Skip to content
This repository was archived by the owner on Dec 15, 2022. It is now read-only.

Revert SQL-related changes from last year #359

Merged
merged 2 commits into from
Mar 30, 2021
Merged

Revert SQL-related changes from last year #359

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
e2a3edc
Revert pull requests #330 and #332
Ingramz Apr 6, 2019
216e87d
Fix indent
Ingramz Apr 6, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
89 changes: 0 additions & 89 deletions grammars/html.cson
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,95 +48,6 @@
'include': '#php-tag'
}
]
'L:source.php string.quoted.single.sql.php source.sql.embedded.php':
'patterns': [
{
'match': '(#)(\\\\\'|[^\'])*(?=\'|$)'
'name': 'comment.line.number-sign.sql'
'captures':
'1':
'name': 'punctuation.definition.comment.sql'
}
{
'match': '(--)(\\\\\'|[^\'])*(?=\'|$)'
'name': 'comment.line.double-dash.sql'
'captures':
'1':
'name': 'punctuation.definition.comment.sql'
}
{
'match': '\\\\[\\\\\'`"]'
'name': 'constant.character.escape.php'
}
{
# Unclosed strings must be captured to avoid them eating the remainder of the PHP script
# Sample case: $sql = 'SELECT CONCAT(\'"\', TRIM(cr.code)) as code'
'match': '"(?=((\\\\")|[^"\'])*(\'|$))'
'name': 'string.quoted.double.unclosed.sql'
}
]
'L:source.php string.quoted.double.sql.php source.sql.embedded.php':
'patterns': [
{
'match': '(#)(\\\\"|[^"])*(?="|$)'
'name': 'comment.line.number-sign.sql'
'captures':
'1':
'name': 'punctuation.definition.comment.sql'
}
{
'match': '(--)(\\\\"|[^"])*(?="|$)'
'name': 'comment.line.double-dash.sql'
'captures':
'1':
'name': 'punctuation.definition.comment.sql'
}
{
'match': '\\\\[\\\\\'`"]'
'name': 'constant.character.escape.php'
}
{
# language-sql has single-line rules for strings that prevent injections from working; override them
'match': '(\')([^\'\\\\]*)(\')'
'name': 'string.quoted.single.sql'
'captures':
'1':
'name': 'punctuation.definition.string.begin.sql'
'2':
'patterns': [
{
'include': 'source.php#interpolation_double_quoted'
}
]
'3':
'name': 'punctuation.definition.string.end.sql'
}
{
# language-sql has single-line rules for strings that prevent injections from working; override them
'match': '(`)([^`\\\\]*)(`)'
'name': 'string.quoted.other.backtick.sql'
'captures':
'1':
'name': 'punctuation.definition.string.begin.sql'
'2':
'patterns': [
{
'include': 'source.php#interpolation_double_quoted'
}
]
'3':
'name': 'punctuation.definition.string.end.sql'
}
{
# Unclosed strings must be captured to avoid them eating the remainder of the PHP script
# Sample case: $sql = 'SELECT CONCAT(\'"\', TRIM(cr.code)) as code'
'match': '\'(?=((\\\\\')|[^\'"])*("|$))'
'name': 'string.quoted.single.unclosed.sql'
}
{
'include': 'source.php#interpolation_double_quoted'
}
]
'patterns': [
{
'begin': '\\A#!'
Expand Down
85 changes: 83 additions & 2 deletions grammars/php.cson
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2404,7 +2404,59 @@
'name': 'string.quoted.double.sql.php'
'patterns': [
{
# See injections in html.cson for additional patterns
'match': '(#)(\\\\"|[^"])*(?="|$)'
'name': 'comment.line.number-sign.sql'
'captures':
'1':
'name': 'punctuation.definition.comment.sql'
}
{
'match': '(--)(\\\\"|[^"])*(?="|$)'
'name': 'comment.line.double-dash.sql'
'captures':
'1':
'name': 'punctuation.definition.comment.sql'
}
{
'match': '\\\\[\\\\"`\']'
'name': 'constant.character.escape.php'
}
{
# Unclosed strings must be captured to avoid them eating the remainder of the PHP script
# Sample case: $sql = "SELECT * FROM bar WHERE foo = \'" . $variable . "\'"'
'match': '\'(?=((\\\\\')|[^\'"])*("|$))'
'name': 'string.quoted.single.unclosed.sql'
}
{
# Unclosed strings must be captured to avoid them eating the remainder of the PHP script
# Sample case: $sql = "SELECT * FROM bar WHERE foo = \'" . $variable . "\'"'
'match': '`(?=((\\\\`)|[^`"])*("|$))'
'name': 'string.quoted.other.backtick.unclosed.sql'
}
{
'begin': '\''
'end': '\''
'name': 'string.quoted.single.sql'
'patterns': [
{
'include': '#interpolation_double_quoted'
}
]
}
{
'begin': '`'
'end': '`'
'name': 'string.quoted.other.backtick.sql'
'patterns': [
{
'include': '#interpolation_double_quoted'
}
]
}
{
'include': '#interpolation_double_quoted'
}
{
'include': 'source.sql'
}
]
Expand All @@ -2421,7 +2473,36 @@
'name': 'string.quoted.single.sql.php'
'patterns': [
{
# See injections in html.cson for additional patterns
'match': '(#)(\\\\\'|[^\'])*(?=\'|$)'
'name': 'comment.line.number-sign.sql'
'captures':
'1':
'name': 'punctuation.definition.comment.sql'
}
{
'match': '(--)(\\\\\'|[^\'])*(?=\'|$)'
'name': 'comment.line.double-dash.sql'
'captures':
'1':
'name': 'punctuation.definition.comment.sql'
}
{
'match': '\\\\[\\\\\'`"]'
'name': 'constant.character.escape.php'
}
{
# Unclosed strings must be captured to avoid them eating the remainder of the PHP script
# Sample case: $sql = "SELECT * FROM bar WHERE foo = \'" . $variable . "\'"'
'match': '`(?=((\\\\`)|[^`\'])*(\'|$))'
'name': 'string.quoted.other.backtick.unclosed.sql'
}
{
# Unclosed strings must be captured to avoid them eating the remainder of the PHP script
# Sample case: $sql = "SELECT * FROM bar WHERE foo = \'" . $variable . "\'"'
'match': '"(?=((\\\\")|[^"\'])*(\'|$))'
'name': 'string.quoted.double.unclosed.sql'
}
{
'include': 'source.sql'
}
]
Expand Down
Loading