Permalink
Browse files

Make sure queries are read-only.

  • Loading branch information...
1 parent 3a1e497 commit 8c92e00679a31a77df4a499ea414bab0c4a51c05 @mrjbq7 mrjbq7 committed May 28, 2010
Showing with 9 additions and 4 deletions.
  1. +9 −4 tracsql/web_ui.py
View
@@ -107,18 +107,20 @@ def _process(self, req, cursor, data):
sql = req.args.get('query', '')
raw = req.args.get('raw', '')
+ cols = rows = []
error = None
- if sql.strip():
+ if re.search('.*delete|drop|insert|replace|set|update.*', sql,
+ re.IGNORECASE):
+ error = "Query must be read-only!"
+
+ elif sql.strip():
try:
cursor.execute(sql)
cols = map(lambda x: x[0], cursor.description)
rows = cursor.fetchall()[:1000]
except BaseException, e:
error = e.message
- cols = rows = []
- else:
- cols = rows = []
if not raw:
@@ -196,6 +198,9 @@ def _process_schema(self, req, cursor, data):
data['table'] = table
data['count'] = count
+ # FIXME: Add index list?
+ # FIXME: Add foreign key list?
+
return 'schema.html', data, None

0 comments on commit 8c92e00

Please sign in to comment.