Refs #35842 -- Fixed handling of quotes in JSONField key lookups on Oracle.

2025-10-31 09:41:08 +00:00 · 2024-11-24 20:32:44 +00:00
parent ea34de3bd7
commit b28438f379
3 changed files with 76 additions and 4 deletions
--- a/django/db/backends/sqlite3/features.py
+++ b/django/db/backends/sqlite3/features.py
@@ -50,6 +50,10 @@ class DatabaseFeatures(BaseDatabaseFeatures):
        # The django_format_dtdelta() function doesn't properly handle mixed
        # Date/DateTime fields and timedeltas.
        "expressions.tests.FTimeDeltaTests.test_mixed_comparisons1",
+        # SQLite doesn't parse escaped double quotes in the JSON path notation,
+        # so it cannot match keys that contains double quotes (#35842).
+        "model_fields.test_jsonfield.TestQuerying."
+        "test_lookups_special_chars_double_quotes",
    }
    create_test_table_with_composite_primary_key = """
        CREATE TABLE test_table_composite_pk (
--- a/django/db/models/fields/json.py
+++ b/django/db/models/fields/json.py
@@ -230,10 +230,11 @@ class HasKeyLookup(PostgresOperatorLookup):

    def as_oracle(self, compiler, connection):
        sql, params = self.as_sql(
-            compiler, connection, template="JSON_EXISTS(%s, '%%s')"
+            compiler, connection, template="JSON_EXISTS(%s, q'\uffff%%s\uffff')"
        )
        # Add paths directly into SQL because path expressions cannot be passed
-        # as bind variables on Oracle.
+        # as bind variables on Oracle. Use a custom delimiter to prevent the
+        # JSON path from escaping the SQL literal. See comment in KeyTransform.
        return sql % tuple(params), []

    def as_postgresql(self, compiler, connection):
@@ -362,10 +363,24 @@ class KeyTransform(Transform):
        json_path = compile_json_path(key_transforms)
        if connection.features.supports_primitives_in_json_field:
            sql = (
-                "COALESCE(JSON_VALUE(%s, '%s'), JSON_QUERY(%s, '%s' DISALLOW SCALARS))"
+                "COALESCE("
+                "JSON_VALUE(%s, q'\uffff%s\uffff'),"
+                "JSON_QUERY(%s, q'\uffff%s\uffff' DISALLOW SCALARS)"
+                ")"
            )
        else:
-            sql = "COALESCE(JSON_QUERY(%s, '%s'), JSON_VALUE(%s, '%s'))"
+            sql = (
+                "COALESCE("
+                "JSON_QUERY(%s, q'\uffff%s\uffff'),"
+                "JSON_VALUE(%s, q'\uffff%s\uffff')"
+                ")"
+            )
+        # Add paths directly into SQL because path expressions cannot be passed
+        # as bind variables on Oracle. Use a custom delimiter to prevent the
+        # JSON path from escaping the SQL literal. Each key in the JSON path is
+        # passed through json.dumps() with ensure_ascii=True (the default),
+        # which converts the delimiter into the escaped \uffff format. This
+        # ensures that the delimiter is not present in the JSON path.
        return sql % ((lhs, json_path) * 2), tuple(params) * 2

    def as_postgresql(self, compiler, connection):