[Gravity] Add support for functions is the select query

Review Request #801 — Created Oct. 18, 2021 and discarded Oct. 19, 2021, 2:26 p.m.

Information
Owner:	b.stoop
Repository:	Lunr
Branch:	gravity/functionsupport
Bugs:
Depends On:
Reviewers
Groups:	lunr
People:

Description

Add support for functions is the select query

Testing Done

local tests and unit test

Issues

3
0
0
0
All Issues: 3

Description	From	Last Updated
So... about those unittests huh	smillernl	Oct. 18, 2021, 5:26 p.m.
Sorry, no. I'm going to veto this. Functions are just too difficult to escape properly. It's impossible to know whether ...	pprkut	Oct. 19, 2021, 10:21 a.m.
This is not really secure after i think about it	b.stoop	Oct. 19, 2021, 9:55 a.m.

Testing Done:

local tests

Fix it!

Show all issues
```
So... about those unittests huh
```
1. b.stoop Oct. 18, 2021, 5:26 p.m.
  Will this do?

Change Summary:

add unit test

Testing Done:

~		local tests
	~	local tests and unit test

Commit:

-	abeeda24e24edae8f5cfd408ae800da1cbb3ecee
+	971ad24af38ffa59368814e28d0f76fd9c737cad

Diff:

Revision 2 (+2 -1)

Show changes

	src/Lunr/Gravity/Database/DatabaseQueryEscaper.php
	src/Lunr/Gravity/Database/Tests/DatabaseQueryEscaperTest.php

Fix it!

src/Lunr/Gravity/Database/DatabaseQueryEscaper.php (Diff revision 2)
Show all issues
```
This is not really secure after i think about it
```

Fix it!

Show all issues

Sorry, no. I'm going to veto this.

Functions are just too difficult to escape properly. It's impossible to know whether the arguments are column names, strings, tables, or something else entirely, and the logic would need to differ for every function.

If you need functions in the select statement, use the normal query builder (not the simple one), and do the escaping yourself.

You have a pending review.

Review Board 3.0.24

[Gravity] Add support for functions is the select query

Testing Done:

Change Summary:

Testing Done:

Commit:

Diff:

Status: Discarded