Skip to content

Commit

Permalink
Depend on DocumentTemplate 2.13.5+ to do SQL quoting.
Browse files Browse the repository at this point in the history 
Note: because of that dependency it might be better to use Zope 2.13,
although technically we only require 2.12 minimum.
  • Loading branch information
@mauritsvanrees
mauritsvanrees committed Jan 31, 2020
1 parent f5d8e2a commit 9243c9b
Show file tree
Hide file tree
Showing 5 changed files with 37 additions and 8 deletions.
4 changes: 3 additions & 1 deletion CHANGES.rst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,9 @@ Changelog
2.13.6 (unreleased)
-------------------

- TBD
- Depend on ``DocumentTemplate`` 2.13.5+ to do SQL quoting.
Note: because of that dependency it might be better to use Zope 2.13,
although technically we only require 2.12 minimum.

2.13.5 (2016-11-10)
-------------------
Expand Down
1 change: 1 addition & 0 deletions buildout.cfg
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
[buildout]
extends = https://raw.githubusercontent.com/zopefoundation/Zope/2.13/version_ranges.cfg
index = https://pypi.org/simple/
develop = .
parts = interpreter test

Expand Down
2 changes: 1 addition & 1 deletion setup.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@
'Zope2 > 2.12.8',
# These are only available with Zope >= 2.13.0a1
# 'AccessControl',
# 'DocumentTemplate',
'DocumentTemplate >= 2.13.5',
# 'zExceptions',
],
include_package_data=True,
Expand Down
8 changes: 3 additions & 5 deletions src/Shared/DC/ZRDB/Connection.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@
from App.special_dtml import DTMLFile
from DateTime.DateTime import DateTime
from DocumentTemplate import HTML
from DocumentTemplate.DT_Var import sql_quote
from OFS.SimpleItem import Item
from Persistence import Persistent
from zExceptions import BadRequest
Expand Down Expand Up @@ -169,7 +170,7 @@ def manage_test(self, query, REQUEST=None):
'manage_close_connection')
def manage_close_connection(self, REQUEST=None):
" "
try:
try:
if hasattr(self,'_v_database_connection'):
self._v_database_connection.close()
except:
Expand Down Expand Up @@ -214,10 +215,7 @@ def connect(self,s):
return self

def sql_quote__(self, v):
if string.find(v,"\'") >= 0:
v = string.join(string.split(v,"\'"),"''")
if string.find(v,"\x00") >= 0:
v = string.join(string.split(v,"\x00"), "")
v = sql_quote(v)
return "'%s'" % v

InitializeClass(Connection)
30 changes: 29 additions & 1 deletion src/Shared/DC/ZRDB/tests/test_connection.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ def connect(self, connection_string):
self.assertFalse(hasattr(conn2, '_connected_to'))

def test_sql_quote___miss(self):
TO_QUOTE = "no quoting required"
TO_QUOTE = 'no quoting required'
conn = self._makeOne('conn', '', 'conn string')
self.assertEqual(conn.sql_quote__(TO_QUOTE), "'%s'" % TO_QUOTE)

Expand All @@ -49,12 +49,40 @@ def test_sql_quote___embedded_apostrophe(self):
self.assertEqual(conn.sql_quote__(TO_QUOTE),
"'w''embedded apostrophe'")

def test_sql_quote___embedded_backslash(self):
TO_QUOTE = 'embedded \\backslash'
conn = self._makeOne('conn', '', 'conn string')
self.assertEqual(conn.sql_quote__(TO_QUOTE),
"'embedded \\\\backslash'")
# Show for good measure that the seeming four backslashes
# are really two, when you look at the raw string.
self.assertEqual(conn.sql_quote__(TO_QUOTE),
r"'embedded \\backslash'")

def test_sql_quote___embedded_double_quote(self):
TO_QUOTE = 'embedded "double quote'
conn = self._makeOne('conn', '', 'conn string')
self.assertEqual(conn.sql_quote__(TO_QUOTE),
r"'embedded \"double quote'")

def test_sql_quote___embedded_null(self):
TO_QUOTE = "w'embedded apostrophe and \x00null"
conn = self._makeOne('conn', '', 'conn string')
self.assertEqual(conn.sql_quote__(TO_QUOTE),
"'w''embedded apostrophe and null'")

# This is another version of a nul character.
TO_QUOTE = 'embedded other \x1anull'
conn = self._makeOne('conn', '', 'conn string')
self.assertEqual(conn.sql_quote__(TO_QUOTE),
"'embedded other null'")

def test_sql_quote___embedded_carriage_return(self):
TO_QUOTE = "w'embedded carriage\rreturn"
conn = self._makeOne('conn', '', 'conn string')
self.assertEqual(conn.sql_quote__(TO_QUOTE),
"'w''embedded carriagereturn'")


def test_suite():
suite = unittest.TestSuite()
Expand Down

0 comments on commit 9243c9b

Please sign in to comment.