[glom] More use of escape_sql_id().

From: Murray Cumming <murrayc src gnome org>
To: commits-list gnome org
Cc:
Subject: [glom] More use of escape_sql_id().
Date: Tue, 8 Nov 2011 14:22:21 +0000 (UTC)
commit 40437da2a3ba3d2dd4d206a51b0827808924fdc6
Author: Murray Cumming <murrayc murrayc com>
Date:   Tue Nov 8 14:36:59 2011 +0100

    More use of escape_sql_id().
    
    * glom/base_db.cc:
    * glom/libglom/db_utils.cc:
    * glom/libglom/privs.cc:
    * glom/mode_design/users/dialog_groups_list.cc:
    * glom/mode_design/users/dialog_users_list.cc: Use
    escape_sql_id() instead of manually adding quotes with no
    escaping. However, I have not yet done this for group and
    user names.

 ChangeLog                                    |   13 +++++++++++++
 glom/base_db.cc                              |    4 +++-
 glom/libglom/db_utils.cc                     |   15 +--------------
 glom/libglom/privs.cc                        |    3 ++-
 glom/mode_design/users/dialog_groups_list.cc |    3 ++-
 glom/mode_design/users/dialog_users_list.cc  |    5 ++++-
 6 files changed, 25 insertions(+), 18 deletions(-)
---
diff --git a/ChangeLog b/ChangeLog
index 3472049..fcef7b2 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,18 @@
 2011-11-08  Murray Cumming  <murrayc murrayc com>
 
+	More use of escape_sql_id().
+
+	* glom/base_db.cc:
+	* glom/libglom/db_utils.cc:
+	* glom/libglom/privs.cc:
+	* glom/mode_design/users/dialog_groups_list.cc:
+	* glom/mode_design/users/dialog_users_list.cc: Use 
+	escape_sql_id() instead of manually adding quotes with no 
+	escaping. However, I have not yet done this for group and 
+	user names.
+
+2011-11-08  Murray Cumming  <murrayc murrayc com>
+
 	libglom: Remove LayoutItem_Field::get_sql_name().
 
 	* glom/libglom/utils.cc: build_sql_select_add_fields_to_get():
diff --git a/glom/base_db.cc b/glom/base_db.cc
index b63f50d..549056b 100644
--- a/glom/base_db.cc
+++ b/glom/base_db.cc
@@ -1738,6 +1738,7 @@ bool Base_DB::add_user(const Glib::ustring& user, const Glib::ustring& password,
   if(user.empty() || password.empty() || group.empty())
     return false;
 
+  //TODO: Quote and escape the group and user names.
   //Create the user:
   //Note that ' around the user fails, so we use ".
   Glib::ustring strQuery = "CREATE USER \"" + user + "\" PASSWORD '" + password + "'" ; //TODO: Escape the password.
@@ -1776,7 +1777,8 @@ bool Base_DB::add_user(const Glib::ustring& user, const Glib::ustring& password,
 
   for(Document::type_listTableInfo::const_iterator iter = table_list.begin(); iter != table_list.end(); ++iter)
   {
-    const Glib::ustring strQuery = "REVOKE ALL PRIVILEGES ON \"" + (*iter)->get_name() + "\" FROM \"" + user + "\"";
+    const Glib::ustring table_name = (*iter)->get_name();
+    const Glib::ustring strQuery = "REVOKE ALL PRIVILEGES ON " + DbUtils::escape_sql_id(table_name) + " FROM \"" + user + "\"";
     const bool test = DbUtils::query_execute_string(strQuery);
     if(!test)
       std::cerr << G_STRFUNC << ": REVOKE failed." << std::endl;
diff --git a/glom/libglom/db_utils.cc b/glom/libglom/db_utils.cc
index 26cba52..9f31bf2 100644
--- a/glom/libglom/db_utils.cc
+++ b/glom/libglom/db_utils.cc
@@ -552,6 +552,7 @@ bool add_standard_groups(Document* document)
     type_vec_strings::const_iterator iterFind = std::find(vecGroups.begin(), vecGroups.end(), devgroup);
     if(iterFind == vecGroups.end())
     {
+      //TODO: Escape and quote the user and group names here?
       //The "SUPERUSER" here has no effect because SUPERUSER is not "inherited" to member users.
       //But let's keep it to make the purpose of this group obvious.
       bool test = query_execute_string("CREATE GROUP \"" GLOM_STANDARD_GROUP_NAME_DEVELOPER "\" WITH SUPERUSER");
@@ -1086,20 +1087,6 @@ bool create_table_with_default_fields(Document* document, const Glib::ustring& t
 
   created = create_table(table_info, fields);
 
-    //Create a table with 1 "ID" field:
-   //MSYQL:
-    //query_execute( "CREATE TABLE \"" + table_name + "\" (" + primary_key_name + " INT NOT NULL AUTO_INCREMENT PRIMARY KEY)" );
-    //query_execute( "INSERT INTO \"" + table_name + "\" VALUES (0)" );
-
-    //PostgresSQL:
-    //query_execute( "CREATE TABLE \"" + table_name + "\" (\"" + primary_key_name + "\" serial NOT NULL  PRIMARY KEY)" );
-
-    //query_execute( "CREATE TABLE \"" + table_name + "\" (" +
-    //  field_primary_key->get_name() + " numeric NOT NULL  PRIMARY KEY," +
-    //  extra_field_description + "varchar, " +
-    //  extra_field_comments + "varchar" +
-    //  ")" );
-
   if(created)
   {
     //Save the changes in the document:
diff --git a/glom/libglom/privs.cc b/glom/libglom/privs.cc
index aec2cfc..48e8dc0 100644
--- a/glom/libglom/privs.cc
+++ b/glom/libglom/privs.cc
@@ -226,11 +226,12 @@ void Privs::set_table_privileges(const Glib::ustring& group_name, const Glib::us
     }
   }
 
-  strQuery += " " + strPrivilege + " ON \"" + table_name + "\" ";
+  strQuery += " " + strPrivilege + " ON " + DbUtils::escape_sql_id(table_name) + " ";
 
   //This must match the Grant or Revoke:
   strQuery += "TO";
 
+  //TODO: Quote and escape group_name?
   strQuery += " GROUP \"" + group_name + "\"";
 
   const bool test = DbUtils::query_execute_string(strQuery);
diff --git a/glom/mode_design/users/dialog_groups_list.cc b/glom/mode_design/users/dialog_groups_list.cc
index 01f86f9..65c97d0 100644
--- a/glom/mode_design/users/dialog_groups_list.cc
+++ b/glom/mode_design/users/dialog_groups_list.cc
@@ -477,7 +477,7 @@ bool Dialog_GroupsList::set_table_privilege(const Glib::ustring& table_name, con
   else if(priv == PRIV_DELETE)
     strPrivilege = "DELETE";
 
-  strQuery += " " + strPrivilege + " ON \"" + table_name + "\" ";
+  strQuery += " " + strPrivilege + " ON " + DbUtils::escape_sql_id(table_name) + " ";
 
   //This must match the Grant or Revoke:
   if(grant)
@@ -485,6 +485,7 @@ bool Dialog_GroupsList::set_table_privilege(const Glib::ustring& table_name, con
   else
     strQuery += "FROM";
 
+  //TODO: Quote and escape group_name?
   strQuery += " GROUP \"" + group_name + "\"";
 
   const bool test = DbUtils::query_execute_string(strQuery); //TODO: Handle errors.
diff --git a/glom/mode_design/users/dialog_users_list.cc b/glom/mode_design/users/dialog_users_list.cc
index 5c34910..a23c72b 100644
--- a/glom/mode_design/users/dialog_users_list.cc
+++ b/glom/mode_design/users/dialog_users_list.cc
@@ -204,6 +204,7 @@ void Dialog_UsersList::on_button_user_add()
   if(!user.empty())
   {
     //Add it to the group:
+    //TODO: Quote and escape the group and user names?
     const Glib::ustring strQuery = "ALTER GROUP \"" + m_combo_group->get_active_text() + "\" ADD USER \"" + user + "\"";
     const bool test = DbUtils::query_execute_string(strQuery);
     if(!test)
@@ -214,7 +215,9 @@ void Dialog_UsersList::on_button_user_add()
 
     for(Document::type_listTableInfo::const_iterator iter = table_list.begin(); iter != table_list.end(); ++iter)
     {
-      const Glib::ustring strQuery = "REVOKE ALL PRIVILEGES ON \"" + (*iter)->get_name() + "\" FROM \"" + user + "\"";
+      //TODO: Quote and escape user?
+      const Glib::ustring table_name = (*iter)->get_name();
+      const Glib::ustring strQuery = "REVOKE ALL PRIVILEGES ON " + DbUtils::escape_sql_id(table_name) + " FROM \"" + user + "\"";
       const bool test = DbUtils::query_execute_string(strQuery);
       if(!test)
         std::cerr << G_STRFUNC << ": REVOKE failed." << std::endl;
[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]