definitely fix SQL queries escaping on addCompileFlags and areCompileFlagsAvailable

git-svn-id: http://svn.sabayonlinux.org/projects/entropy/trunk@813 cd1c1023-2f26-0410-ae45-c471fc1f0318
This commit is contained in:
(no author)
2007-12-07 09:30:32 +00:00
parent 8e590111b3
commit 549d2ddf54
4 changed files with 18 additions and 29 deletions
+1
View File
@@ -1,4 +1,5 @@
TODO list:
- strengthen SQL queries
- world: first fetch all, then upgrade
- mirrors: one more and in random order
- trigger: Regenerating cracklib dictionary
+1 -1
View File
@@ -64,7 +64,7 @@ def query(options):
rc = searchNeeded(myopts[1:])
elif myopts[0] == "removal":
rc = searchRemoval(myopts[1:]deep = equoRequestDeep)
rc = searchRemoval(myopts[1:],deep = equoRequestDeep)
elif myopts[0] == "tags":
if (len(myopts) > 1):
+7 -16
View File
@@ -1239,15 +1239,11 @@ class etpDatabase:
def addCompileFlags(self,chost,cflags,cxxflags):
dbLog.log(ETP_LOGPRI_INFO,ETP_LOGLEVEL_VERBOSE,"addCompileFlags: adding Flags -> "+chost+"|"+cflags+"|"+cxxflags)
# escape
#echost = entropyTools.escape(chost)
#ecflags = entropyTools.escape(cflags)
#ecxxflags = entropyTools.escape(cxxflags)
self.cursor.execute(
'INSERT into flags VALUES '
'(NULL,?,?,?)', (chost,cflags,cxxflags,)
)
self.commitChanges()
# get info about inserted value and return
idflag = self.areCompileFlagsAvailable(chost,cflags,cxxflags)
if idflag != -1:
@@ -2379,12 +2375,7 @@ class etpDatabase:
def areCompileFlagsAvailable(self,chost,cflags,cxxflags):
dbLog.log(ETP_LOGPRI_INFO,ETP_LOGLEVEL_VERBOSE,"areCompileFlagsAvailable: called.")
# escape
chost = entropyTools.escape(chost)
cflags = entropyTools.escape(cflags)
cxxflags = entropyTools.escape(cxxflags)
self.cursor.execute('SELECT idflags FROM flags WHERE chost = "'+chost+'" AND cflags = "'+cflags+'" AND cxxflags = "'+cxxflags+'"')
self.cursor.execute('SELECT idflags FROM flags WHERE chost in (?) AND cflags in (?) AND cxxflags in (?)', (chost,cflags,cxxflags,))
result = self.cursor.fetchone()
if not result:
dbLog.log(ETP_LOGPRI_WARNING,ETP_LOGLEVEL_NORMAL,"areCompileFlagsAvailable: flags tuple "+chost+"|"+cflags+"|"+cxxflags+" not available.")
@@ -2410,10 +2401,10 @@ class etpDatabase:
def searchTaggedPackages(self, tag, atoms = False): # atoms = return atoms directly
dbLog.log(ETP_LOGPRI_INFO,ETP_LOGLEVEL_VERBOSE,"searchTaggedPackages: called for "+tag)
if atoms:
self.cursor.execute('SELECT atom,idpackage FROM baseinfo WHERE versiontag = "'+tag+'"')
self.cursor.execute('SELECT atom,idpackage FROM baseinfo WHERE versiontag in (?)', (tag,))
return self.cursor.fetchall()
else:
self.cursor.execute('SELECT idpackage FROM baseinfo WHERE versiontag = "'+tag+'"')
self.cursor.execute('SELECT idpackage FROM baseinfo WHERE versiontag = in (?)', (tag,))
return self.fetchall2set(self.cursor.fetchall())
''' search packages that need the specified library (in neededreference table) specified by keyword '''
@@ -2453,7 +2444,7 @@ class etpDatabase:
def searchPackages(self, keyword, sensitive = False, slot = None, tag = None, branch = None):
dbLog.log(ETP_LOGPRI_INFO,ETP_LOGLEVEL_VERBOSE,"searchPackages: called for "+keyword)
slotstring = ''
slotstring = ''
if slot:
slotstring = ' and slot = "'+slot+'"'
tagstring = ''
@@ -2464,9 +2455,9 @@ class etpDatabase:
branchstring = ' and branch = "'+branch+'"'
if (sensitive):
self.cursor.execute('SELECT atom,idpackage,branch FROM baseinfo WHERE atom LIKE "%'+keyword+'%"'+slotstring+tagstring+branchstring)
self.cursor.execute('SELECT atom,idpackage,branch FROM baseinfo WHERE atom LIKE (?)'+slotstring+tagstring+branchstring, ("%"+keyword+"%",))
else:
self.cursor.execute('SELECT atom,idpackage,branch FROM baseinfo WHERE LOWER(atom) LIKE "%'+keyword.lower()+'%"'+slotstring+tagstring+branchstring)
self.cursor.execute('SELECT atom,idpackage,branch FROM baseinfo WHERE LOWER(atom) LIKE (?)'+slotstring+tagstring+branchstring, ("%"+keyword.lower()+"%",))
return self.cursor.fetchall()
def searchProvide(self, keyword, slot = None, tag = None, branch = None):
+9 -12
View File
@@ -38,7 +38,6 @@ def smart(options):
# Options available for all the packages submodules
smartRequestEmpty = False
smartRequestAsk = False
smartRequestSavedir = None
savedir = False
newopts = []
@@ -47,8 +46,6 @@ def smart(options):
smartRequestEmpty = True
elif (opt == "--savedir"):
savedir = True
elif (opt == "--ask"):
smartRequestAsk = True
else:
if savedir:
smartRequestSavedir = opt
@@ -63,7 +60,7 @@ def smart(options):
elif (options[0] == "package"):
rc = smartPackagesHandler(options[1:])
elif (options[0] == "quickpkg"):
rc = QuickpkgHandler(options[1:], quiet = False, ask = smartRequestAsk, savedir = savedir)
rc = QuickpkgHandler(options[1:], savedir = savedir)
elif (options[0] == "inflate") or (options[0] == "deflate") or (options[0] == "extract"):
rc = CommonFlate(options[1:], action = options[0], savedir = smartRequestSavedir)
else:
@@ -72,10 +69,10 @@ def smart(options):
return rc
def QuickpkgHandler(mypackages, quiet = False, ask = True, savedir = None):
def QuickpkgHandler(mypackages, savedir = None):
if (not mypackages):
if not quiet: print_error(darkred(" * ")+red("No packages specified."))
if not etpUi['quiet']: print_error(darkred(" * ")+red("No packages specified."))
return 1
if savedir == None:
@@ -94,14 +91,14 @@ def QuickpkgHandler(mypackages, quiet = False, ask = True, savedir = None):
if match[0] != -1:
packages.append(match)
else:
if not quiet: print_warning(darkred(" * ")+red("Cannot find: ")+bold(opt))
if not etpUi['quiet']: print_warning(darkred(" * ")+red("Cannot find: ")+bold(opt))
packages = entropyTools.filterDuplicatedEntries(packages)
if (not packages):
print_error(darkred(" * ")+red("No valid packages specified."))
return 2
# print the list
if (not quiet) or (ask): print_info(darkgreen(" * ")+red("This is the list of the packages that would be quickpkg'd:"))
if (not etpUi['quiet']) or (etpUi['ask']): print_info(darkgreen(" * ")+red("This is the list of the packages that would be quickpkg'd:"))
pkgInfo = {}
pkgData = {}
for pkg in packages:
@@ -110,7 +107,7 @@ def QuickpkgHandler(mypackages, quiet = False, ask = True, savedir = None):
pkgData[pkg] = clientDbconn.getPackageData(pkg[0])
print_info(brown("\t[")+red("from:")+bold("installed")+brown("]")+" - "+atom)
if (not quiet) or (ask):
if (not etpUi['quiet']) or (etpUi['ask']):
rc = entropyTools.askquestion(">> Would you like to recompose the selected packages ?")
if rc == "No":
return 0
@@ -118,12 +115,12 @@ def QuickpkgHandler(mypackages, quiet = False, ask = True, savedir = None):
clientDbconn.closeDB()
for pkg in packages:
if not quiet: print_info(brown(" * ")+red("Compressing: ")+darkgreen(pkgInfo[pkg]))
if not etpUi['quiet']: print_info(brown(" * ")+red("Compressing: ")+darkgreen(pkgInfo[pkg]))
resultfile = entropyTools.quickpkg(pkgdata = pkgData[pkg], dirpath = savedir)
if resultfile == None:
if not quiet: print_error(darkred(" * ")+red("Error creating package for: ")+bold(pkgInfo[pkg])+darkred(". Cannot continue."))
if not etpUi['quiet']: print_error(darkred(" * ")+red("Error creating package for: ")+bold(pkgInfo[pkg])+darkred(". Cannot continue."))
return 3
if not quiet: print_info(darkgreen(" * ")+red("Saved in: ")+resultfile)
if not etpUi['quiet']: print_info(darkgreen(" * ")+red("Saved in: ")+resultfile)
return 0
def CommonFlate(mytbz2s, action, savedir = None):