Invalid SQL creation with reserved words
|Priority:||Must have||Due date:|
When a reserved MySQL (key)word is used as a Modelname, the SQL that is generated is not escaped.
Either usage of these words shoudn't be allowed as a name for the model, or the generated SQL should be properly escaped with backtics.
Steps to reproduce:¶(See attached screenshot for clarity.)
- Open the Extension Builder in Domain Modelling view.
- Create a dummy extension with two models.
- Call one of the models 'Option', give the other an arbitrary name ('Dummy' for example).
- Add a relation in the 'Option' model to the 'Dummy' model with Type '1:n'.
- Save the model.
Resulting SQL for the Dummy model:¶
# # Table structure for table 'tx_dummy_domain_model_dummy' # CREATE TABLE tx_dummy_domain_model_dummy ( uid int(11) NOT NULL auto_increment, pid int(11) DEFAULT '0' NOT NULL, option int(11) unsigned DEFAULT '0' NOT NULL, [...]Loads of default fields[...] );
# # Table structure for table 'tx_dummy_domain_model_dummy' # CREATE TABLE tx_dummy_domain_model_dummy ( uid int(11) NOT NULL auto_increment, pid int(11) DEFAULT '0' NOT NULL, `option` int(11) unsigned DEFAULT '0' NOT NULL, [...]Loads of default fields[...] );
|related to Core - Bug #34557: Missing backticks in t3lib_install_Sql->getUpdateSuggestions||Under Review||2012-03-06|
Updated by Matthias Hogerheijde 12 months ago
I've tried to change the template, in order to add the backtics. This doesn't work apparently, because TYPO3 parses the SQL and strips the backtics. (Which is strange behaviour if you ask me..).
This would mean that reserved words shoudn't be allowed for model names as wel. The same strategy as used for reserved words in properties could be used. (i.e. prefixing with the extension key).
Updated by Nico de Haen 11 months ago
- Status changed from New to Accepted
There is a ChangeRequest hanging in Gerrit to solve this issue in the Core, but so far I got no feedback for it...