Skip to content

Commit

Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Allows :dql_parameters with ARRAY_* functions
Browse files Browse the repository at this point in the history 
before it was only possible to do `ARRAY_APPEND(e.myarray, 'a_literal')`
so it was impossible to have the value coming from php (without resorting
to DQL injection)

We now allow also the following syntax `ARRAY_APPEND(e.myarray, :foobar)`
@allan-simon
allan-simon committed Oct 17, 2024
1 parent 79dcdc2 commit 12d7f5c
Showing 10 changed files with 16 additions and 6 deletions.
2 changes: 1 addition & 1 deletion src/MartinGeorgiev/Doctrine/ORM/Query/AST/Functions/ArrayAppend.php
View file
Original file line number Diff line number Diff line change
@@ -18,6 +18,6 @@ protected function customiseFunction(): void
{
$this->setFunctionPrototype('array_append(%s, %s)');
$this->addNodeMapping('StringPrimary');
$this->addNodeMapping('Literal');
$this->addNodeMapping('ArithmeticPrimary');
}
}
2 changes: 1 addition & 1 deletion src/MartinGeorgiev/Doctrine/ORM/Query/AST/Functions/ArrayLength.php
View file
Original file line number Diff line number Diff line change
@@ -18,6 +18,6 @@ protected function customiseFunction(): void
{
$this->setFunctionPrototype('array_length(%s, %s)');
$this->addNodeMapping('StringPrimary');
$this->addNodeMapping('Literal');
$this->addNodeMapping('ArithmeticPrimary');
}
}
2 changes: 1 addition & 1 deletion src/MartinGeorgiev/Doctrine/ORM/Query/AST/Functions/ArrayPrepend.php
View file
Original file line number Diff line number Diff line change
@@ -17,7 +17,7 @@ class ArrayPrepend extends BaseFunction
protected function customiseFunction(): void
{
$this->setFunctionPrototype('array_prepend(%s, %s)');
$this->addNodeMapping('Literal');
$this->addNodeMapping('ArithmeticPrimary');
$this->addNodeMapping('StringPrimary');
}
}
2 changes: 1 addition & 1 deletion src/MartinGeorgiev/Doctrine/ORM/Query/AST/Functions/ArrayRemove.php
View file
Original file line number Diff line number Diff line change
@@ -18,6 +18,6 @@ protected function customiseFunction(): void
{
$this->setFunctionPrototype('array_remove(%s, %s)');
$this->addNodeMapping('StringPrimary');
$this->addNodeMapping('Literal');
$this->addNodeMapping('ArithmeticPrimary');
}
}
4 changes: 2 additions & 2 deletions src/MartinGeorgiev/Doctrine/ORM/Query/AST/Functions/ArrayReplace.php
View file
Original file line number Diff line number Diff line change
@@ -18,7 +18,7 @@ protected function customiseFunction(): void
{
$this->setFunctionPrototype('array_replace(%s, %s, %s)');
$this->addNodeMapping('StringPrimary');
$this->addNodeMapping('Literal');
$this->addNodeMapping('Literal');
$this->addNodeMapping('ArithmeticPrimary');
$this->addNodeMapping('ArithmeticPrimary');
}
}
2 changes: 2 additions & 0 deletions tests/MartinGeorgiev/Doctrine/ORM/Query/AST/Functions/ArrayAppendTest.php
View file
Original file line number Diff line number Diff line change
@@ -21,6 +21,7 @@ protected function getExpectedSqlStatements(): array
return [
'SELECT array_append(c0_.array1, 1989) AS sclr_0 FROM ContainsArrays c0_',
"SELECT array_append(c0_.array1, 'country') AS sclr_0 FROM ContainsArrays c0_",
"SELECT array_append(c0_.array1, ?) AS sclr_0 FROM ContainsArrays c0_",
];
}

@@ -29,6 +30,7 @@ protected function getDqlStatements(): array
return [
\sprintf('SELECT ARRAY_APPEND(e.array1, 1989) FROM %s e', ContainsArrays::class),
\sprintf("SELECT ARRAY_APPEND(e.array1, 'country') FROM %s e", ContainsArrays::class),
\sprintf("SELECT ARRAY_APPEND(e.array1, :dql_parameter) FROM %s e", ContainsArrays::class),
];
}
}
2 changes: 2 additions & 0 deletions tests/MartinGeorgiev/Doctrine/ORM/Query/AST/Functions/ArrayLengthTest.php
View file
Original file line number Diff line number Diff line change
@@ -20,13 +20,15 @@ protected function getExpectedSqlStatements(): array
{
return [
'SELECT array_length(c0_.array1, 1) AS sclr_0 FROM ContainsArrays c0_',
'SELECT array_length(c0_.array1, ?) AS sclr_0 FROM ContainsArrays c0_',
];
}

protected function getDqlStatements(): array
{
return [
\sprintf('SELECT ARRAY_LENGTH(e.array1, 1) FROM %s e', ContainsArrays::class),
\sprintf('SELECT ARRAY_LENGTH(e.array1, :dql_parameter) FROM %s e', ContainsArrays::class),
];
}
}
2 changes: 2 additions & 0 deletions tests/MartinGeorgiev/Doctrine/ORM/Query/AST/Functions/ArrayPrependTest.php
View file
Original file line number Diff line number Diff line change
@@ -21,6 +21,7 @@ protected function getExpectedSqlStatements(): array
return [
'SELECT array_prepend(1885, c0_.array1) AS sclr_0 FROM ContainsArrays c0_',
"SELECT array_prepend('red', c0_.array1) AS sclr_0 FROM ContainsArrays c0_",
"SELECT array_prepend(?, c0_.array1) AS sclr_0 FROM ContainsArrays c0_",
];
}

@@ -29,6 +30,7 @@ protected function getDqlStatements(): array
return [
\sprintf('SELECT ARRAY_PREPEND(1885, e.array1) FROM %s e', ContainsArrays::class),
\sprintf("SELECT ARRAY_PREPEND('red', e.array1) FROM %s e", ContainsArrays::class),
\sprintf("SELECT ARRAY_PREPEND(:dql_parameter, e.array1) FROM %s e", ContainsArrays::class),
];
}
}
2 changes: 2 additions & 0 deletions tests/MartinGeorgiev/Doctrine/ORM/Query/AST/Functions/ArrayRemoveTest.php
View file
Original file line number Diff line number Diff line change
@@ -21,6 +21,7 @@ protected function getExpectedSqlStatements(): array
return [
'SELECT array_remove(c0_.array1, 1944) AS sclr_0 FROM ContainsArrays c0_',
"SELECT array_remove(c0_.array1, 'peach') AS sclr_0 FROM ContainsArrays c0_",
"SELECT array_remove(c0_.array1, ?) AS sclr_0 FROM ContainsArrays c0_",
];
}

@@ -29,6 +30,7 @@ protected function getDqlStatements(): array
return [
\sprintf('SELECT ARRAY_REMOVE(e.array1, 1944) FROM %s e', ContainsArrays::class),
\sprintf("SELECT ARRAY_REMOVE(e.array1, 'peach') FROM %s e", ContainsArrays::class),
\sprintf("SELECT ARRAY_REMOVE(e.array1, :dql_parameter) FROM %s e", ContainsArrays::class),
];
}
}
2 changes: 2 additions & 0 deletions tests/MartinGeorgiev/Doctrine/ORM/Query/AST/Functions/ArrayReplaceTest.php
View file
Original file line number Diff line number Diff line change
@@ -21,6 +21,7 @@ protected function getExpectedSqlStatements(): array
return [
'SELECT array_replace(c0_.array1, 1939, 1957) AS sclr_0 FROM ContainsArrays c0_',
"SELECT array_replace(c0_.array1, 'green', 'mint') AS sclr_0 FROM ContainsArrays c0_",
"SELECT array_replace(c0_.array1, 'green', ?) AS sclr_0 FROM ContainsArrays c0_",
];
}

@@ -29,6 +30,7 @@ protected function getDqlStatements(): array
return [
\sprintf('SELECT ARRAY_REPLACE(e.array1, 1939, 1957) FROM %s e', ContainsArrays::class),
\sprintf("SELECT ARRAY_REPLACE(e.array1, 'green', 'mint') FROM %s e", ContainsArrays::class),
\sprintf("SELECT ARRAY_REPLACE(e.array1, 'green', :dql_parameter) FROM %s e", ContainsArrays::class),
];
}
}

0 comments on commit 12d7f5c

Please sign in to comment.