Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Problem/Motivation
Views aggregate queries do not escape the fields that is argument of the aggregation function, nor of the GROUP BY part.
See example below, from Drupal\Tests\views\Kernel\QueryGroupByTest
:
SELECT "entity_test"."id" AS "id", "entity_test"."langcode" AS "entity_test_langcode", MIN(entity_test.name) AS "entity_test_name", MIN(entity_test.id) AS "id_1"\n
FROM\n
{entity_test} "entity_test"\n
GROUP BY entity_test.id, entity_test_langcode\n
LIMIT 10 OFFSET 0
it is mixing up quoted and non quoted identifiers, now all identifiers should be quoted.
Proposed resolution
Remaining tasks
User interface changes
API changes
Data model changes
Release notes snippet
Comment | File | Size | Author |
---|---|---|---|
#23 | 3191623-23.patch | 3.59 KB | mondrake |
Issue fork drupal-3191623
Show commands
Start within a Git clone of the project using the version control instructions.
Or, if you do not have SSH keys set up on git.drupalcode.org:
- 3191623-views-aggregate-queries changes, plain diff MR !785
Comments
Comment #2
mondrakeComment #3
mondrakeComment #6
mondrakeComment #10
mondrakeAlso the aggregate functions field parameters do not get escaped, but let's start from somewhere. Limiting scope to the GROUP BY fields.
Comment #11
mondrakeI start thinking this should be addressed on the database layer instead of on the views’ one. Will work on another patch.
Comment #12
Medha KumariRerolled the patch #5 in Drupal 10.1.x.
Comment #14
mondrakeHere's a new approach based on #11, trying to fix this at the database layer level.
@Medha Kumari thanks for your attempt, but I removed your patch in #12 as it is a wrong reroll and in any case it is not addressing the fix.
Comment #15
daffie CreditAttribution: daffie at Finalist commentedAll the changes look good to me.
Only as this is a fix on the Database API, I would like to test this in a Database API test.
Therefor could we add a test to Drupal\KernelTests\Core\Database\SelectComplexTest::testGroupBy().
Something like:
Comment #16
mondrakeThanks @daffie, done.
Comment #17
mondrakeUhm no, DruDbal driver fails the
SelectComplexTest
changes since DBAL uses a different query builder. Need to find a less strict test.Comment #18
mondrakeFixed tests to be less strict so to allow testing with contrib drivers.
Comment #19
daffie CreditAttribution: daffie at Finalist commentedAll code changes look good to me.
The fix has testing in the Database API test.
For me it is RTBC.
@mondrake: Thanks.
Comment #20
alexpottCan we add a group by test to the reserved word testing too? That's a bit more concrete test coverage than the regex testing added here.
Comment #21
mondrakeGood idea.
Comment #22
mondrakeDone
Comment #23
mondrakeMR testing seems more and more hopelessly broken. https://drupal.slack.com/archives/C51GNJG91/p1673357627190639
Changed to patch workflow.
Comment #25
daffie CreditAttribution: daffie at Finalist commentedThe remark of @alexpott has been addressed.
Back to RTBC.
Comment #26
alexpottCommitted and pushed 5a193a820f to 10.1.x and 513933dee7 to 10.0.x and b9b6fa5864 to 9.5.x. Thanks!
Backported to 9.5.x to fix that branch too.
Comment #31
catchI'm removing credit for #12 since there was already a valid MR here and no need for a re-rolled patch.