Escape identifiers that need it

Signed-off-by: Kamil Tekiela <[email protected]>
phpmyadmin · Aug 29, 2023 · bc23a32 · bc23a32
1 parent 52ffc49
commit bc23a32
Show file tree

Hide file tree

Showing 4 changed files with 16 additions and 12 deletions.
diff --git a/phpstan-baseline.neon b/phpstan-baseline.neon
@@ -925,16 +925,6 @@ parameters:
 			count: 2
 			path: tests/Components/PartitionDefinitionTest.php
 
-		-
-			message: "#^Call to method PHPUnit\\\\Framework\\\\Assert\\:\\:assertArrayHasKey\\(\\) with 2 and PhpMyAdmin\\\\SqlParser\\\\TokensList will always evaluate to false\\.$#"
-			count: 1
-			path: tests/Lexer/TokensListTest.php
-
-		-
-			message: "#^Call to method PHPUnit\\\\Framework\\\\Assert\\:\\:assertArrayHasKey\\(\\) with 112 and PhpMyAdmin\\\\SqlParser\\\\UtfString will always evaluate to false\\.$#"
-			count: 1
-			path: tests/Misc/UtfStringTest.php
-
 		-
 			message: "#^Cannot call method has\\(\\) on PhpMyAdmin\\\\SqlParser\\\\Components\\\\OptionsArray\\|null\\.$#"
 			count: 1

diff --git a/psalm-baseline.xml b/psalm-baseline.xml
@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<files psalm-version="5.14.1@b9d355e0829c397b9b3b47d0c0ed042a8a70284d">
+<files psalm-version="5.15.0@5c774aca4746caf3d239d9c8cadb9f882ca29352">
   <file src="src/Components/AlterOperation.php">
     <InvalidPropertyAssignmentValue>
       <code><![CDATA[[

diff --git a/src/Context.php b/src/Context.php
@@ -10,6 +10,7 @@
 use function intval;
 use function is_int;
 use function is_numeric;
+use function preg_match;
 use function str_replace;
 use function str_starts_with;
 use function strlen;
@@ -675,7 +676,11 @@ private static function getModeFromString(string $mode): int
      */
     public static function escape(string $str, string $quote = '`')
     {
-        if ((static::$mode & self::SQL_MODE_NO_ENCLOSING_QUOTES) && (! static::isKeyword($str, true))) {
+        if (
+            (static::$mode & self::SQL_MODE_NO_ENCLOSING_QUOTES) && ! (
+                static::isKeyword($str, true) || static::doesIdentifierRequireQuoting($str)
+            )
+        ) {
             return $str;
         }
 
@@ -727,4 +732,9 @@ public static function hasMode(int|null $flag = null): bool
 
         return (self::$mode & $flag) === $flag;
     }
+
+    public static function doesIdentifierRequireQuoting(string $identifier): bool
+    {
+        return preg_match('/^[$]|^\d+$|[^0-9a-zA-Z$_\x80-\xffff]/', $identifier) === 1;
+    }
 }
diff --git a/tests/Lexer/ContextTest.php b/tests/Lexer/ContextTest.php
@@ -217,6 +217,10 @@ public function testEscape(): void
     {
         Context::setMode(Context::SQL_MODE_NO_ENCLOSING_QUOTES);
         $this->assertEquals('test', Context::escape('test'));
+        $this->assertEquals('`123`', Context::escape('123'));
+        $this->assertEquals('`$test`', Context::escape('$test'));
+        $this->assertEquals('`te st`', Context::escape('te st'));
+        $this->assertEquals('`te.st`', Context::escape('te.st'));
 
         Context::setMode(Context::SQL_MODE_ANSI_QUOTES);
         $this->assertEquals('"test"', Context::escape('test'));