backport: [10.x] Escaping functionality within the Grammar

Author: tpetry

src/Backports/ConnectionBackport.php

@@ -0,0 +1,130 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Tpetry\PostgresqlEnhanced\Backports;
+
+use Closure;
+use RuntimeException;
+use Tpetry\PostgresqlEnhanced\Query\Grammar as QueryGrammar;
+use Tpetry\PostgresqlEnhanced\Schema\Grammars\Grammar as SchemaGrammar;
+
+/**
+ * To support some features these commits from laravel needed to be backported for older versions:
+ * - [8.x] Adds new RefreshDatabaseLazily testing trait (https://github.com/laravel/framework/commit/3d1ead403e05ee0b9aa93a6ff720704970aec9c8).
+ * - [10.x] Escaping functionality within the Grammar (https://github.com/laravel/framework/commit/e953137280cdf6e0fe3c3e4c49d7209ad86c92c0).
+ */
+trait ConnectionBackport
+{
+    /**
+     * All of the callbacks that should be invoked before a query is executed.
+     *
+     * @var Closure[]
+     */
+    protected $beforeExecutingCallbacks = [];
+
+    /**
+     * Register a hook to be run just before a database query is executed.
+     */
+    public function beforeExecuting(Closure $callback): static
+    {
+        $this->beforeExecutingCallbacks[] = $callback;
+
+        return $this;
+    }
+
+    /**
+     * Escape a value for safe SQL embedding.
+     *
+     * @param string|float|int|bool|null $value
+     * @param bool $binary
+     */
+    public function escape($value, $binary = false): string
+    {
+        if (null === $value) {
+            return 'null';
+        } elseif ($binary) {
+            return $this->escapeBinary($value);
+        } elseif (\is_int($value) || \is_float($value)) {
+            return (string) $value;
+        } elseif (\is_bool($value)) {
+            return $this->escapeBool($value);
+        } else {
+            if (str_contains($value, "\00")) {
+                throw new RuntimeException('Strings with null bytes cannot be escaped. Use the binary escape option.');
+            }
+            if (false === preg_match('//u', $value)) {
+                throw new RuntimeException('Strings with invalid UTF-8 byte sequences cannot be escaped.');
+            }
+
+            return $this->escapeString($value);
+        }
+    }
+
+    /**
+     * Escape a binary value for safe SQL embedding.
+     *
+     * @param string $value
+     */
+    protected function escapeBinary($value): string
+    {
+        $hex = bin2hex($value);
+
+        return "'\x{$hex}'::bytea";
+    }
+
+    /**
+     * Escape a boolean value for safe SQL embedding.
+     *
+     * @param bool $value
+     */
+    protected function escapeBool($value): string
+    {
+        return $value ? 'true' : 'false';
+    }
+
+    /**
+     * Escape a string value for safe SQL embedding.
+     *
+     * @param string $value
+     */
+    protected function escapeString($value): string
+    {
+        return $this->getPdo()->quote($value);
+    }
+
+    /**
+     * Get the default query grammar instance.
+     */
+    protected function getDefaultQueryGrammar(): QueryGrammar
+    {
+        ($grammar = new QueryGrammar())->setConnection($this);
+
+        return $this->withTablePrefix($grammar);
+    }
+
+    /**
+     * Get the default schema grammar instance.
+     */
+    protected function getDefaultSchemaGrammar(): SchemaGrammar
+    {
+        ($grammar = new SchemaGrammar())->setConnection($this);
+
+        return $this->withTablePrefix($grammar);
+    }
+
+    /**
+     * Run a SQL statement and log its execution context.
+     *
+     * @param string $query
+     * @param array $bindings
+     */
+    protected function run($query, $bindings, Closure $callback): mixed
+    {
+        foreach ($this->beforeExecutingCallbacks as $beforeExecutingCallback) {
+            $beforeExecutingCallback($query, $bindings, $this);
+        }
+
+        return parent::run($query, $bindings, $callback);
+    }
+}

src/Backports/GrammarBackport.php

@@ -0,0 +1,48 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Tpetry\PostgresqlEnhanced\Backports;
+
+use RuntimeException;
+
+/**
+ * To support some features these commits from laravel needed to be backported for older versions:
+ * - [10.x] Escaping functionality within the Grammar (https://github.com/laravel/framework/commit/e953137280cdf6e0fe3c3e4c49d7209ad86c92c0).
+ */
+trait GrammarBackport
+{
+    /**
+     * The connection used for escaping values.
+     *
+     * @var \Illuminate\Database\Connection
+     */
+    protected $connection;
+
+    /**
+     * Escapes a value for safe SQL embedding.
+     *
+     * @param string|float|int|bool|null $value
+     * @param bool $binary
+     */
+    public function escape($value, $binary = false): string
+    {
+        if (null === $this->connection) {
+            throw new RuntimeException("The database driver's grammar implementation does not support escaping values.");
+        }
+
+        return $this->connection->escape($value, $binary);
+    }
+
+    /**
+     * Set the grammar's database connection.
+     *
+     * @param \Illuminate\Database\Connection $connection
+     */
+    public function setConnection($connection): static
+    {
+        $this->connection = $connection;
+
+        return $this;
+    }
+}

src/PostgresConnectionBackport.php

@@ -10,6 +10,7 @@
 use Illuminate\Database\QueryException;
 use Illuminate\Support\Str;
 use Throwable;
+use Tpetry\PostgresqlEnhanced\Backports\ConnectionBackport;
 use Tpetry\PostgresqlEnhanced\Query\Builder as QueryBuilder;
 use Tpetry\PostgresqlEnhanced\Query\Grammar as QueryGrammar;
 use Tpetry\PostgresqlEnhanced\Schema\Builder as SchemaBuilder;
@@ -18,7 +19,7 @@
 
 class PostgresEnhancedConnection extends PostgresConnection
 {
-    use PostgresConnectionBackport;
+    use ConnectionBackport;
 
     /**
      * Additional bindings which will be used in run().

src/PostgresEnhancedConnection.php

@@ -6,9 +6,11 @@
 
 use Illuminate\Database\Query\Builder as BaseBuilder;
 use Illuminate\Database\Query\Grammars\PostgresGrammar;
+use Tpetry\PostgresqlEnhanced\Backports\GrammarBackport;
 
 class Grammar extends PostgresGrammar
 {
+    use GrammarBackport;
     use GrammarCte;
     use GrammarFullText;
     use GrammarOrder;

src/Query/Grammar.php

@@ -5,9 +5,11 @@
 namespace Tpetry\PostgresqlEnhanced\Schema\Grammars;
 
 use Illuminate\Database\Schema\Grammars\PostgresGrammar;
+use Tpetry\PostgresqlEnhanced\Backports\GrammarBackport;
 
 class Grammar extends PostgresGrammar
 {
+    use GrammarBackport;
     use GrammarIndex;
     use GrammarTable;
     use GrammarTrigger;

src/Schema/Grammars/Grammar.php

@@ -0,0 +1,61 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Tpetry\PostgresqlEnhanced\Tests\Connection;
+
+use RuntimeException;
+use Tpetry\PostgresqlEnhanced\Tests\TestCase;
+
+class EscapeTest extends TestCase
+{
+    public function testEscapeBinary(): void
+    {
+        $this->assertSame("'\\xdead00beef'::bytea", $this->getConnection()->escape(hex2bin('dead00beef'), true));
+    }
+
+    public function testEscapeBool(): void
+    {
+        $this->assertSame('true', $this->getConnection()->escape(true));
+        $this->assertSame('false', $this->getConnection()->escape(false));
+    }
+
+    public function testEscapeFloat(): void
+    {
+        $this->assertSame('3.14159', $this->getConnection()->escape(3.14159));
+        $this->assertSame('-3.14159', $this->getConnection()->escape(-3.14159));
+    }
+
+    public function testEscapeInt(): void
+    {
+        $this->assertSame('42', $this->getConnection()->escape(42));
+        $this->assertSame('-6', $this->getConnection()->escape(-6));
+    }
+
+    public function testEscapeNull(): void
+    {
+        $this->assertSame('null', $this->getConnection()->escape(null));
+        $this->assertSame('null', $this->getConnection()->escape(null, true));
+    }
+
+    public function testEscapeString(): void
+    {
+        $this->assertSame("'2147483647'", $this->getConnection()->escape('2147483647'));
+        $this->assertSame("'true'", $this->getConnection()->escape('true'));
+        $this->assertSame("'false'", $this->getConnection()->escape('false'));
+        $this->assertSame("'null'", $this->getConnection()->escape('null'));
+        $this->assertSame("'Hello''World'", $this->getConnection()->escape("Hello'World"));
+    }
+
+    public function testEscapeStringInvalidUtf8(): void
+    {
+        $this->expectException(RuntimeException::class);
+        $this->getConnection()->escape("I am hiding an invalid \x80 utf-8 continuation byte");
+    }
+
+    public function testEscapeStringNullByte(): void
+    {
+        $this->expectException(RuntimeException::class);
+        $this->getConnection()->escape("I am hiding a \00 byte");
+    }
+}

tests/Connection/EscapeTest.php

@@ -0,0 +1,61 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Tpetry\PostgresqlEnhanced\Tests\Connection;
+
+use RuntimeException;
+use Tpetry\PostgresqlEnhanced\Tests\TestCase;
+
+class QueryGrammarEscapeTest extends TestCase
+{
+    public function testEscapeBinary(): void
+    {
+        $this->assertSame("'\\xdead00beef'::bytea", $this->getConnection()->getQueryGrammar()->escape(hex2bin('dead00beef'), true));
+    }
+
+    public function testEscapeBool(): void
+    {
+        $this->assertSame('true', $this->getConnection()->getQueryGrammar()->escape(true));
+        $this->assertSame('false', $this->getConnection()->getQueryGrammar()->escape(false));
+    }
+
+    public function testEscapeFloat(): void
+    {
+        $this->assertSame('3.14159', $this->getConnection()->getQueryGrammar()->escape(3.14159));
+        $this->assertSame('-3.14159', $this->getConnection()->getQueryGrammar()->escape(-3.14159));
+    }
+
+    public function testEscapeInt(): void
+    {
+        $this->assertSame('42', $this->getConnection()->getQueryGrammar()->escape(42));
+        $this->assertSame('-6', $this->getConnection()->getQueryGrammar()->escape(-6));
+    }
+
+    public function testEscapeNull(): void
+    {
+        $this->assertSame('null', $this->getConnection()->getQueryGrammar()->escape(null));
+        $this->assertSame('null', $this->getConnection()->getQueryGrammar()->escape(null, true));
+    }
+
+    public function testEscapeString(): void
+    {
+        $this->assertSame("'2147483647'", $this->getConnection()->getQueryGrammar()->escape('2147483647'));
+        $this->assertSame("'true'", $this->getConnection()->getQueryGrammar()->escape('true'));
+        $this->assertSame("'false'", $this->getConnection()->getQueryGrammar()->escape('false'));
+        $this->assertSame("'null'", $this->getConnection()->getQueryGrammar()->escape('null'));
+        $this->assertSame("'Hello''World'", $this->getConnection()->getQueryGrammar()->escape("Hello'World"));
+    }
+
+    public function testEscapeStringInvalidUtf8(): void
+    {
+        $this->expectException(RuntimeException::class);
+        $this->getConnection()->getQueryGrammar()->escape("I am hiding an invalid \x80 utf-8 continuation byte");
+    }
+
+    public function testEscapeStringNullByte(): void
+    {
+        $this->expectException(RuntimeException::class);
+        $this->getConnection()->getQueryGrammar()->escape("I am hiding a \00 byte");
+    }
+}