From 477b62200d25eb1bef7a0243f03b5e92ef5685c9 Mon Sep 17 00:00:00 2001
From: JimMoen <LnJimMoen@outlook.com>
Date: Thu, 16 Dec 2021 17:36:13 +0800
Subject: [PATCH] fix(authz): placeholder regular expression escape

---
 apps/emqx_authz/src/emqx_authz_postgresql.erl | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/apps/emqx_authz/src/emqx_authz_postgresql.erl b/apps/emqx_authz/src/emqx_authz_postgresql.erl
index 6034bfd15..cab6a9f11 100644
--- a/apps/emqx_authz/src/emqx_authz_postgresql.erl
+++ b/apps/emqx_authz/src/emqx_authz_postgresql.erl
@@ -57,13 +57,15 @@ parse_query(undefined) ->
     undefined;
 parse_query(Sql) ->
     case re:run(Sql, ?RE_PLACEHOLDER, [global, {capture, all, list}]) of
-        {match, Variables} ->
-            Params = [Var || [Var] <- Variables],
-            Vars = ["$" ++ integer_to_list(I) || I <- lists:seq(1, length(Params))],
-            NSql = lists:foldl(fun({Param, Var}, S) ->
-                       re:replace(S, Param, Var, [{return, list}])
-                   end, Sql, lists:zip(Params, Vars)),
-            {NSql, Params};
+        {match, Capured} ->
+            PlaceHolders = [PlaceHolder || [PlaceHolder] <- Capured],
+            Replacements = ["$" ++ integer_to_list(I) || I <- lists:seq(1, length(PlaceHolders))],
+            NSql = lists:foldl(
+                     fun({PlaceHolder, Replacement}, S) ->
+                             re:replace(
+                               S, emqx_authz:ph_to_re(PlaceHolder), Replacement, [{return, list}])
+                     end, Sql, lists:zip(PlaceHolders, Replacements)),
+            {NSql, PlaceHolders};
         nomatch ->
             {Sql, []}
     end.