From be1896cbeb2e413615fb61791101f8b199e1bf3d Mon Sep 17 00:00:00 2001
From: Brent Roose <brent@spatie.be>
Date: Wed, 10 Apr 2019 11:39:39 +0200
Subject: [PATCH 1/3] Correctly escape single quotes in json paths

---
 .../Database/Query/Grammars/Grammar.php       |  2 ++
 tests/Database/DatabaseQueryBuilderTest.php   | 19 +++++++++++++++++++
 2 files changed, 21 insertions(+)

diff --git a/src/Illuminate/Database/Query/Grammars/Grammar.php b/src/Illuminate/Database/Query/Grammars/Grammar.php
index 2554d80ede29..51d10042e776 100755
--- a/src/Illuminate/Database/Query/Grammars/Grammar.php
+++ b/src/Illuminate/Database/Query/Grammars/Grammar.php
@@ -1119,6 +1119,8 @@ protected function wrapJsonFieldAndPath($column)
      */
     protected function wrapJsonPath($value, $delimiter = '->')
     {
+        $value = preg_replace("/([\\\\]+)?\\'/", "\\'", $value);
+
         return '\'$."'.str_replace($delimiter, '"."', $value).'"\'';
     }
 
diff --git a/tests/Database/DatabaseQueryBuilderTest.php b/tests/Database/DatabaseQueryBuilderTest.php
index ec8946d5bd43..556e0f87711c 100755
--- a/tests/Database/DatabaseQueryBuilderTest.php
+++ b/tests/Database/DatabaseQueryBuilderTest.php
@@ -2252,6 +2252,25 @@ public function testMySqlWrappingJsonWithBooleanAndIntegerThatLooksLikeOne()
         $this->assertEquals('select * from `users` where json_extract(`items`, \'$."available"\') = true and json_extract(`items`, \'$."active"\') = false and json_unquote(json_extract(`items`, \'$."number_available"\')) = ?', $builder->toSql());
     }
 
+    public function testJsonPathEscaping()
+    {
+        $expectedJsonEscape = <<<SQL
+select json_unquote(json_extract(`json`, '$."\'))#"'))
+SQL;
+
+        $builder = $this->getMySqlBuilder();
+        $builder->select("json->'))#");
+        $this->assertEquals($expectedJsonEscape, $builder->toSql());
+
+        $builder = $this->getMySqlBuilder();
+        $builder->select("json->\'))#");
+        $this->assertEquals($expectedJsonEscape, $builder->toSql());
+
+        $builder = $this->getMySqlBuilder();
+        $builder->select("json->\\\'))#");
+        $this->assertEquals($expectedJsonEscape, $builder->toSql());
+    }
+
     public function testMySqlWrappingJson()
     {
         $builder = $this->getMySqlBuilder();

From ea41e9092e906328ce944e808a825bde5433a565 Mon Sep 17 00:00:00 2001
From: Brent Roose <brent@spatie.be>
Date: Wed, 10 Apr 2019 12:43:22 +0200
Subject: [PATCH 2/3] Improve naming

---
 tests/Database/DatabaseQueryBuilderTest.php | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/tests/Database/DatabaseQueryBuilderTest.php b/tests/Database/DatabaseQueryBuilderTest.php
index 556e0f87711c..37e774cb6549 100755
--- a/tests/Database/DatabaseQueryBuilderTest.php
+++ b/tests/Database/DatabaseQueryBuilderTest.php
@@ -2254,21 +2254,21 @@ public function testMySqlWrappingJsonWithBooleanAndIntegerThatLooksLikeOne()
 
     public function testJsonPathEscaping()
     {
-        $expectedJsonEscape = <<<SQL
+        $expectedWithJsonEscaped = <<<SQL
 select json_unquote(json_extract(`json`, '$."\'))#"'))
 SQL;
 
         $builder = $this->getMySqlBuilder();
         $builder->select("json->'))#");
-        $this->assertEquals($expectedJsonEscape, $builder->toSql());
+        $this->assertEquals($expectedWithJsonEscaped, $builder->toSql());
 
         $builder = $this->getMySqlBuilder();
         $builder->select("json->\'))#");
-        $this->assertEquals($expectedJsonEscape, $builder->toSql());
+        $this->assertEquals($expectedWithJsonEscaped, $builder->toSql());
 
         $builder = $this->getMySqlBuilder();
         $builder->select("json->\\\'))#");
-        $this->assertEquals($expectedJsonEscape, $builder->toSql());
+        $this->assertEquals($expectedWithJsonEscaped, $builder->toSql());
     }
 
     public function testMySqlWrappingJson()

From 93f59c4244698c59f7b419008bce5767168d70d1 Mon Sep 17 00:00:00 2001
From: Brent Roose <brent@spatie.be>
Date: Wed, 10 Apr 2019 12:44:04 +0200
Subject: [PATCH 3/3] Extra test

---
 tests/Database/DatabaseQueryBuilderTest.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/tests/Database/DatabaseQueryBuilderTest.php b/tests/Database/DatabaseQueryBuilderTest.php
index 37e774cb6549..ef1b3c871641 100755
--- a/tests/Database/DatabaseQueryBuilderTest.php
+++ b/tests/Database/DatabaseQueryBuilderTest.php
@@ -2266,6 +2266,10 @@ public function testJsonPathEscaping()
         $builder->select("json->\'))#");
         $this->assertEquals($expectedWithJsonEscaped, $builder->toSql());
 
+        $builder = $this->getMySqlBuilder();
+        $builder->select("json->\\'))#");
+        $this->assertEquals($expectedWithJsonEscaped, $builder->toSql());
+
         $builder = $this->getMySqlBuilder();
         $builder->select("json->\\\'))#");
         $this->assertEquals($expectedWithJsonEscaped, $builder->toSql());