Issue #3133798 by Beakerboy, daffie: Semicolon removed from query even when it is allowed

2020-05-28 14:59:19 +01:00 · 2020-05-28 14:59:19 +01:00 · 635b422880
parent 4a0c41ded2
commit 635b422880
2 changed files with 60 additions and 1 deletions
--- a/core/lib/Drupal/Core/Database/Connection.php
+++ b/core/lib/Drupal/Core/Database/Connection.php
@ -628,7 +628,11 @@ abstract class Connection {
        // semicolons should only be needed for special cases like defining a
        // function or stored procedure in SQL. Trim any trailing delimiter to
        // minimize false positives.
-        $query = rtrim($query, ";  \t\n\r\0\x0B");
+        $trim_chars = "  \t\n\r\0\x0B";
+        if (empty($options['allow_delimiter_in_query'])) {
+          $trim_chars .= ';';
+        }
+        $query = rtrim($query, $trim_chars);
        if (strpos($query, ';') !== FALSE && empty($options['allow_delimiter_in_query'])) {
          throw new \InvalidArgumentException('; is not supported in SQL strings. Use only one statement at a time.');
        }
--- a/core/tests/Drupal/Tests/Core/Database/ConnectionTest.php
+++ b/core/tests/Drupal/Tests/Core/Database/ConnectionTest.php
@ -3,6 +3,7 @@
 namespace Drupal\Tests\Core\Database;

 use Drupal\Tests\Core\Database\Stub\StubConnection;
+use Drupal\Tests\Core\Database\Stub\StubPDO;
 use Drupal\Tests\UnitTestCase;

 /**
@ -297,4 +298,58 @@ class ConnectionTest extends UnitTestCase {
    );
  }

+  /**
+   * Test rtrim() of query strings.
+   *
+   * @dataProvider provideQueriesToTrim
+   */
+  public function testQueryTrim($expected, $query, $options) {
+    $mock_pdo = $this->getMockBuilder(StubPdo::class)
+      ->setMethods(['execute', 'prepare', 'setAttribute'])
+      ->getMock();
+
+    // Ensure that PDO::prepare() is called only once, and with the
+    // correctly trimmed query string.
+    $mock_pdo->expects($this->once())
+      ->method('prepare')
+      ->with($expected)
+      ->willReturnSelf();
+    $connection = new StubConnection($mock_pdo, []);
+    $connection->query($query, [], $options);
+  }
+
+  /**
+   * Dataprovider for testQueryTrim().
+   *
+   * @return array
+   *   Array of arrays with the following elements:
+   *   - Expected trimmed query.
+   *   - Padded query.
+   *   - Query options.
+   */
+  public function provideQueriesToTrim() {
+    return [
+      'remove_semicolon' => [
+        'SELECT * FROM test',
+        'SELECT * FROM test;',
+        [],
+      ],
+      'keep_trailing_semicolon' => [
+        'SELECT * FROM test;',
+        'SELECT * FROM test;',
+        ['allow_delimiter_in_query' => TRUE],
+      ],
+      'remove_semicolon_with_whitespace' => [
+        'SELECT * FROM test',
+        'SELECT * FROM test; ',
+        [],
+      ],
+      'keep_trailing_semicolon_with_whitespace' => [
+        'SELECT * FROM test;',
+        'SELECT * FROM test; ',
+        ['allow_delimiter_in_query' => TRUE],
+      ],
+    ];
+  }
+
 }