[jira] [Comment Edited] (CASSANDRA-17238) Constants$Literal.getText does not escape ' chars

Thu, 06 Jan 2022 15:58:07 -0800 


    [ 
https://issues.apache.org/jira/browse/CASSANDRA-17238?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17469431#comment-17469431
 ] 

Sina Siadat edited comment on CASSANDRA-17238 at 1/6/22, 11:57 PM:
-------------------------------------------------------------------

Yes, CQL keywords wouldn't need this kind of protection, but the problem here 
is for getText when type is Type.STRING. Is it ever used with inputs of that 
type? If so and if I'm not mistaken, getText for this CQL string:
{code:java}
'this is a ''quoted'' word'
{code}
would return
{code:java}
'this is a 'quoted' word'
{code}
which is probably an incorrect representation of the CQL string.


was (Author: JIRAUSER283097):
Yes, CQL keywords wouldn't need this kind of protection, but the problem here 
is for getText when type is Type.STRING. So, getText for this CQL string:
{code}
'this is a ''quoted'' word'
{code}
would return
{code}
'this is a 'quoted' word'
{code}
which is an incorrect representation of the CQL string.

> Constants$Literal.getText does not escape ' chars
> -------------------------------------------------
>
>                 Key: CASSANDRA-17238
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-17238
>             Project: Cassandra
>          Issue Type: Bug
>            Reporter: Sina Siadat
>            Priority: Normal
>
> The [current 
> implementation|https://sourcegraph.com/github.com/apache/cassandra@b83d722b99de79d131f58512564b901b11907182/-/blob/src/java/org/apache/cassandra/cql3/Constants.java?L358-361]
>  is only adding single quotes around the text:
> {code:java}
> public String getText()
> {
>     return type == Type.STRING ? String.format("'%s'", text) : text;
> }
> {code}
> So, getText for this string:
> {code}
> 'this is a ''quoted'' word'
> {code}
> would return
> {code}
> 'this is a 'quoted' word'
> {code}
> Something like this is necessary:
> {code:java}
> public String getText()
> {
>     return type == Type.STRING ? String.format("'%s'", 
> StringUtils.replace(text, "'", "''")) : text;
> }
> {code}



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org

Reply via email to