Skip to content
Permalink
Browse files

Adding comments explaining code changes

  • Loading branch information
ccrook committed Oct 7, 2014
1 parent 8b24554 commit f1577f1e8b2d27b5d2b82a29fe7908aa29753f2e
Showing with 7 additions and 0 deletions.
  1. +7 −0 src/providers/postgres/qgspostgresprovider.cpp
@@ -3356,6 +3356,11 @@ QGISEXTERN bool saveStyle( const QString& uri, const QString& qmlStyle, const QS
uiFileValue = QString( ",XMLPARSE(DOCUMENT %1)" ).arg( QgsPostgresConn::quotedValue( uiFileContent ) );
}

// Note: in the construction of the INSERT and UPDATE strings the qmlStyle and sldStyle values
// can contain user entered strings, which may themselves include %## values that would be
// replaced by the QString.arg function. To ensure that the final SQL string is not corrupt these
// two values are both replaced in the final .arg call of the string construction.

QString sql = QString( "INSERT INTO layer_styles("
"f_table_catalog,f_table_schema,f_table_name,f_geometry_column,styleName,styleQML,styleSLD,useAsDefault,description,owner%11"
") VALUES ("
@@ -3371,6 +3376,7 @@ QGISEXTERN bool saveStyle( const QString& uri, const QString& qmlStyle, const QS
.arg( QgsPostgresConn::quotedValue( dsUri.username() ) )
.arg( uiFileColumn )
.arg( uiFileValue )
// Must be the final .arg replacement - see above
.arg( QgsPostgresConn::quotedValue( qmlStyle ),
QgsPostgresConn::quotedValue( sldStyle ) );

@@ -3419,6 +3425,7 @@ QGISEXTERN bool saveStyle( const QString& uri, const QString& qmlStyle, const QS
.arg( QgsPostgresConn::quotedValue( dsUri.table() ) )
.arg( QgsPostgresConn::quotedValue( dsUri.geometryColumn() ) )
.arg( QgsPostgresConn::quotedValue( styleName.isEmpty() ? dsUri.table() : styleName ) )
// Must be the final .arg replacement - see above
.arg( QgsPostgresConn::quotedValue( qmlStyle ),
QgsPostgresConn::quotedValue( sldStyle ) );
}

0 comments on commit f1577f1

Please sign in to comment.
You can’t perform that action at this time.