Fix escaping for helpers and listen

porsager · porsager · commit 00a10b2d06cd · 2021-03-23T22:01:34.000+01:00
fixes #157 and #57 and #97 and #111 and #71
diff --git a/lib/types.js b/lib/types.js
@@ -66,24 +66,7 @@ function typeHandlers(types) {
 }
 
 module.exports.escape = function escape(str) {
-  let result = ''
-  let q = str[0] < 10 || str[0] === '$'
-  let last = 0
-  let c
-
-  for (let i = 0; i < str.length; i++) {
-    c = str[i].charCodeAt(0)
-    if (str[i] === '"') {
-      q = true
-      result += str.slice(last, i) + '"'
-      last = i
-    } else if (c === 96 || (c !== 36 && c <= 47) || (c >= 58 && c <= 64)
-           || (c >= 91 && c <= 94) || (c >= 123 && c <= 128)) {
-      q = true
-    }
-  }
-
-  return (q ? '"' : '') + (q ? result + str.slice(last, str.length) : str) + (q ? '"' : '')
+  return '"' + str.replace(/"/g, '""') + '"'
 }
 
 const type = {
diff --git a/tests/index.js b/tests/index.js
@@ -578,6 +578,13 @@ t('listen and notify with weird name', async() => {
   )]
 })
 
+t('listen and notify with upper case', async() =>
+  ['works', await new Promise(async resolve => {
+    await sql.listen('withUpperChar', resolve)
+    sql.notify('withUpperChar', 'works')
+  })]
+)
+
 t('listen reconnects', async() => {
   const listener = postgres(options)
       , xs = []
@@ -731,6 +738,18 @@ t('sql().finally throws not tagged error', async() => {
   return ['NOT_TAGGED_CALL', error]
 })
 
+t('little bobby tables', async() => {
+  const name = 'Robert\'); DROP TABLE students;--'
+
+  await sql`create table students (name text, age int)`
+  await sql`insert into students (name) values (${ name })`
+
+  return [
+    name, (await sql`select name from students`)[0].name,
+    await sql`drop table students`
+  ]
+})
+
 t('dynamic column name', async() => {
   return ['!not_valid', Object.keys((await sql`select 1 as ${ sql('!not_valid') }`)[0])[0]]
 })
