[BUGFIX] Extbase: quote table and field names in join statements 00/52400/2
authorMorton Jonuschat <m.jonuschat@mojocode.de>
Sat, 8 Apr 2017 22:20:40 +0000 (15:20 -0700)
committerTymoteusz Motylewski <t.motylewski@gmail.com>
Thu, 13 Apr 2017 20:14:30 +0000 (22:14 +0200)
Properly quote table and field names when building join statements
within Typo3DbQueryParser.

Change-Id: Ia2c977d198e6fe67999eaa5b0441a568cbf1b5c9
Resolves: #80767
Releases: master
Reviewed-on: https://review.typo3.org/52400
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Thomas Hohn <thomas@hohn.dk>
Reviewed-by: Wouter Wolters <typo3@wouterwolters.nl>
Tested-by: Wouter Wolters <typo3@wouterwolters.nl>
Reviewed-by: Henrik Elsner <helsner@dfau.de>
Reviewed-by: Tymoteusz Motylewski <t.motylewski@gmail.com>
Tested-by: Tymoteusz Motylewski <t.motylewski@gmail.com>
typo3/sysext/extbase/Classes/Persistence/Generic/Storage/Typo3DbQueryParser.php

index 575a412..03f1a5d 100644 (file)
@@ -827,7 +827,7 @@ class Typo3DbQueryParser
 
             $joinConditionExpression =  $this->queryBuilder->expr()->eq(
                 $leftTableAlias . '.' . $column1Name,
-                $rightTableAlias . '.' . $column2Name
+                $this->queryBuilder->quoteIdentifier($rightTableAlias . '.' . $column2Name)
             );
         }
         $this->queryBuilder->leftJoin($leftTableAlias, $rightTableName, $rightTableAlias, $joinConditionExpression);
@@ -914,12 +914,12 @@ class Typo3DbQueryParser
                 // @todo: no test for this part yet
                 $joinConditionExpression = $this->queryBuilder->expr()->eq(
                     $tableName . '.uid',
-                    $childTableAlias . '.' . $parentKeyFieldName
+                    $this->queryBuilder->quoteIdentifier($childTableAlias . '.' . $parentKeyFieldName)
                 );
             } else {
                 $joinConditionExpression = $this->queryBuilder->expr()->eq(
                     $tableName . '.' . $columnName,
-                    $childTableAlias . '.uid'
+                    $this->queryBuilder->quoteIdentifier($childTableAlias . '.uid')
                 );
             }
             $this->queryBuilder->leftJoin($tableName, $childTableName, $childTableAlias, $joinConditionExpression);
@@ -932,7 +932,7 @@ class Typo3DbQueryParser
             if (isset($parentKeyFieldName)) {
                 $joinConditionExpression = $this->queryBuilder->expr()->eq(
                     $tableName . '.uid',
-                    $childTableAlias . '.' . $parentKeyFieldName
+                    $this->queryBuilder->quoteIdentifier($childTableAlias . '.' . $parentKeyFieldName)
                 );
             } else {
                 $joinConditionExpression = $this->queryBuilder->expr()->inSet(
@@ -953,14 +953,16 @@ class Typo3DbQueryParser
             $joinConditionExpression = $this->queryBuilder->expr()->andX(
                 $this->queryBuilder->expr()->eq(
                     $tableName . '.uid',
-                    $relationTableAlias . '.' . $columnMap->getParentKeyFieldName()
+                    $this->queryBuilder->quoteIdentifier(
+                        $relationTableAlias . '.' . $columnMap->getParentKeyFieldName()
+                    )
                 ),
                 $this->getAdditionalMatchFieldsStatement($this->queryBuilder->expr(), $columnMap, $relationTableAlias, $realTableName)
             );
             $this->queryBuilder->leftJoin($tableName, $relationTableName, $relationTableAlias, $joinConditionExpression);
             $joinConditionExpression = $this->queryBuilder->expr()->eq(
                 $relationTableAlias . '.' . $columnMap->getChildKeyFieldName(),
-                $childTableAlias . '.uid'
+                $this->queryBuilder->quoteIdentifier($childTableAlias . '.uid')
             );
             $this->queryBuilder->leftJoin($relationTableAlias, $childTableName, $childTableAlias, $joinConditionExpression);
             $this->unionTableAliasCache[] = $childTableAlias;