[Erp5-report] r19366 - in /erp5/trunk/products/ZSQLCatalog: SearchKey/ tests/
nobody at svn.erp5.org
nobody at svn.erp5.org
Tue Feb 19 09:09:48 CET 2008
Author: jerome
Date: Tue Feb 19 09:09:47 2008
New Revision: 19366
URL: http://svn.erp5.org?rev=19366&view=rev
Log:
fix quote escaping
Modified:
erp5/trunk/products/ZSQLCatalog/SearchKey/DefaultKey.py
erp5/trunk/products/ZSQLCatalog/SearchKey/FullTextKey.py
erp5/trunk/products/ZSQLCatalog/SearchKey/KeyWordKey.py
erp5/trunk/products/ZSQLCatalog/SearchKey/SearchKey.py
erp5/trunk/products/ZSQLCatalog/tests/testZSQLCatalog.py
Modified: erp5/trunk/products/ZSQLCatalog/SearchKey/DefaultKey.py
URL: http://svn.erp5.org/erp5/trunk/products/ZSQLCatalog/SearchKey/DefaultKey.py?rev=19366&r1=19365&r2=19366&view=diff
==============================================================================
--- erp5/trunk/products/ZSQLCatalog/SearchKey/DefaultKey.py (original)
+++ erp5/trunk/products/ZSQLCatalog/SearchKey/DefaultKey.py Tue Feb 19 09:09:47 2008
@@ -26,8 +26,8 @@
#
##############################################################################
+from DocumentTemplate.DT_Var import sql_quote
from SearchKey import SearchKey
-from pprint import pprint
class DefaultKey(SearchKey):
""" DefaultKey key is an ERP5 portal_catalog search key which is used to render
@@ -106,7 +106,7 @@
""" Return a quoted string of the value. """
if isinstance(value, (int, long,)):
return str(value)
- return "'%s'" %value
+ return "'%s'" % sql_quote(value)
## def buildSQLExpressionFromSearchString(self, key, value, format, mode, range_value, stat__):
Modified: erp5/trunk/products/ZSQLCatalog/SearchKey/FullTextKey.py
URL: http://svn.erp5.org/erp5/trunk/products/ZSQLCatalog/SearchKey/FullTextKey.py?rev=19366&r1=19365&r2=19366&view=diff
==============================================================================
--- erp5/trunk/products/ZSQLCatalog/SearchKey/FullTextKey.py (original)
+++ erp5/trunk/products/ZSQLCatalog/SearchKey/FullTextKey.py Tue Feb 19 09:09:47 2008
@@ -44,8 +44,8 @@
# SQL expressions patterns
relevance = '%s_relevance'
- where_match_against = "MATCH %s AGAINST ('%s' %s)"
- select_match_against_as = "MATCH %s AGAINST ('%s' %s) AS %s"
+ where_match_against = "MATCH %s AGAINST (%s %s)"
+ select_match_against_as = "MATCH %s AGAINST (%s %s) AS %s"
t_PLUS = r'(\+)'
t_MINUS = r'(\-)'
@@ -87,11 +87,14 @@
relevance_key1 = self.relevance %key
relevance_key2 = None
select_expression_list = []
- where_expression = self.where_match_against %(key, value, mode)
+ where_expression = self.where_match_against % (key,
+ self.quoteSQLString(value, ''), mode)
if not stat__:
# stat__ is an internal implementation artifact to prevent adding
# select_expression for countFolder
- select_expression_list = [self.select_match_against_as %(key, value, mode, relevance_key1),]
- if relevance_key2 is not None:
- select_expression_list.append(self.select_match_against_as %(key, value, mode, relevance_key2))
+ select_expression_list = [self.select_match_against_as % (key,
+ self.quoteSQLString(value, ''), mode, relevance_key1),]
+ if relevance_key2 is not None:
+ select_expression_list.append(self.select_match_against_as % (
+ key, self.quoteSQLString(value, ''), mode, relevance_key2))
return where_expression, select_expression_list
Modified: erp5/trunk/products/ZSQLCatalog/SearchKey/KeyWordKey.py
URL: http://svn.erp5.org/erp5/trunk/products/ZSQLCatalog/SearchKey/KeyWordKey.py?rev=19366&r1=19365&r2=19366&view=diff
==============================================================================
--- erp5/trunk/products/ZSQLCatalog/SearchKey/KeyWordKey.py (original)
+++ erp5/trunk/products/ZSQLCatalog/SearchKey/KeyWordKey.py Tue Feb 19 09:09:47 2008
@@ -125,10 +125,6 @@
value = value[1:]
t.value = value
return t
-
- def quoteSQLString(self, value, format):
- """ Return a quoted string of the value. """
- return "'%s'" %value
def getOperatorForTokenList(self, tokens):
""" Generic implementation that will return respective
Modified: erp5/trunk/products/ZSQLCatalog/SearchKey/SearchKey.py
URL: http://svn.erp5.org/erp5/trunk/products/ZSQLCatalog/SearchKey/SearchKey.py?rev=19366&r1=19365&r2=19366&view=diff
==============================================================================
--- erp5/trunk/products/ZSQLCatalog/SearchKey/SearchKey.py (original)
+++ erp5/trunk/products/ZSQLCatalog/SearchKey/SearchKey.py Tue Feb 19 09:09:47 2008
@@ -26,6 +26,7 @@
#
##############################################################################
+from DocumentTemplate.DT_Var import sql_quote
from Products.ZSQLCatalog.Query.SimpleQuery import SimpleQuery as Query
from Products.ZSQLCatalog.Query.ComplexQuery import ComplexQuery
from Products.ZSQLCatalog.SQLCatalog import getSearchKeyInstance
@@ -108,7 +109,7 @@
def quoteSQLString(self, value, format):
""" Return a quoted string of the value. """
- return "'%s'" %value
+ return "'%s'" % sql_quote(str(value))
# SQL generation
def buildSQLExpression(self, key, value,
Modified: erp5/trunk/products/ZSQLCatalog/tests/testZSQLCatalog.py
URL: http://svn.erp5.org/erp5/trunk/products/ZSQLCatalog/tests/testZSQLCatalog.py?rev=19366&r1=19365&r2=19366&view=diff
==============================================================================
--- erp5/trunk/products/ZSQLCatalog/tests/testZSQLCatalog.py (original)
+++ erp5/trunk/products/ZSQLCatalog/tests/testZSQLCatalog.py Tue Feb 19 09:09:47 2008
@@ -107,13 +107,6 @@
q.asSQLExpression(keyword_search_keys=[],
datetime_search_keys = [],
full_text_search_keys=[]))
-
- def testQuotedString(self):
- q = Query(title='Foo d\'Bar')
- self.assertEquals(
- dict(where_expression="title = 'Foo d''Bar'",
- select_expression_list=[]),
- q.asSQLExpression(keyword_search_keys=[], full_text_search_keys=[]))
def testQueryMultipleKeys(self):
# using multiple keys is invalid and raises
@@ -315,6 +308,52 @@
datetime_search_keys = [],
full_text_search_keys=[])['where_expression'])
+ def testQuotedStringDefaultKey(self):
+ q = Query(title='Foo d\'Ba')
+ self.assertEquals(
+ dict(where_expression="((((title = 'Foo d''Ba'))))",
+ select_expression_list=[]),
+ q.asSQLExpression())
+
+ def testQuotedStringKeywordKey(self):
+ q = Query(title='Foo d\'Ba', type='keyword')
+ self.assertEquals(
+ dict(where_expression="((((title LIKE '%Foo d''Ba%'))))",
+ select_expression_list=[]),
+ q.asSQLExpression())
+
+ def testQuotedStringFullTextKey(self):
+ q = Query(title='Foo d\'Ba', type='fulltext')
+ self.assertEquals(
+ dict(where_expression="MATCH title AGAINST ('Foo d''Ba' )",
+ select_expression_list=["MATCH title AGAINST ('Foo d''Ba' )"
+ " AS title_relevance"]),
+ q.asSQLExpression())
+
+ def testQuotedStringDateKey(self):
+ q = Query(title='Foo d\'Ba', type='date')
+ self.assertEquals(
+ # I don't know exactly what we should expect here.
+ dict(where_expression="1",
+ select_expression_list=[]),
+ q.asSQLExpression())
+
+ def testQuotedStringFloatKey(self):
+ q = Query(title='Foo d\'Ba', type='float')
+ self.assertEquals(
+ # I don't know exactly what we should expect here.
+ # At least it's safe.
+ dict(where_expression="1",
+ select_expression_list=[]),
+ q.asSQLExpression())
+
+ def testQuotedStringIntKey(self):
+ q = Query(title='Foo d\'Ba', type='int')
+ self.assertEquals(
+ dict(where_expression="((((title = 'Foo d''Ba'))))",
+ select_expression_list=[]),
+ q.asSQLExpression())
+
def test_suite():
suite = unittest.TestSuite()
More information about the Erp5-report
mailing list