oci/zeronet
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Allow only SELECT in storage.query

Browse source
This commit is contained in:
shortcutme 2018-12-15 17:45:17 +01:00
parent edc1a71d0d
commit 4fe6ae9811
No known key found for this signature in database
GPG key ID: 5B63BAE6CB9613AE
2 changed files with 3 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
src/Site/SiteStorage.py
View file

@ -173,6 +173,9 @@ class SiteStorage(object):
# Execute sql query or rebuild on dberror # Execute sql query or rebuild on dberror
def query(self, query, params=None): def query(self, query, params=None):
if not query.strip().upper().startswith("SELECT"):
raise Exception("Only SELECT query supported")
if self.event_db_busy: # Db not ready for queries if self.event_db_busy: # Db not ready for queries
self.log.debug("Wating for db...") self.log.debug("Wating for db...")
self.event_db_busy.get() # Wait for event self.event_db_busy.get() # Wait for event

2
src/Ui/UiWebsocket.py
View file

@ -669,8 +669,6 @@ class UiWebsocket(object):
s = time.time() s = time.time()
rows = [] rows = []
try: try:
if not query.strip().upper().startswith("SELECT"):
raise Exception("Only SELECT query supported")
res = self.site.storage.query(query, params) res = self.site.storage.query(query, params)
except Exception, err: # Response the error to client except Exception, err: # Response the error to client
self.log.error("DbQuery error: %s" % err) self.log.error("DbQuery error: %s" % err)