Mssql - fix escape() and add support for unicode chars

[csthomas]

Pull Request for better version of #13534

Summary of Changes

• Fix escape sequences - see https://support.microsoft.com/en-us/kb/164291
• Repair $db->escape()
• stripslashes() added in Add stripslashes to mssql result columns #13534 is now not needed
• In $db->quote() add prefix N, means instead column = 'text' there will be column = N'text' which add support for unicode, international chars (ex. Polish chars ąęćółńżź)

Testing Instructions

1. Install fresh joomla staging, (if you have installed joomla with some modification in database then JSON Decode error may occur).
2. Edit or add some article:

• change Meta Description field to (add some national chars like ąęśżźół):

xęą
\
\
x

• change Title to "TEST 1 - ale[x]"

3. Save and check result.
4. You should see that Meta Description field is not saved properly (new line has been removed, national chars disapears).
5. Edit template file at templates/protostar/index.php
6. Add php code at the bottom of the file (before </body>):

<?php
$db = JFactory::getDbo();
$query = $db->getQuery(true)
	->select('title')
	->from('#__content')
	->where('title LIKE ' . $db->quote('%' . $db->escape('ale[x]', true) . '%', false));

$title = $db->setQuery($query)->loadResult() ?: 'NOT FOUND';
echo '<p>Result 1: "' . $title . '"</p>';

$query = $db->getQuery(true)
	->select('COUNT(*)')
	->from('#__content')
	->where('title LIKE ' . $db->quote('%' . $db->escape('%%%', true) . '%', false));

echo '<p>Result 2: "' . $db->setQuery($query)->loadResult() . '"</p>';
?>

7. Go to front page and check results:

• Result 1: "NOT FOUND"
• Result 2: "67"
  or similar (number bigger than 0) - sample testing data installed

8. Apply current PR by PatchTester.
9. Repeat point 2,3,4. Now Meta Description is saved OK.
10. Set Content Rights field (json column) to:

Author\"\
rights.

Note: If you added above text before applying patch you get Json error on joomla with applied patch. Before adding patch please reset that field.
11. Save and check whether content rights is correct.
12. Go to front page and check results:

• Result 1: "TEST 1 - ale[x]"
• Result 2: "0"

Explanation for tests:

• %%% - there is no article with text '%%%' and should not found any articles. If found then escape does not work if correct way.
• ale[x] - should find one article because there is one title with these chars. But before patch it treats brackets as a special chars and try to find only "alex".
• backslash at the end of line test fix for https://support.microsoft.com/en-us/kb/164291
• Content Rights - is stored, encoded to json. This test check whether json which contains backslashes or quotes works correctly.

Documentation Changes Required

N/A

[waader]

I have different results for step 7 and step 12:

Step 7:
Result 1: "TEST 1 - ale[x]"
"67"

Step12:
Result 1: "NOT FOUND"
Result 2: "0"

The rest works as described.

[csthomas]

This is OK, you have in total 67 articles, I had 75 articles.
sql LIKE '%%%' found al your articles.

[csthomas]

wait a moment

[csthomas]

You talk about Result 2: "67" where I got 75? Right?

[waader]

No, I talk about Result 1. My results a different then yours.

[csthomas]

Last time I added unicode support, it may change that. I'm checking it.

[csthomas]

Do you have title of article "TEST 1 - ale[x]" <- brackets are important to test it.
Result as you get - I think that you may forget add brackets in article title. If not I will search more.

[waader]

I do have the brackets in the title.

[csthomas]

which database do you use: local SQL Server or Azure? If SQL server then what version?

[waader]

SQL Server 2008 R2

[csthomas]

I have rebased PR and improved a test instruction.
But there is no changes that could return your result.

I based on https://msdn.microsoft.com/library/ms179859.aspx where [ has to be escaped like [[].
The same is for % and _.

I will wait for next test. May it resolve something.

[photodude]

It would be a good idea to rebase this now that AppVeyor is CI testing our unit test suite with MSSQL

[photodude]

@csthomas can you comment on the unit test failure on the Framework version?
https://ci.appveyor.com/project/photodude/database/build/1.0.67/job/l64qi7ws1j9ghi8b#L898
Do we just need to change the unit test to have brackets around the % char? % vs [%]

[csthomas]

For mssql LIKE clause you have to escape 3 chars: _,% and [ because it is a default escape char.
% -> [%]
_ -> [_]
[ -> [[]

[csthomas]

Now AppVeyor is happy:)

[photodude]

do we also need ] to be escaped?

array('[', ']',   '_',   '%'),
array('[[]', '[]]''[_]', '[%]'),

[csthomas]

No.
According to doc https://msdn.microsoft.com/library/ms179859.aspx#Anchor_7
and my own tests.

[photodude]

Thanks for the clarification

[photodude]

Looks good on code review

[csthomas]

@alikon You can test and confirm or not waader results?

[waader]

I have tested this item ✅ successfully on 8d12824

I retested your patch with a new checkout and now I get your results. One thing that´s obviously different to your environment is, that I get a 404 component not found error in frontend with no testing data installed. So I am curious: what database version are you using?

---

_{This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/13585.}

[csthomas]

Not installed sample data probably is a reason
but IIRC every article without set up publish_down is treats on mssql as expired (datetime type should be change to datetime2 - for now joomla is waiting for that)

My system is linux with installed mssql on it.

[waader]

As I have no sample data installed the difference most likely is the runtime environment. I will dig into it when I have more time.

[wilsonge]

Given this only affects SQLServer I'm going to merge this with the code review and the one good test

[csthomas]

Thanks now I can go forward and complete next one #13262 as I mentioned.