Hibernate
/
hibernate-orm
mirror of https://github.com/hibernate/hibernate-orm
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

HHH-10446 - Comment delimiters not "escaped" within (VAR)CHAR literals within native queries

This commit is contained in:
Steve Ebersole 2016-01-25 20:54:59 -06:00
parent 6732e04058
commit bb109139e8
2 changed files with 45 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
hibernate-core/src/main/java/org/hibernate/engine/query/spi/ParameterParser.java
View File

@ -94,7 +94,20 @@ public class ParameterParser {
final char c = sqlString.charAt( indx );
final boolean lastCharacter = indx == stringLength-1;
if ( inDelimitedComment ) {
// if we are "in" a certain context, check first for the end of that context
if ( inSingleQuotes ) {
recognizer.other( c );
if ( '\'' == c ) {
inSingleQuotes = false;
}
}
else if ( inDoubleQuotes ) {
recognizer.other( c );
if ( '\"' == c ) {
inDoubleQuotes = false;
}
}
else if ( inDelimitedComment ) {
recognizer.other( c );
if ( !lastCharacter && '*' == c && '/' == sqlString.charAt( indx+1 ) ) {
inDelimitedComment = false;
@ -102,12 +115,6 @@ public class ParameterParser {
indx++;
}
}
else if ( !lastCharacter && '/' == c && '*' == sqlString.charAt( indx+1 ) ) {
inDelimitedComment = true;
recognizer.other( c );
recognizer.other( sqlString.charAt( indx+1 ) );
indx++;
}
else if ( inLineComment ) {
recognizer.other( c );
// see if the character ends the line
@ -122,6 +129,13 @@ public class ParameterParser {
}
}
}
// otherwise, see if we start such a context
else if ( !lastCharacter && '/' == c && '*' == sqlString.charAt( indx+1 ) ) {
inDelimitedComment = true;
recognizer.other( c );
recognizer.other( sqlString.charAt( indx+1 ) );
indx++;
}
else if ( '-' == c ) {
recognizer.other( c );
if ( !lastCharacter && '-' == sqlString.charAt( indx+1 ) ) {
@ -130,30 +144,20 @@ public class ParameterParser {
indx++;
}
}
else if ( inDoubleQuotes ) {
if ( '\"' == c ) {
inDoubleQuotes = false;
}
recognizer.other( c );
}
else if ( '\"' == c ) {
inDoubleQuotes = true;
recognizer.other( c );
}
else if ( inSingleQuotes ) {
if ( '\'' == c ) {
inSingleQuotes = false;
}
recognizer.other( c );
}
else if ( '\'' == c ) {
inSingleQuotes = true;
recognizer.other( c );
}
// special handling for backslash
else if ( '\\' == c ) {
// skip sending the backslash and instead send then next character, treating is as a literal
recognizer.other( sqlString.charAt( ++indx ) );
}
// otherwise
else {
if ( c == ':' ) {
// named parameter

25
hibernate-core/src/test/java/org/hibernate/engine/query/ParameterParserTest.java
View File

@ -6,12 +6,13 @@
*/
package org.hibernate.engine.query;
import org.junit.Test;
import org.hibernate.engine.query.spi.ParamLocationRecognizer;
import org.hibernate.engine.query.spi.ParameterParser;
import org.hibernate.testing.junit4.BaseUnitTestCase;
import org.hibernate.testing.junit4.BaseUnitTestCase;
import org.junit.Test;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertTrue;
@ -48,6 +49,24 @@ public class ParameterParserTest extends BaseUnitTestCase {
assertTrue(recognizer.getNamedParameterDescriptionMap().containsKey("param"));
}
@Test
public void testDoubleDashInCharLiteral() {
ParamLocationRecognizer recognizer = new ParamLocationRecognizer();
ParameterParser.parse("select coalesce(i.name, '--NONE--') as itname from Item i where i.intVal=? ",recognizer);
assertEquals( 1, recognizer.getOrdinalParameterLocationList().size() );
}
@Test
public void testSlashStarInCharLiteral() {
ParamLocationRecognizer recognizer = new ParamLocationRecognizer();
ParameterParser.parse("select coalesce(i.name, '/*NONE') as itname from Item i where i.intVal=? ",recognizer);
assertEquals( 1, recognizer.getOrdinalParameterLocationList().size() );
}
@Test
public void testApostropheInOracleAlias() {
ParamLocationRecognizer recognizer = new ParamLocationRecognizer();