wip

Author: datlechin

TablePro/Core/Database/SQLEscaping.swift

@@ -16,7 +16,8 @@ enum SQLEscaping {
     /// Handles the following special characters:
     /// - Backslashes (must be escaped first to avoid double-escaping)
     /// - Single quotes (SQL standard: doubled)
-    /// - Newlines, carriage returns, tabs, null bytes
+    /// - Control characters: null, backspace, tab, newline, form feed, carriage return
+    /// - MySQL EOF marker (\x1A) which can cause parsing issues
     ///
     /// Example:
     /// ```swift
@@ -33,11 +34,15 @@ enum SQLEscaping {
         result = result.replacingOccurrences(of: "\\", with: "\\\\")
         // Single quote: SQL standard escaping (double the quote)
         result = result.replacingOccurrences(of: "'", with: "''")
-        // Control characters
+        // Common control characters
         result = result.replacingOccurrences(of: "\n", with: "\\n")
         result = result.replacingOccurrences(of: "\r", with: "\\r")
         result = result.replacingOccurrences(of: "\t", with: "\\t")
         result = result.replacingOccurrences(of: "\0", with: "\\0")
+        // Additional control characters that can cause issues
+        result = result.replacingOccurrences(of: "\u{08}", with: "\\b")  // Backspace
+        result = result.replacingOccurrences(of: "\u{0C}", with: "\\f")  // Form feed
+        result = result.replacingOccurrences(of: "\u{1A}", with: "\\Z")  // MySQL EOF marker (Ctrl+Z)
         return result
     }
 

TablePro/Core/Services/ExportService.swift

@@ -493,11 +493,17 @@ final class ExportService: ObservableObject {
         return result
     }
 
-    /// Format a value for JSON output
+    /// Format a value for JSON output with optional type detection
+    ///
     /// - Parameters:
     ///   - value: The value to format
     ///   - preserveAsString: If true, always output as string without type detection
     ///                       (preserves leading zeros in ZIP codes, phone numbers, etc.)
+    ///
+    /// - Note: When type detection is enabled (preserveAsString = false), integers beyond
+    ///   JavaScript's Number.MAX_SAFE_INTEGER (2^53-1 = 9007199254740991) may lose precision
+    ///   when parsed by JavaScript. For large IDs or precise numeric data, enable the
+    ///   "Preserve All Values as Strings" option in export settings.
     private func formatJSONValue(_ value: String?, preserveAsString: Bool) -> String {
         guard let val = value else { return "null" }
 
@@ -507,6 +513,7 @@ final class ExportService: ObservableObject {
         }
 
         // Try to detect numbers and booleans
+        // Note: Large integers (> 2^53-1) may lose precision in JavaScript consumers
         if let intVal = Int(val) {
             return String(intVal)
         }
@@ -695,14 +702,23 @@ final class ExportService: ObservableObject {
     private func compressFileToFile(source: URL, destination: URL) async throws {
         // Run compression on background thread to avoid blocking main thread
         try await Task.detached(priority: .userInitiated) {
+            // Pre-flight check: verify gzip is available
+            let gzipPath = "/usr/bin/gzip"
+            guard FileManager.default.isExecutableFile(atPath: gzipPath) else {
+                throw ExportError.exportFailed(
+                    "Compression unavailable: gzip not found at \(gzipPath). " +
+                    "Please install gzip or disable compression in export options."
+                )
+            }
+
             // Create output file
             guard FileManager.default.createFile(atPath: destination.path, contents: nil) else {
                 throw ExportError.fileWriteFailed(destination.path)
             }
 
             // Use gzip to compress the file
             let process = Process()
-            process.executableURL = URL(fileURLWithPath: "/usr/bin/gzip")
+            process.executableURL = URL(fileURLWithPath: gzipPath)
             process.arguments = ["-c", source.path]
 
             let outputFile = try FileHandle(forWritingTo: destination)

TablePro/Views/Export/ExportDialog.swift

@@ -325,6 +325,13 @@ struct ExportDialog: View {
         return config.format.fileExtension
     }
 
+    /// Windows reserved device names (case-insensitive)
+    private static let windowsReservedNames: Set<String> = [
+        "CON", "PRN", "AUX", "NUL",
+        "COM1", "COM2", "COM3", "COM4", "COM5", "COM6", "COM7", "COM8", "COM9",
+        "LPT1", "LPT2", "LPT3", "LPT4", "LPT5", "LPT6", "LPT7", "LPT8", "LPT9"
+    ]
+
     /// Validates that the filename is not empty and contains no invalid filesystem characters
     private var isFileNameValid: Bool {
         let name = config.fileName.trimmingCharacters(in: .whitespaces)
@@ -342,6 +349,17 @@ struct ExportDialog: View {
             name.contains("/../") || name.contains("\\..\\")
         guard !isPathTraversalPattern else { return false }
 
+        // Check for Windows reserved device names (case-insensitive)
+        // These can cause issues if the export file is copied to Windows
+        let baseName = name.components(separatedBy: ".").first ?? name
+        guard !Self.windowsReservedNames.contains(baseName.uppercased()) else { return false }
+
+        // Prevent hidden files on Unix (starting with .)
+        guard !name.hasPrefix(".") else { return false }
+
+        // Check filename length (255 bytes is common limit on most filesystems)
+        guard name.utf8.count <= 255 else { return false }
+
         return true
     }