only escape filters inside logical expressions and in lists

Author: sproctor

Postgrest/src/commonMain/kotlin/io/github/jan/supabase/postgrest/query/filter/FilterOperation.kt

@@ -11,7 +11,7 @@ package io.github.jan.supabase.postgrest.query.filter
  */
 data class FilterOperation(val column: String, val operator: FilterOperator, val value: Any?)
 
-fun FilterOperation.escapedValue(): String =
+fun FilterOperation.escapedValue(isInLogicalExpression: Boolean): String =
     when (operator) {
         FilterOperator.EQ,
         FilterOperator.NEQ,
@@ -23,8 +23,15 @@ fun FilterOperation.escapedValue(): String =
         FilterOperator.ILIKE,
         FilterOperator.MATCH,
         FilterOperator.IMATCH,
-        FilterOperator.IS ->
-            escapeValue(value)
+        FilterOperator.IS,
+        FilterOperator.FTS,
+        FilterOperator.WFTS,
+        FilterOperator.PHFTS,
+        FilterOperator.PLFTS ->
+            if (isInLogicalExpression)
+                escapeValue(value)
+            else
+                value.toString()
         FilterOperator.IN ->
             if (value is List<*>) {
                 encodeAsList(value)
@@ -35,9 +42,15 @@ fun FilterOperation.escapedValue(): String =
         FilterOperator.CD,
         FilterOperator.OV ->
             when (value) {
-                is List<*> -> encodeOverlapAsArray(value)
-                is Pair<*, *> -> encodeOverlapAsRange(value)
-                else -> escapeValue(value)
+                is List<*> ->
+                    encodeOverlapAsArray(value)
+                is Pair<*, *> ->
+                    encodeOverlapAsRange(value)
+                else ->
+                    if (isInLogicalExpression)
+                        escapeValue(value)
+                    else
+                        value.toString()
             }
         FilterOperator.SL,
         FilterOperator.SR,
@@ -49,35 +62,30 @@ fun FilterOperation.escapedValue(): String =
                 is List<*> -> encodeAsRange(value)
                 else -> escapeValue(value)
             }
-        FilterOperator.FTS,
-        FilterOperator.WFTS,
-        FilterOperator.PHFTS,
-        FilterOperator.PLFTS ->
-            escapeValue(value) // Do these need special handling?
     }
 
 private fun encodeAsList(values: List<*>): String =
     values.joinToString(",", prefix = "(", postfix = ")") { escapeValue(it) }
 
 private fun encodeAsRange(range: Pair<*, *>): String =
-    "(${escapeValue(range.first)},${escapeValue(range.second)})"
+    "(${range.first},${range.second})"
 
 private fun encodeAsRange(range: List<*>): String =
-    "(${escapeValue(range[0])},${escapeValue(range[1])})"
+    "(${range[0]},${range[1]})"
 
 private fun encodeOverlapAsRange(range: Pair<*, *>): String =
-    "[${escapeValue(range.first)},${escapeValue(range.second)}]"
+    "[${range.first},${range.second}]"
 
 private fun encodeOverlapAsArray(values: List<*>): String =
-    values.joinToString(",", prefix = "{", postfix = "}") { escapeValue(it) }
+    values.joinToString(",", prefix = "{", postfix = "}")
 
 private val quotedCharacters = listOf(",", ".", ":", "(", ")")
 
 internal fun escapeValue(value: Any?): String {
     val asString = value.toString()
         .replace("\\", "\\\\")
         .replace("\"", "\\\"")
-    return if (value !is Number && quotedCharacters.any { asString.contains(it) }) {
+    return if (quotedCharacters.any { asString.contains(it) }) {
         "\"$asString\""
     } else {
         asString

Postgrest/src/commonMain/kotlin/io/github/jan/supabase/postgrest/query/filter/PostgrestFilterBuilder.kt

@@ -28,7 +28,7 @@ class PostgrestFilterBuilder(
      */
     fun filterNot(operation: FilterOperation) {
         val columnValue = params[operation.column] ?: emptyList()
-        _params[operation.column] = columnValue + listOf("not.${operation.operator.identifier}.${operation.escapedValue()}")
+        _params[operation.column] = columnValue + listOf("not.${operation.operator.identifier}.${operation.escapedValue(isInLogicalExpression)}")
     }
 
     /**
@@ -43,7 +43,7 @@ class PostgrestFilterBuilder(
      */
     fun filter(operation: FilterOperation) {
         val columnValue = params[operation.column] ?: emptyList()
-        _params[operation.column] = columnValue + listOf("${operation.operator.identifier}.${operation.escapedValue()}")
+        _params[operation.column] = columnValue + listOf("${operation.operator.identifier}.${operation.escapedValue(isInLogicalExpression)}")
     }
 
     /**

Postgrest/src/commonTest/kotlin/PostgrestFilterBuilderTest.kt

@@ -38,15 +38,15 @@ class PostgrestFilterBuilderTest {
         val filter = filterToString {
             eq("id", "2004-09-16T23:59:58.75")
         }
-        assertEquals("id=eq.\"2004-09-16T23:59:58.75\"", filter)
+        assertEquals("id=eq.2004-09-16T23:59:58.75", filter)
     }
 
     @Test
     fun eq_quoted() {
         val filter = filterToString {
-            eq("id", "Hello, \"World\"")
+            isIn("id", listOf("Hello, \"World\"", "."))
         }
-        assertEquals("id=eq.\"Hello,+\\\"World\\\"\"", filter)
+        assertEquals("id=in.(\"Hello,+\\\"World\\\"\",\".\")", filter)
     }
 
     @Test

Realtime/src/commonMain/kotlin/io/github/jan/supabase/realtime/PostgresChangeFilter.kt

@@ -35,7 +35,7 @@ class PostgresChangeFilter(private val event: String, private val schema: String
             FilterOperator.LT,
             FilterOperator.LTE,
             FilterOperator.IN ->
-                filter.escapedValue()
+                filter.escapedValue(false)
             else -> throw UnsupportedOperationException("Unsupported filter operator: ${filter.operator}")
         }
         this.filter = "${filter.column}=${filter.operator.name.lowercase()}.$filterValue"