fix: Incorrect results when ParseQuery contains special characters (#866)

Author: Nidal-Bakir

packages/dart/CHANGELOG.md

@@ -1,3 +1,9 @@
+## [5.1.2](https://github.com/parse-community/Parse-SDK-Flutter/compare/dart-5.1.1...dart-5.1.2) (2023-05-29)
+
+### Bug Fixes
+
+* Incorrect results when `ParseQuery` contains special characters ([#866](https://github.com/parse-community/Parse-SDK-Flutter/pull/866))
+
 ## [5.1.1](https://github.com/parse-community/Parse-SDK-Flutter/compare/dart-5.1.0...dart-5.1.1) (2023-05-20)
 
 ### Bug Fixes

packages/dart/lib/src/base/parse_constants.dart

@@ -1,7 +1,7 @@
 part of flutter_parse_sdk;
 
 // Library
-const String keySdkVersion = '5.1.1';
+const String keySdkVersion = '5.1.2';
 const String keyLibraryName = 'Flutter Parse SDK';
 
 // End Points

packages/dart/lib/src/network/parse_query.dart

@@ -116,32 +116,49 @@ class QueryBuilder<T extends ParseObject> {
     limiters['include'] = concatenateArray(objectTypes);
   }
 
-  /// Returns an object where the [String] column starts with [value]
-  void whereStartsWith(String column, String query,
-      {bool caseSensitive = false}) {
+  /// Add a constraint for finding objects where the String value in [column]
+  /// starts with [prefix]
+  void whereStartsWith(
+    String column,
+    String prefix, {
+    bool caseSensitive = false,
+  }) {
+    prefix = Uri.encodeComponent(prefix);
+
     if (caseSensitive) {
       queries.add(MapEntry<String, dynamic>(
-          _singleQuery, '"$column":{"\$regex": "^$query"}'));
+          _singleQuery, '"$column":{"\$regex": "^$prefix"}'));
     } else {
       queries.add(MapEntry<String, dynamic>(
-          _singleQuery, '"$column":{"\$regex": "^$query", "\$options": "i"}'));
+          _singleQuery, '"$column":{"\$regex": "^$prefix", "\$options": "i"}'));
     }
   }
 
-  /// Returns an object where the [String] column ends with [value]
-  void whereEndsWith(String column, String query,
-      {bool caseSensitive = false}) {
+  /// Add a constraint for finding objects where the String value in [column]
+  /// ends with [prefix]
+  void whereEndsWith(
+    String column,
+    String prefix, {
+    bool caseSensitive = false,
+  }) {
+    prefix = Uri.encodeComponent(prefix);
+
     if (caseSensitive) {
       queries.add(MapEntry<String, dynamic>(
-          _singleQuery, '"$column":{"\$regex": "$query\$"}'));
+          _singleQuery, '"$column":{"\$regex": "$prefix\$"}'));
     } else {
-      queries.add(MapEntry<String, dynamic>(
-          _singleQuery, '"$column":{"\$regex": "$query\$", "\$options": "i"}'));
+      queries.add(MapEntry<String, dynamic>(_singleQuery,
+          '"$column":{"\$regex": "$prefix\$", "\$options": "i"}'));
     }
   }
 
-  /// Returns an object where the [String] column equals [value]
+  /// Add a constraint to the query that requires a particular [column]'s value
+  /// to be equal to the provided [value]
   void whereEqualTo(String column, dynamic value) {
+    if (value is String) {
+      value = Uri.encodeComponent(value);
+    }
+
     queries.add(_buildQueryWithColumnValueAndOperator(
         MapEntry<String, dynamic>(column, value), _noOperatorNeeded));
   }
@@ -174,8 +191,13 @@ class QueryBuilder<T extends ParseObject> {
         MapEntry<String, dynamic>(column, value), '\$gte'));
   }
 
-  /// Returns an object where the [String] column is not equal to value
+  /// Add a constraint to the query that requires a particular [column]'s value
+  /// to be not equal to the provided [value]
   void whereNotEqualTo(String column, dynamic value) {
+    if (value is String) {
+      value = Uri.encodeComponent(value);
+    }
+
     queries.add(_buildQueryWithColumnValueAndOperator(
         MapEntry<String, dynamic>(column, value), '\$ne'));
   }
@@ -229,26 +251,38 @@ class QueryBuilder<T extends ParseObject> {
         MapEntry<String, dynamic>(column, value), '\$regex'));
   }
 
-  /// Performs a search to see if [String] contains other string
-  void whereContains(String column, String value,
-      {bool caseSensitive = false}) {
+  /// Add a constraint for finding String values that contain the provided
+  /// [substring]
+  void whereContains(
+    String column,
+    String substring, {
+    bool caseSensitive = false,
+  }) {
+    substring = Uri.encodeComponent(substring);
+
     if (caseSensitive) {
       queries.add(MapEntry<String, dynamic>(
-          _singleQuery, '"$column":{"\$regex": "$value"}'));
+          _singleQuery, '"$column":{"\$regex": "$substring"}'));
     } else {
-      queries.add(MapEntry<String, dynamic>(
-          _singleQuery, '"$column":{"\$regex": "$value", "\$options": "i"}'));
+      queries.add(MapEntry<String, dynamic>(_singleQuery,
+          '"$column":{"\$regex": "$substring", "\$options": "i"}'));
     }
   }
 
-  /// Powerful search for containing whole words. This search is much quicker than regex and can search for whole words including whether they are case sensitive or not.
-  /// This search can also order by the score of the search
-  void whereContainsWholeWord(String column, String query,
-      {bool caseSensitive = false,
-      bool orderByScore = true,
-      bool diacriticSensitive = false}) {
+  /// Powerful search for containing whole words. This search is much quicker
+  /// than regex and can search for whole words including whether they are case
+  /// sensitive or not. This search can also order by the score of the search
+  void whereContainsWholeWord(
+    String column,
+    String searchTerm, {
+    bool caseSensitive = false,
+    bool orderByScore = true,
+    bool diacriticSensitive = false,
+  }) {
+    searchTerm = Uri.encodeComponent(searchTerm);
+
     queries.add(MapEntry<String, dynamic>(_singleQuery,
-        '"$column":{"\$text":{"\$search":{"\$term": "$query", "\$caseSensitive": $caseSensitive , "\$diacriticSensitive": $diacriticSensitive }}}'));
+        '"$column":{"\$text":{"\$search":{"\$term": "$searchTerm", "\$caseSensitive": $caseSensitive , "\$diacriticSensitive": $diacriticSensitive }}}'));
     if (orderByScore) {
       orderByAscending('\$score');
       keysToReturn(['\$score']);

packages/dart/pubspec.yaml

@@ -1,6 +1,6 @@
 name: parse_server_sdk
 description: The Dart SDK to connect to Parse Server. Build your apps faster with Parse Platform, the complete application stack.
-version: 5.1.1
+version: 5.1.2
 homepage: https://github.com/parse-community/Parse-SDK-Flutter
 
 environment:

packages/dart/test/src/network/parse_query_test.dart

@@ -465,5 +465,45 @@ void main() {
       // assert
       expect(result.query.contains("%22object2%22,%22include%22"), true);
     });
+
+    test('the result query should contains encoded special characters values',
+        () {
+      // arrange
+      final queryBuilder = QueryBuilder.name('Diet_Plans');
+
+      // act
+      queryBuilder.whereEqualTo('some-column', 'some+test=test');
+      queryBuilder.whereStartsWith('some-other-column', 'pre+fix');
+      queryBuilder.whereEndsWith('some-column2', 'end+with');
+      queryBuilder.whereNotEqualTo('some-column3', 'not+equal');
+      queryBuilder.whereContains('some-column3', 'WW+E');
+      queryBuilder.whereContainsWholeWord(
+        'some-column3',
+        'Programming++',
+        orderByScore: false,
+      );
+
+      // assert
+      final queryString = queryBuilder.buildQuery();
+      const encodedPlusChar = '%2B'; // +
+      const encodedEqualChar = '%3D'; // =
+
+      expect(queryString, contains(encodedPlusChar));
+      expect(queryString, contains(encodedEqualChar));
+
+      final expectedQueryString = StringBuffer();
+      expectedQueryString.writeAll([
+        'where={',
+        '"some-column": "some${encodedPlusChar}test${encodedEqualChar}test",',
+        '"some-other-column":{"\$regex": "^pre${encodedPlusChar}fix", "\$options": "i"},',
+        '"some-column2":{"\$regex": "end${encodedPlusChar}with\$", "\$options": "i"},',
+        '"some-column3":{ "\$ne":"not${encodedPlusChar}equal"},',
+        '"some-column3":{"\$regex": "WW${encodedPlusChar}E", "\$options": "i"},',
+        '"some-column3":{"\$text":{"\$search":{"\$term": "Programming$encodedPlusChar$encodedPlusChar", "\$caseSensitive": false , "\$diacriticSensitive": false }}}',
+        '}',
+      ]);
+
+      expect(queryString, equals(expectedQueryString.toString()));
+    });
   });
 }