Allow only SELECT in storage.query
This commit is contained in:
parent
edc1a71d0d
commit
4fe6ae9811
2 changed files with 3 additions and 2 deletions
src
|
@ -173,6 +173,9 @@ class SiteStorage(object):
|
|||
|
||||
# Execute sql query or rebuild on dberror
|
||||
def query(self, query, params=None):
|
||||
if not query.strip().upper().startswith("SELECT"):
|
||||
raise Exception("Only SELECT query supported")
|
||||
|
||||
if self.event_db_busy: # Db not ready for queries
|
||||
self.log.debug("Wating for db...")
|
||||
self.event_db_busy.get() # Wait for event
|
||||
|
|
|
@ -669,8 +669,6 @@ class UiWebsocket(object):
|
|||
s = time.time()
|
||||
rows = []
|
||||
try:
|
||||
if not query.strip().upper().startswith("SELECT"):
|
||||
raise Exception("Only SELECT query supported")
|
||||
res = self.site.storage.query(query, params)
|
||||
except Exception, err: # Response the error to client
|
||||
self.log.error("DbQuery error: %s" % err)
|
||||
|
|
Loading…
Reference in a new issue