diff --git a/src/MigrationCore.php b/src/MigrationCore.php index d346ba0..7d12bfe 100644 --- a/src/MigrationCore.php +++ b/src/MigrationCore.php @@ -119,6 +119,10 @@ private function executeQueryFile(string $filename): void $start = 0; $end = 0; } else { + $line = trim((string)preg_replace('/--.*/', '', $line)); + if ($line === '') { + continue; + } $start = $start > 0 ? $start : $index; $end = $index; $current_request .= $current_request !== '' ? PHP_EOL : ''; diff --git a/test/MigrationCoreSecurityTest.php b/test/MigrationCoreSecurityTest.php index fcef32d..117e097 100644 --- a/test/MigrationCoreSecurityTest.php +++ b/test/MigrationCoreSecurityTest.php @@ -143,4 +143,41 @@ public function testUntamperedMigrationDoesNotRaiseException(): void $this->runSilent($core); $this->addToAssertionCount(1); } + + // ------------------------------------------------------------------------- + // Nettoyage des commentaires SQL + // ------------------------------------------------------------------------- + + public function testSqlLineCommentIsStripped(): void + { + $sql = "CREATE TABLE comment_test (id INTEGER PRIMARY KEY) -- cette table est un test"; + $this->createSqlFile($sql); + $core = $this->makeCoreWithDb(); + $this->runSilent($core); + $this->addToAssertionCount(1); + } + + public function testFullyCommentedOutQueryIsIgnored(): void + { + $sql = "CREATE TABLE comment_only_test (id INTEGER PRIMARY KEY)\n---\n-- DROP TABLE comment_only_test"; + $this->createSqlFile($sql); + $core = $this->makeCoreWithDb(); + $this->runSilent($core); + $this->addToAssertionCount(1); + } + + public function testMixedCommentAndRealSqlExecutesCorrectly(): void + { + $sql = implode("\n", [ + '-- création de la table', + 'CREATE TABLE mixed_comment_test (id INTEGER PRIMARY KEY)', + '---', + '-- requête mise en commentaire', + '-- DROP TABLE mixed_comment_test', + ]); + $this->createSqlFile($sql); + $core = $this->makeCoreWithDb(); + $this->runSilent($core); + $this->addToAssertionCount(1); + } }