@ protected function _tableCols($correlationName, $cols, $afterCorrelationName = n
                     $alias = $m[2];
                 }
                 // Check for columns that look like functions and convert to Zend_Db_Expr
-                if (preg_match('/^[\w]*\([^\)]*\)$/', $col)) {
+                if (preg_match('/^([\w]*\(([^\)]|(?1))*\))$/', (string) $col)) {
                     $col = new Zend_Db_Expr($col);
                 } elseif (preg_match('/(.+)\.(.+)/', $col, $m)) {
                     $currentCorrelationName = $m[1];
diff --git a/tests/Zend/Db/Select/StaticTest.php b/tests/Zend/Db/Select/StaticTest.php
@@ -854,6 +854,26 @@ public function testSqlInjectionInColumn()
         $this->assertEquals('SELECT "p"."MD5(1); drop table products; -- )" FROM "products" AS "p"', $select->assemble());
     }
 
+    public function testIfInColumn()
+    {
+        $select = $this->_db->select();
+        $select->from('table1', '*');
+        $select->join(array('table2'),
+                      'table1.id = table2.id',
+                      array('bar' => 'IF(table2.id IS NOT NULL, 1, 0)'));
+        $this->assertEquals("SELECT \"table1\".*, IF(table2.id IS NOT NULL, 1, 0) AS \"bar\" FROM \"table1\"\n INNER JOIN \"table2\" ON table1.id = table2.id", $select->assemble());
+    }
+
+    public function testNestedIfInColumn()
+    {
+        $select = $this->_db->select();
+        $select->from('table1', '*');
+        $select->join(array('table2'),
+            'table1.id = table2.id',
+            array('bar' => 'IF(table2.id IS NOT NULL, IF(table2.id2 IS NOT NULL, 1, 2), 0)'));
+        $this->assertEquals("SELECT \"table1\".*, IF(table2.id IS NOT NULL, IF(table2.id2 IS NOT NULL, 1, 2), 0) AS \"bar\" FROM \"table1\"\n INNER JOIN \"table2\" ON table1.id = table2.id", $select->assemble());
+    }
+
     /**
      * @group ZF-378
      */

Original file line number	Diff line number	Diff line change
`@@ -509,7 +509,7 @@ public function group($spec)`
`509`	`509`	`}`
`510`	`510`
`511`	`511`	`foreach ($spec as $val) {`
`512`		`- if (preg_match('/^[\w]\([^\)]\)$/', (string) $val)) {`
	`512`	`+ if (preg_match('/^([\w]\(([^\)]\|(?1))\))$/', (string) $val)) {`
`513`	`513`	`$val = new Zend_Db_Expr($val);`
`514`	`514`	`}`
`515`	`515`	`$this->_parts[self::GROUP][] = $val;`
`@@ -601,7 +601,7 @@ public function order($spec)`
`601`	`601`	`$val = trim($matches[1]);`
`602`	`602`	`$direction = $matches[2];`
`603`	`603`	`}`
`604`		`- if (preg_match('/^[\w]\([^\)]\)$/', $val)) {`
	`604`	`+ if (preg_match('/^([\w]\(([^\)]\|(?1))\))$/', (string) $val)) {`
`605`	`605`	`$val = new Zend_Db_Expr($val);`
`606`	`606`	`}`
`607`	`607`	`$this->_parts[self::ORDER][] = array($val, $direction);`
`@@ -943,7 +943,7 @@ protected function _tableCols($correlationName, $cols, $afterCorrelationName = n`
`943`	`943`	`$alias = $m[2];`
`944`	`944`	`}`
`945`	`945`	`// Check for columns that look like functions and convert to Zend_Db_Expr`
`946`		`- if (preg_match('/^[\w]\([^\)]\)$/', $col)) {`
	`946`	`+ if (preg_match('/^([\w]\(([^\)]\|(?1))\))$/', (string) $col)) {`
`947`	`947`	`$col = new Zend_Db_Expr($col);`
`948`	`948`	`} elseif (preg_match('/(.+)\.(.+)/', $col, $m)) {`
`949`	`949`	`$currentCorrelationName = $m[1];`