Allow string concatenation in inside sqlpage function parameters

Author: lovasoa

CHANGELOG.md

@@ -5,6 +5,7 @@
  - the default component is now [table](https://sql.ophir.dev/documentation.sql?component=table#component), which makes it extremely easy to display the results of any SQL query. Just write any query in a `.sql` file open it in your browser, and you will see the results displayed in a table, without having to use any SQLPage-specific column names or attributes.
  - Better error messages when a [custom component](https://sql.ophir.dev/custom_components.sql) contains a syntax error. [Fix contributed upstream](https://github.com/sunng87/handlebars-rust/pull/638)
  - Lift a limitation on sqlpage function nesting. In previous versions, some sqlpage functions could not be used inside other sqlpage functions. For instance, `sqlpage.url_encode(sqlpage.exec('my_program'))` used to throw an error saying `Nested exec() function not allowed`. This limitation is now lifted, and you can nest any sqlpage function inside any other sqlpage function.
+ - Allow string concatenation in inside sqlpage function parameters. For instance, `sqlpage.exec('echo', 'Hello ' || 'world')` is now supported, whereas it used to throw an error saying `exec('echo', 'Hello ' || 'world') is not a valid call. Only variables (such as $my_variable) and sqlpage function calls (such as sqlpage.header('my_header')) are supported as arguments to sqlpage functions.`.
 
 ## 0.20.1 (2024-03-23)
 

Cargo.lock

@@ -371,23 +371,54 @@ pub(super) fn extract_integer(
 }
 
 pub(super) fn function_arg_to_stmt_param(arg: &mut FunctionArg) -> Option<StmtParam> {
-    match function_arg_expr(arg) {
-        Some(Expr::Value(Value::Placeholder(placeholder))) => {
+    function_arg_expr(arg).and_then(expr_to_stmt_param)
+}
+
+fn expr_to_stmt_param(arg: &mut Expr) -> Option<StmtParam> {
+    match arg {
+        Expr::Value(Value::Placeholder(placeholder)) => {
             Some(map_param(std::mem::take(placeholder)))
         }
-        Some(Expr::Identifier(ident)) => extract_ident_param(ident),
-        Some(Expr::Function(Function {
+        Expr::Identifier(ident) => extract_ident_param(ident),
+        Expr::Function(Function {
             name: ObjectName(func_name_parts),
             args,
             ..
-        })) if is_sqlpage_func(func_name_parts) => Some(func_call_to_param(
+        }) if is_sqlpage_func(func_name_parts) => Some(func_call_to_param(
             sqlpage_func_name(func_name_parts),
             args.as_mut_slice(),
         )),
-        Some(Expr::Value(Value::SingleQuotedString(param_value))) => {
+        Expr::Value(Value::SingleQuotedString(param_value)) => {
             Some(StmtParam::Literal(std::mem::take(param_value)))
         }
-        _ => None,
+        Expr::BinaryOp {
+            // 'str1' || 'str2'
+            left,
+            op: BinaryOperator::StringConcat,
+            right,
+        } => {
+            let left = expr_to_stmt_param(left)?;
+            let right = expr_to_stmt_param(right)?;
+            Some(StmtParam::Concat(vec![left, right]))
+        }
+        // CONCAT('str1', 'str2', ...)
+        Expr::Function(Function {
+            name: ObjectName(func_name_parts),
+            args,
+            ..
+        }) if func_name_parts.len() == 1
+            && func_name_parts[0].value.eq_ignore_ascii_case("concat") =>
+        {
+            let mut concat_args = Vec::with_capacity(args.len());
+            for arg in args {
+                concat_args.push(function_arg_to_stmt_param(arg)?);
+            }
+            Some(StmtParam::Concat(concat_args))
+        }
+        _ => {
+            log::warn!("Unsupported function argument: {arg}");
+            None
+        }
     }
 }
 
@@ -397,8 +428,10 @@ pub(super) fn stmt_param_error_invalid_arguments(
 ) -> StmtParam {
     StmtParam::Error(format!(
         "{func_name}({}) is not a valid call. \
-        Only variables (such as $my_variable) \
-        and sqlpage function calls (such as sqlpage.header('my_header')) \
+        Only variables (such as $my_variable), \
+        sqlpage function calls (such as sqlpage.header('my_header')), \
+        constants (such as 'my_string'), \
+        and concatenations (such as CONCAT(x, y)) \
         are supported as arguments to sqlpage functions.",
         FormatArguments(arguments)
     ))

src/webserver/database/sql.rs

@@ -40,6 +40,7 @@ pub(super) enum StmtParam {
     EnvironmentVariable(String),
     SqlPageVersion,
     Literal(String),
+    Concat(Vec<StmtParam>),
     UploadedFilePath(String),
     UploadedFileMimeType(String),
     PersistUploadedFile {
@@ -453,6 +454,7 @@ pub(super) async fn extract_req_param<'a>(
             .with_context(|| format!("Unable to read environment variable {var}"))?,
         StmtParam::SqlPageVersion => Some(Cow::Borrowed(env!("CARGO_PKG_VERSION"))),
         StmtParam::Literal(x) => Some(Cow::Owned(x.to_string())),
+        StmtParam::Concat(args) => concat_params(&args[..], request).await?,
         StmtParam::AllVariables(get_or_post) => extract_get_or_post(*get_or_post, request),
         StmtParam::Path => Some(Cow::Borrowed(&request.path)),
         StmtParam::Protocol => Some(Cow::Borrowed(&request.protocol)),
@@ -469,6 +471,20 @@ pub(super) async fn extract_req_param<'a>(
     })
 }
 
+async fn concat_params<'a>(
+    args: &[StmtParam],
+    request: &'a RequestInfo,
+) -> anyhow::Result<Option<Cow<'a, str>>> {
+    let mut result = String::new();
+    for arg in args {
+        let Some(arg) = Box::pin(extract_req_param(arg, request)).await? else {
+            return Ok(None);
+        };
+        result.push_str(&arg);
+    }
+    Ok(Some(Cow::Owned(result)))
+}
+
 fn extract_get_or_post(
     get_or_post: Option<GetOrPost>,
     request: &RequestInfo,

src/webserver/database/sql_pseudofunctions.rs

@@ -0,0 +1,17 @@
+select 'text' as component,
+    'With "||": ' ||
+    CASE sqlpage.url_encode('/' || $x)
+        WHEN '%2F1' THEN 'It works !'
+        ELSE 'Error: "/1" should be urlencoded to "%2F1"'
+    END
+    || ' | With CONCAT: ' ||
+    CASE sqlpage.url_encode(CONCAT('/', $x)) -- $x is set to '1' in the test
+        WHEN '%2F1' THEN 'With CONCAT: It works !'
+        ELSE 'Error: "/1" should be urlencoded to "%2F1"'
+    END
+    || ' | With a null value: ' ||
+    CASE sqlpage.url_encode(CONCAT('/', $thisisnull)) IS NULL
+        WHEN true THEN 'With a null value: It works !'
+        ELSE 'Error: a null value concatenated with "/" should be null, and urlencoded to NULL'
+    END
+    AS contents;