oci/zeronet
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Rev3864, Fix newsfeed sql query with many parameters

Browse source
This commit is contained in:
shortcutme 2019-04-29 16:36:33 +02:00
parent 8dd3a8495b
commit 9b274415e0
No known key found for this signature in database
GPG key ID: 5B63BAE6CB9613AE
4 changed files with 17 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
plugins/Newsfeed/NewsfeedPlugin.py
View file

@ -4,6 +4,7 @@ import re
from Plugin import PluginManager from Plugin import PluginManager
from Db import DbQuery from Db import DbQuery
from Debug import Debug from Debug import Debug
from util import helper
@PluginManager.registerTo("UiWebsocket") @PluginManager.registerTo("UiWebsocket")
@ -66,14 +67,14 @@ class UiWebsocketPlugin(object):
query = " UNION ".join(query_parts) query = " UNION ".join(query_parts)
if ":params" in query: if ":params" in query:
query = query.replace(":params", ",".join(["?"] * len(params))) query_params = map(helper.sqlquote, params)
res = site.storage.query(query + " ORDER BY date_added DESC LIMIT %s" % limit, params * query_raw.count(":params")) query = query.replace(":params", ",".join(query_params))
else:
res = site.storage.query(query + " ORDER BY date_added DESC LIMIT %s" % limit) res = site.storage.query(query + " ORDER BY date_added DESC LIMIT %s" % limit)
except Exception as err: # Log error except Exception as err: # Log error
self.log.error("%s feed query %s error: %s" % (address, name, Debug.formatException(err))) self.log.error("%s feed query %s error: %s" % (address, name, Debug.formatException(err)))
stats.append({"site": site.address, "feed_name": name, "error": str(err), "query": query}) stats.append({"site": site.address, "feed_name": name, "error": str(err)})
continue continue
for row in res: for row in res:

2
src/Config.py
View file

@ -13,7 +13,7 @@ class Config(object):
def __init__(self, argv): def __init__(self, argv):
self.version = "0.6.5" self.version = "0.6.5"
self.rev = 3863 self.rev = 3864
self.argv = argv self.argv = argv
self.action = None self.action = None
self.pending_changes = {} self.pending_changes = {}

10
src/Db/DbCursor.py
View file

@ -1,5 +1,7 @@
import time import time
import re import re
from util import helper
# Special sqlite cursor # Special sqlite cursor
@ -12,12 +14,6 @@ class DbCursor:
self.cursor = conn.cursor() self.cursor = conn.cursor()
self.logging = False self.logging = False
def quoteValue(self, value):
if type(value) is int:
return str(value)
else:
return "'%s'" % value.replace("'", "''")
def execute(self, query, params=None): def execute(self, query, params=None):
self.db.last_query_time = time.time() self.db.last_query_time = time.time()
if isinstance(params, dict) and "?" in query: # Make easier select and insert by allowing dict params if isinstance(params, dict) and "?" in query: # Make easier select and insert by allowing dict params
@ -35,7 +31,7 @@ class DbCursor:
operator = "IN" operator = "IN"
if len(value) > 100: if len(value) > 100:
# Embed values in query to avoid "too many SQL variables" error # Embed values in query to avoid "too many SQL variables" error
query_values = ",".join(map(self.quoteValue, value)) query_values = ",".join(map(helper.sqlquote, value))
else: else:
query_values = ",".join(["?"] * len(value)) query_values = ",".join(["?"] * len(value))
values += value values += value

7
src/util/helper.py
View file

@ -72,6 +72,13 @@ def getFreeSpace():
return free_space return free_space
def sqlquote(value):
if type(value) is int:
return str(value)
else:
return "'%s'" % value.replace("'", "''")
def shellquote(*args): def shellquote(*args):
if len(args) == 1: if len(args) == 1:
return '"%s"' % args[0].replace('"', "") return '"%s"' % args[0].replace('"', "")