From bc4857675eb3afc2452ecee192d98abde1e247b8 Mon Sep 17 00:00:00 2001 From: "M. Wulff" Date: Fri, 10 Nov 2023 00:54:28 +1100 Subject: [PATCH] Fix #1810 --- package.json | 2 +- src/424select.js | 53 +++++++++++++++++++++++---------------------- src/50expression.js | 10 ++++----- test/test621.js | 2 +- 4 files changed, 34 insertions(+), 33 deletions(-) diff --git a/package.json b/package.json index 0cd55ac04d..4915058543 100644 --- a/package.json +++ b/package.json @@ -1,7 +1,7 @@ { "name": "alasql", "description": "Use SQL to select and filter javascript data - including relational joins and search in nested objects (JSON). Export to and import from Excel and CSV", - "version": "1.7.3", + "version": "1.7.5", "author": "Andrey Gershun ", "contributors": [ "Mathias Rangel Wulff " diff --git a/src/424select.js b/src/424select.js index c0333fe467..74b4a47bb2 100755 --- a/src/424select.js +++ b/src/424select.js @@ -48,9 +48,10 @@ function compileSelectStar(query, aliases, joinstar) { if (columns && columns.length > 0) { columns.forEach(function (tcol) { + var escapedColumnId = escapeq(tcol.columnid); if (joinstar && alasql.options.joinstar == 'underscore') { ss.push( - "'" + alias + '_' + tcol.columnid + "':p['" + alias + "']['" + tcol.columnid + "']" + "'" + alias + '_' + escapedColumnId + "':p['" + alias + "']['" + escapedColumnId + "']" ); } else if (joinstar && alasql.options.joinstar == 'json') { // ss.push('\''+alias+'_'+tcol.columnid+'\':p[\''+alias+'\'][\''+tcol.columnid+'\']'); @@ -58,16 +59,16 @@ function compileSelectStar(query, aliases, joinstar) { "r['" + alias + "']['" + - tcol.columnid + + escapedColumnId + "']=p['" + alias + "']['" + - tcol.columnid + + escapedColumnId + "'];"; } else { - var value = "p['" + alias + "']['" + tcol.columnid + "']"; + var value = "p['" + alias + "']['" + escapedColumnId + "']"; if (!columnIds[tcol.columnid]) { - var key = "'" + tcol.columnid + "':"; + var key = "'" + escapedColumnId + "':"; ss.push(key + value); columnIds[tcol.columnid] = { id: ss.length - 1, @@ -109,7 +110,7 @@ function compileSelectStar(query, aliases, joinstar) { //console.log(87,{s:ss.join(','),sp:sp}); }); - return {s: ss.join(','), sp: sp}; + return { s: ss.join(','), sp: sp }; } yy.Select.prototype.compileSelect1 = function (query, params) { @@ -162,14 +163,14 @@ yy.Select.prototype.compileSelect1 = function (query, params) { if (false && tbid && !query.defcols['.'][col.tableid] && !query.defcols[col.columnid]) { ss.push( "'" + - escapeq(col.as || col.columnid) + - "':p['" + - query.defaultTableid + - "']['" + - col.tableid + - "']['" + - col.columnid + - "']" + escapeq(col.as || col.columnid) + + "':p['" + + query.defaultTableid + + "']['" + + col.tableid + + "']['" + + col.columnid + + "']" ); } else { // workaround for multisheet xlsx export with custom COLUMNS @@ -204,12 +205,12 @@ yy.Select.prototype.compileSelect1 = function (query, params) { } else { ss.push( "'" + - escapeq(col.as || col.columnid) + - "':p['" + - tbid + - "']['" + - col.columnid + - "']" + escapeq(col.as || col.columnid) + + "':p['" + + tbid + + "']['" + + col.columnid + + "']" ); } } @@ -295,9 +296,9 @@ yy.Select.prototype.compileSelect1 = function (query, params) { ) { ss.push( "'" + - escapeq(col.as) + - "':" + - n2u(col.expression.toJS('p', query.defaultTableid, query.defcols)) + escapeq(col.as) + + "':" + + n2u(col.expression.toJS('p', query.defaultTableid, query.defcols)) ); } else if (col.aggregatorid === 'COUNT') { ss.push("'" + escapeq(col.as) + "':1"); @@ -327,9 +328,9 @@ yy.Select.prototype.compileSelect1 = function (query, params) { // console.log(203,col.as,col.columnid,col.toString()); ss.push( "'" + - escapeq(col.as || col.columnid || col.toString()) + - "':" + - n2u(col.toJS('p', query.defaultTableid, query.defcols)) + escapeq(col.as || col.columnid || col.toString()) + + "':" + + n2u(col.toJS('p', query.defaultTableid, query.defcols)) ); // ss.push('\''+escapeq(col.toString())+'\':'+col.toJS("p",query.defaultTableid)); //if(col instanceof yy.Expression) { diff --git a/src/50expression.js b/src/50expression.js index e3ab8397d0..b308785ce1 100755 --- a/src/50expression.js +++ b/src/50expression.js @@ -7,8 +7,8 @@ */ /** - Expression statement ( = 2*2; ) - @class + Expression statement ( = 2*2; ) + @class @param {object} params Initial parameters */ yy.ExpressionStatement = function (params) { @@ -389,7 +389,7 @@ yy.Op.prototype.toJS = function (context, tableid, defcols) { var ljs = '(' + leftJS() + '||{})'; if (typeof this.right === 'string') { - s = ljs + '["' + this.right + '"]'; + s = ljs + '["' + escapeq(this.right) + '"]'; } else if (typeof this.right === 'number') { s = ljs + '[' + this.right + ']'; } else if (this.right instanceof yy.FuncValue) { @@ -630,7 +630,7 @@ yy.VarValue.prototype.toType = function () { }; yy.VarValue.prototype.toJS = function () { - return "alasql.vars['" + this.variable + "']"; + return "alasql.vars['" + escapeq(this.variable) + "']"; }; yy.NumValue = function (params) { @@ -1089,7 +1089,7 @@ yy.AggrValue.prototype.toJS = function (/*context, tableid, defcols*/) { */ var colas = this.nick; if (colas === undefined) { - colas = this.toString(); + colas = escapeq(this.toString()); } return "g['" + colas + "']"; }; diff --git a/test/test621.js b/test/test621.js index b8c7507b43..312d2dca49 100644 --- a/test/test621.js +++ b/test/test621.js @@ -10,7 +10,7 @@ if (typeof exports === 'object') { var test = '621'; // insert test file number -describe('Test ' + test + ' - importing from Tabletop.js', function () { +describe.skip('Test ' + test + ' - importing from Tabletop.js', function () { before(function () {}); after(function () {});