Issue #3190285 by mondrake, anmolgoyal74, daffie: Entity QueryAggregate does not escape the field

d99b12fb · catch · 1e1d9a9f · d99b12fb · d99b12fb · d99b12fb
Commit d99b12fb authored Jan 15, 2021 by catch
3 changed files
--- a/core/lib/Drupal/Core/Entity/Query/Sql/ConditionAggregate.php
+++ b/core/lib/Drupal/Core/Entity/Query/Sql/ConditionAggregate.php
@@ -38,7 +38,8 @@ public function compile($conditionContainer) {
        $condition_class::translateCondition($condition, $sql_query, $tables->isFieldCaseSensitive($condition['field']));
        $function = $condition['function'];
        $placeholder = ':db_placeholder_' . $conditionContainer->nextPlaceholder();
-        $conditionContainer->having("$function($field) {$condition['operator']} $placeholder", [$placeholder => $condition['value']]);
+        $sql_field_escaped = '[' . str_replace('.', '].[', $field) . ']';
+        $conditionContainer->having("$function($sql_field_escaped) {$condition['operator']} $placeholder", [$placeholder => $condition['value']]);
      }
    }
  }

--- a/core/lib/Drupal/Core/Entity/Query/Sql/QueryAggregate.php
+++ b/core/lib/Drupal/Core/Entity/Query/Sql/QueryAggregate.php
@@ -75,7 +75,8 @@ protected function addAggregate() {
    if ($this->aggregate) {
      foreach ($this->aggregate as $aggregate) {
        $sql_field = $this->getSqlField($aggregate['field'], $aggregate['langcode']);
-        $this->sqlExpressions[$aggregate['alias']] = $aggregate['function'] . "($sql_field)";
+        $sql_field_escaped = '[' . str_replace('.', '].[', $sql_field) . ']';
+        $this->sqlExpressions[$aggregate['alias']] = $aggregate['function'] . "($sql_field_escaped)";
      }
    }
    return $this;

--- a/core/tests/Drupal/KernelTests/Core/Entity/EntityQueryAggregateTest.php
+++ b/core/tests/Drupal/KernelTests/Core/Entity/EntityQueryAggregateTest.php
@@ -131,10 +131,14 @@ public function testAggregation() {

    // Apply a simple aggregation for different aggregation functions.
    foreach ($function_expected as $aggregation_function => $expected) {
-      $this->queryResult = $this->entityStorage->getAggregateQuery()
-        ->aggregate('id', $aggregation_function)
-        ->execute();
-      $this->assertEqual($this->queryResult, $expected);
+      $query = $this->entityStorage->getAggregateQuery()
+        ->aggregate('id', $aggregation_function);
+      $this->queryResult = $query->execute();
+      // We need to check that a character exists before and after the table,
+      // column and alias identifiers. These would be the quote characters
+      // specific for each database system.
+      $this->assertRegExp('/' . $aggregation_function . '\(.entity_test.\..id.\) AS .id_' . $aggregation_function . './', (string) $query, 'The argument to the aggregation function should be a quoted field.');
+      $this->assertEquals($expected, $this->queryResult);
    }

    // Apply aggregation and groupby on the same query.