pgsql improperly escape table names leading to a fatal error [#2726747]

Problem/Motivation

The PostgreSQL driver overrides the escapeField, escapeAlias and escapeTable methods to deal with case sensitive names and reserved keywords.
Leaving aside the fact that this code has a serious lack of factorization, the table escape introduces a major bug. Currently, the escapeTable method escapes the entire table name as it has been given. The thing is that this table name can include the database and the schema names too.

echo \Drupal::database()->escapeTable('myDb.public.node');

Expected: "myDb".public.node
Current: "myDb.public.node"

Proposed resolution

Factorize for sanity
Explode the table name and handle each part separately

Remaining tasks

Contributor tasks needed
Task	Contributor instructions	Complete?
Create a patch	Instructions	Done
Add automated tests	Instructions	Done
Review patch to ensure that it fixes the issue, stays within scope, is properly documented, and follows coding standards	Instructions

User interface changes

None.

API changes

None.

Data model changes

None.

Comment	File	Size	Author
#12	drupal_pgsql_escape_issue-2726747-12.patch	3.66 KB	DuaelFr
#12	8.2.x: PHP 5.5 & MySQL 5.5 18,511 pass PHP 7 & PostgreSQL 9.1 18,496 pass
#12	interdiff.2726747.7.12.txt	973 bytes	DuaelFr
#7	drupal_pgsql_escape_issue-2726747-7.patch	3.42 KB	DuaelFr
#7	8.2.x: PHP 5.5 & MySQL 5.5 18,583 pass PHP 5.5 & PostgreSQL 9.1 18,498 pass PHP 7 & PostgreSQL 9.1 18,487 pass
#7	drupal_pgsql_escape_issue-2726747-7-tests-only.patch	718 bytes	DuaelFr
#7	8.2.x: PHP 5.5 & MySQL 5.5 18,582 pass, 1 fail PHP 5.5 & PostgreSQL 9.1 18,577 pass, 4 fail PHP 7 & PostgreSQL 9.1 18,568 pass, 1 fail
#7	interdiff.2726747.3.7.txt	1.63 KB	DuaelFr
#2	drupal_pgsql_escape_issue-2726747-2.patch	2.73 KB	DuaelFr
#2	8.2.x: PHP 5.5 & MySQL 5.5 18,579 pass PHP 5.5 & PostgreSQL 9.1 18,575 pass PHP 7 & PostgreSQL 9.1 18,565 pass
#3	interdiff.2726747.2.3.txt	718 bytes	DuaelFr
#3	drupal_pgsql_escape_issue-2726747-3.patch	3.43 KB	DuaelFr
#3	8.2.x: PHP 5.5 & MySQL 5.5 18,581 pass, 1 fail PHP 5.5 & PostgreSQL 9.1 18,576 pass, 5 fail PHP 7 & PostgreSQL 9.1 18,567 pass, 2 fail
#3	drupal_pgsql_escape_issue-2726747-3-tests-only.patch	718 bytes	DuaelFr
#3	8.2.x: PHP 5.5 & MySQL 5.5 18,581 pass, 1 fail PHP 5.5 & PostgreSQL 9.1 18,576 pass, 3 fail PHP 7 & PostgreSQL 9.1 18,566 pass, 3 fail

Support from Acquia helps fund testing for Drupal Acquia logo

Comments

Comment #1

16 May 2016 at 16:40

DuaelFr created an issue. See original summary.

Comment #2

DuaelFr

he/him

French

Montpellier, France

CreditAttribution: DuaelFr as a volunteer and at Happyculture commented 16 May 2016 at 16:41

Issue summary:	View changes
Status:	Active	» Needs review

File	Size
drupal_pgsql_escape_issue-2726747-2.patch	2.73 KB
8.2.x: PHP 5.5 & MySQL 5.5 18,579 pass PHP 5.5 & PostgreSQL 9.1 18,575 pass PHP 7 & PostgreSQL 9.1 18,565 pass

Comment #3

DuaelFr

he/him

French

Montpellier, France

CreditAttribution: DuaelFr as a volunteer and at Happyculture commented 18 May 2016 at 22:44

Issue summary:	View changes
Issue tags:	-Needs tests

File	Size
drupal_pgsql_escape_issue-2726747-3-tests-only.patch	718 bytes
8.2.x: PHP 5.5 & MySQL 5.5 18,581 pass, 1 fail PHP 5.5 & PostgreSQL 9.1 18,576 pass, 3 fail PHP 7 & PostgreSQL 9.1 18,566 pass, 3 fail
drupal_pgsql_escape_issue-2726747-3.patch	3.43 KB
8.2.x: PHP 5.5 & MySQL 5.5 18,581 pass, 1 fail PHP 5.5 & PostgreSQL 9.1 18,576 pass, 5 fail PHP 7 & PostgreSQL 9.1 18,567 pass, 2 fail
interdiff.2726747.2.3.txt	718 bytes

I just added a tiny test to demonstrate the issue.

Comment #4

18 May 2016 at 23:22

The last submitted patch, 3: drupal_pgsql_escape_issue-2726747-3-tests-only.patch, failed testing.

Comment #5

18 May 2016 at 23:22

The last submitted patch, 3: drupal_pgsql_escape_issue-2726747-3.patch, failed testing.

Comment #6

Crell CreditAttribution: Crell at Platform.sh commented 19 May 2016 at 09:51

+++ b/core/lib/Drupal/Core/Database/Driver/pgsql/Connection.php
@@ -246,16 +232,33 @@ public function escapeAlias($field) {
+    // properly and independently escaped. ¶

Extra space at the end of this line, according to Dreditor.

+++ b/core/lib/Drupal/Core/Database/Driver/pgsql/Connection.php
@@ -246,16 +232,33 @@ public function escapeAlias($field) {
+  /**
+   * Escape a string if needed.
+   *
+   * @param $string
+   *   The string to escape.
+   * @return string
+   *   The escaped string.
+   */
+  protected function _doEscape($string) {

There's no need to name methods with a _ prefix if you're on PHP 5.0 or later. :-)

I don't know why the MySQL testbot is affected by this patch. That seems... odd. Other than the above the code looks reasonable on visual inspection.

Comment #7

DuaelFr

he/him

French

Montpellier, France

CreditAttribution: DuaelFr as a volunteer and at Happyculture commented 19 May 2016 at 21:13

File	Size
interdiff.2726747.3.7.txt	1.63 KB
drupal_pgsql_escape_issue-2726747-7-tests-only.patch	718 bytes
8.2.x: PHP 5.5 & MySQL 5.5 18,582 pass, 1 fail PHP 5.5 & PostgreSQL 9.1 18,577 pass, 4 fail PHP 7 & PostgreSQL 9.1 18,568 pass, 1 fail
drupal_pgsql_escape_issue-2726747-7.patch	3.42 KB
8.2.x: PHP 5.5 & MySQL 5.5 18,583 pass PHP 5.5 & PostgreSQL 9.1 18,498 pass PHP 7 & PostgreSQL 9.1 18,487 pass

Thanks @Crell for your review.
As I don't really understand why tests failed while they are passing on my local environment, I just updated my patch with your suggestions.
Let's see if the testbot is happier.

Comment #8

19 May 2016 at 21:53

The last submitted patch, 7: drupal_pgsql_escape_issue-2726747-7-tests-only.patch, failed testing.

Comment #9

DuaelFr

he/him

French

Montpellier, France

CreditAttribution: DuaelFr as a volunteer and at Happyculture commented 20 May 2016 at 10:23

The testbot seems quite unstable theses days. Re-requeueing the test.

Comment #10

daffie CreditAttribution: daffie commented 20 May 2016 at 15:56

Status:

Needs review

» Reviewed & tested by the community

4 files were hidden/shown/deleted

File	Size
drupal_pgsql_escape_issue-2726747-3-tests-only.patch	718 bytes
8.2.x: PHP 5.5 & MySQL 5.5 18,581 pass, 1 fail PHP 5.5 & PostgreSQL 9.1 18,576 pass, 3 fail PHP 7 & PostgreSQL 9.1 18,566 pass, 3 fail
drupal_pgsql_escape_issue-2726747-3.patch	3.43 KB
8.2.x: PHP 5.5 & MySQL 5.5 18,581 pass, 1 fail PHP 5.5 & PostgreSQL 9.1 18,576 pass, 5 fail PHP 7 & PostgreSQL 9.1 18,567 pass, 2 fail
interdiff.2726747.2.3.txt	718 bytes
drupal_pgsql_escape_issue-2726747-2.patch	2.73 KB
8.2.x: PHP 5.5 & MySQL 5.5 18,579 pass PHP 5.5 & PostgreSQL 9.1 18,575 pass PHP 7 & PostgreSQL 9.1 18,565 pass

The remarks of @Crell in comment #6 are all fixed.

There is a test added to make sure that the problem is fixed.

It all looks good to me.

Comment #11

alexpott

he/they

English

🇪🇺🌍

CreditAttribution: alexpott at Chapter Three commented 27 May 2016 at 08:39

Status:

Reviewed & tested by the community

» Needs work

+++ b/core/tests/Drupal/Tests/Core/Database/Driver/pgsql/PostgresqlConnectionTest.php
@@ -40,6 +40,8 @@ public function providerEscapeTables() {
+      // Sometimes, table names are following the pattern database.schema.table.
+      array('"camelCase".nocase', 'camelCase.nocase'),

I think we should add test coverage of the database.schema.table pattern... since the pattern tested here only has one dot.

Comment #12

DuaelFr

he/him

French

Montpellier, France

CreditAttribution: DuaelFr as a volunteer and at Happyculture commented 27 May 2016 at 12:22

Status:

Needs work

» Needs review

File	Size
interdiff.2726747.7.12.txt	973 bytes
drupal_pgsql_escape_issue-2726747-12.patch	3.66 KB
8.2.x: PHP 5.5 & MySQL 5.5 18,511 pass PHP 7 & PostgreSQL 9.1 18,496 pass

Done :)

Comment #13

bzrudi71 CreditAttribution: bzrudi71 commented 27 May 2016 at 14:08

Status:

Needs review

» Reviewed & tested by the community

Looks good to me and we have PG pass too, back to RTBC. Thanks @DuaelFr

Comment #14

alexpott

he/they

English

🇪🇺🌍

CreditAttribution: alexpott at Chapter Three commented 27 May 2016 at 14:16

Status:

Reviewed & tested by the community

» Fixed

Committed 9233946 and pushed to 8.2.x. Thanks!

Only committing to 8.2.x because of the addition of the protected method.

Comment #15

27 May 2016 at 14:17

alexpott committed 9233946 on 8.2.x

Issue #2726747 by DuaelFr: pgsql improperly escape table names leading...

Comment #16

10 June 2016 at 14:24

Status:

Fixed

» Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.

pgsql improperly escape table names leading to a fatal error

Problem/Motivation

Proposed resolution

Remaining tasks

User interface changes

API changes

Data model changes

Comments

Comment #1

Comment #2

Comment #3

Comment #4

Comment #5

Comment #6

Comment #7

Comment #8

Comment #9

Comment #10

Comment #11

Comment #12

Comment #13

Comment #14

Comment #15

Comment #16

Thank you to these Drupal contributors

News items

Our community

Documentation

Drupal code base

Governance of community