manually merge upstream

mikesamuel · mikesamuel · commit 983034c84ca4 · 2018-02-26T14:42:42.000-05:00
diff --git a/.eslintrc b/.eslintrc
@@ -4,6 +4,7 @@
   },
   "rules": {
     "comma-dangle": [2, "never"],
+    "comma-spacing": ["error", { "before": false, "after": true }],
     "consistent-return": 2,
     "eqeqeq": [2, "allow-null"],
     "indent": [2, 2, { "VariableDeclarator": 2, "SwitchCase": 1 }],
diff --git a/.travis.yml b/.travis.yml
@@ -9,9 +9,10 @@ node_js:
   - "3.3"
   - "4.8"
   - "5.12"
-  - "6.11"
+  - "6.13"
   - "7.10"
-  - "8.6"
+  - "8.9"
+  - "9.6"
 sudo: false
 dist: precise
 cache:
diff --git a/HISTORY.md b/HISTORY.md
@@ -1,3 +1,8 @@
+2.3.1 / 2018-02-24
+==================
+
+  * Fix incorrectly replacing non-placeholders in SQL
+
 2.3.0 / 2017-10-01
 ==================
 
diff --git a/lib/SqlString.js b/lib/SqlString.js
@@ -99,13 +99,19 @@ SqlString.format = function format(sql, values, stringifyObjects, timeZone) {
   }
 
   var chunkIndex        = 0;
-  var placeholdersRegex = /\?\??/g;
+  var placeholdersRegex = /\?+/g;
   var result            = '';
   var valuesIndex       = 0;
   var match;
 
   while (valuesIndex < values.length && (match = placeholdersRegex.exec(sql))) {
-    var value = match[0] === '??'
+    var len = match[0].length;
+
+    if (len > 2) {
+      continue;
+    }
+
+    var value = len === 2
       ? SqlString.escapeId(values[valuesIndex])
       : SqlString.escape(values[valuesIndex], stringifyObjects, timeZone);
 
diff --git a/package.json b/package.json
@@ -1,7 +1,7 @@
 {
   "name": "sqlstring",
   "description": "Simple SQL escape and format for MySQL",
-  "version": "2.3.0",
+  "version": "2.3.1",
   "contributors": [
     "Adri Van Houdt <adri.van.houdt@gmail.com>",
     "Douglas Christopher Wilson <doug@somethingdoug.com>",
@@ -24,7 +24,7 @@
   "devDependencies": {
     "beautify-benchmark": "0.2.4",
     "benchmark": "2.1.4",
-    "eslint": "4.8.0",
+    "eslint": "4.18.1",
     "eslint-plugin-markdown": "1.0.0-beta.6",
     "nyc": "10.3.2",
     "urun": "0.0.8",
diff --git a/test/unit/test-SqlString.js b/test/unit/test-SqlString.js
@@ -113,7 +113,7 @@ test('SqlString.escape', {
   },
 
   'nested arrays are turned into grouped lists': function() {
-    assert.equal(SqlString.escape([[1,2,3], [4,5,6], ['a', 'b', {nested: true}]]), "(1, 2, 3), (4, 5, 6), ('a', 'b', '[object Object]')");
+    assert.equal(SqlString.escape([[1, 2, 3], [4, 5, 6], ['a', 'b', {nested: true}]]), "(1, 2, 3), (4, 5, 6), ('a', 'b', '[object Object]')");
   },
 
   'nested objects inside arrays are cast to strings': function() {
@@ -278,6 +278,11 @@ test('SqlString.format', {
     });
   },
 
+  'triple question marks are ignored': function () {
+    var sql = SqlString.format('? or ??? and ?', ['foo', 'bar', 'fizz', 'buzz']);
+    assert.equal(sql, "'foo' or ??? and 'bar'");
+  },
+
   'extra question marks are left untouched': function() {
     var sql = SqlString.format('? and ?', ['a']);
     assert.equal(sql, "'a' and ?");
