[glom] Use escape_sql_id() for privileges SQL queries.
- From: Murray Cumming <murrayc src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [glom] Use escape_sql_id() for privileges SQL queries.
- Date: Tue, 8 Nov 2011 14:22:27 +0000 (UTC)
commit 4393cad88b2b01da13e8614fbccb8d069693ba57
Author: Murray Cumming <murrayc murrayc com>
Date: Tue Nov 8 15:17:16 2011 +0100
Use escape_sql_id() for privileges SQL queries.
* glom/base_db.cc:
* glom/libglom/db_utils.cc:
* glom/libglom/privs.cc:
* glom/mode_design/users/dialog_groups_list.cc:
* glom/mode_design/users/dialog_users_list.cc: Use
DbUtils::escape_sql_id() instead of manually adding quotes with
no escaping. This seems to be the right thing to do for these
queries.
ChangeLog | 13 +++++++++++++
glom/base_db.cc | 17 ++++++++---------
glom/libglom/db_utils.cc | 6 +++---
glom/libglom/privs.cc | 3 +--
glom/mode_design/users/dialog_groups_list.cc | 7 +++----
glom/mode_design/users/dialog_users_list.cc | 8 +++-----
6 files changed, 31 insertions(+), 23 deletions(-)
---
diff --git a/ChangeLog b/ChangeLog
index fcef7b2..45ba97f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,18 @@
2011-11-08 Murray Cumming <murrayc murrayc com>
+ Use escape_sql_id() for privileges SQL queries.
+
+ * glom/base_db.cc:
+ * glom/libglom/db_utils.cc:
+ * glom/libglom/privs.cc:
+ * glom/mode_design/users/dialog_groups_list.cc:
+ * glom/mode_design/users/dialog_users_list.cc: Use
+ DbUtils::escape_sql_id() instead of manually adding quotes with
+ no escaping. This seems to be the right thing to do for these
+ queries.
+
+2011-11-08 Murray Cumming <murrayc murrayc com>
+
More use of escape_sql_id().
* glom/base_db.cc:
diff --git a/glom/base_db.cc b/glom/base_db.cc
index 549056b..e7f6bfa 100644
--- a/glom/base_db.cc
+++ b/glom/base_db.cc
@@ -1738,15 +1738,14 @@ bool Base_DB::add_user(const Glib::ustring& user, const Glib::ustring& password,
if(user.empty() || password.empty() || group.empty())
return false;
- //TODO: Quote and escape the group and user names.
//Create the user:
//Note that ' around the user fails, so we use ".
- Glib::ustring strQuery = "CREATE USER \"" + user + "\" PASSWORD '" + password + "'" ; //TODO: Escape the password.
+ Glib::ustring strQuery = "CREATE USER " + DbUtils::escape_sql_id(user) + " PASSWORD '" + password + "'" ; //TODO: Escape the password.
if(group == GLOM_STANDARD_GROUP_NAME_DEVELOPER)
strQuery += " SUPERUSER CREATEDB CREATEROLE"; //Because SUPERUSER is not "inherited" from groups to members.
- //Glib::ustring strQuery = "CREATE USER \"" + user + "\"";
+ //Glib::ustring strQuery = "CREATE USER " + DbUtils::escape_sql_id(user);
//if(group == GLOM_STANDARD_GROUP_NAME_DEVELOPER)
// strQuery += " WITH SUPERUSER"; //Because SUPERUSER is not "inherited" from groups to members.
//strQuery += " PASSWORD '" + password + "'" ; //TODO: Escape the password.
@@ -1760,7 +1759,7 @@ bool Base_DB::add_user(const Glib::ustring& user, const Glib::ustring& password,
}
//Add it to the group:
- strQuery = "ALTER GROUP \"" + group + "\" ADD USER \"" + user + "\"";
+ strQuery = "ALTER GROUP " + DbUtils::escape_sql_id(group) + " ADD USER " + DbUtils::escape_sql_id(user);
test = DbUtils::query_execute_string(strQuery);
if(!test)
{
@@ -1778,7 +1777,7 @@ bool Base_DB::add_user(const Glib::ustring& user, const Glib::ustring& password,
for(Document::type_listTableInfo::const_iterator iter = table_list.begin(); iter != table_list.end(); ++iter)
{
const Glib::ustring table_name = (*iter)->get_name();
- const Glib::ustring strQuery = "REVOKE ALL PRIVILEGES ON " + DbUtils::escape_sql_id(table_name) + " FROM \"" + user + "\"";
+ const Glib::ustring strQuery = "REVOKE ALL PRIVILEGES ON " + DbUtils::escape_sql_id(table_name) + " FROM " + DbUtils::escape_sql_id(user);
const bool test = DbUtils::query_execute_string(strQuery);
if(!test)
std::cerr << G_STRFUNC << ": REVOKE failed." << std::endl;
@@ -1793,7 +1792,7 @@ bool Base_DB::remove_user(const Glib::ustring& user)
if(user.empty())
return false;
- const Glib::ustring strQuery = "DROP USER \"" + user + "\"";
+ const Glib::ustring strQuery = "DROP USER " + DbUtils::escape_sql_id(user);
const bool test = DbUtils::query_execute_string(strQuery);
if(!test)
{
@@ -1809,7 +1808,7 @@ bool Base_DB::remove_user_from_group(const Glib::ustring& user, const Glib::ustr
if(user.empty() || group.empty())
return false;
- const Glib::ustring strQuery = "ALTER GROUP \"" + group + "\" DROP USER \"" + user + "\"";
+ const Glib::ustring strQuery = "ALTER GROUP " + DbUtils::escape_sql_id(group) + " DROP USER " + DbUtils::escape_sql_id(user);
const bool test = DbUtils::query_execute_string(strQuery);
if(!test)
{
@@ -1830,7 +1829,7 @@ bool Base_DB::set_database_owner_user(const Glib::ustring& user)
if(database_name.empty())
return false;
- const Glib::ustring strQuery = "ALTER DATABASE \"" + database_name + "\" OWNER TO \"" + user + "\"";
+ const Glib::ustring strQuery = "ALTER DATABASE " + DbUtils::escape_sql_id(database_name) + " OWNER TO " + DbUtils::escape_sql_id(user);
const bool test = DbUtils::query_execute_string(strQuery);
if(!test)
{
@@ -1854,7 +1853,7 @@ bool Base_DB::disable_user(const Glib::ustring& user)
remove_user_from_group(user, group);
}
- const Glib::ustring strQuery = "ALTER ROLE \"" + user + "\" NOLOGIN NOSUPERUSER NOCREATEDB NOCREATEROLE";
+ const Glib::ustring strQuery = "ALTER ROLE " + DbUtils::escape_sql_id(user) + " NOLOGIN NOSUPERUSER NOCREATEDB NOCREATEROLE";
const bool test = DbUtils::query_execute_string(strQuery);
if(!test)
{
diff --git a/glom/libglom/db_utils.cc b/glom/libglom/db_utils.cc
index 9f31bf2..5a20910 100644
--- a/glom/libglom/db_utils.cc
+++ b/glom/libglom/db_utils.cc
@@ -555,7 +555,7 @@ bool add_standard_groups(Document* document)
//TODO: Escape and quote the user and group names here?
//The "SUPERUSER" here has no effect because SUPERUSER is not "inherited" to member users.
//But let's keep it to make the purpose of this group obvious.
- bool test = query_execute_string("CREATE GROUP \"" GLOM_STANDARD_GROUP_NAME_DEVELOPER "\" WITH SUPERUSER");
+ bool test = query_execute_string("CREATE GROUP " + DbUtils::escape_sql_id(GLOM_STANDARD_GROUP_NAME_DEVELOPER) + " WITH SUPERUSER");
if(!test)
{
std::cerr << G_STRFUNC << ": CREATE GROUP failed when adding the developer group." << std::endl;
@@ -565,7 +565,7 @@ bool add_standard_groups(Document* document)
//Make sure the current user is in the developer group.
//(If he is capable of creating these groups then he is obviously a developer, and has developer rights on the postgres server.)
const Glib::ustring current_user = ConnectionPool::get_instance()->get_user();
- const Glib::ustring strQuery = "ALTER GROUP \"" GLOM_STANDARD_GROUP_NAME_DEVELOPER "\" ADD USER \"" + current_user + "\"";
+ const Glib::ustring strQuery = "ALTER GROUP " + DbUtils::escape_sql_id(GLOM_STANDARD_GROUP_NAME_DEVELOPER) + " ADD USER " + DbUtils::escape_sql_id(current_user);
test = query_execute_string(strQuery);
if(!test)
{
@@ -638,7 +638,7 @@ bool add_groups_from_document(Document* document)
type_vec_strings::const_iterator iterFind = std::find(database_groups.begin(), database_groups.end(), name);
if(!name.empty() && iterFind == database_groups.end())
{
- Glib::ustring query = "CREATE GROUP \"" + name + "\"";
+ Glib::ustring query = "CREATE GROUP " + escape_sql_id(name);
//The "SUPERUSER" here has no effect because SUPERUSER is not "inherited" to member users.
//But let's keep it to make the purpose of this group obvious.
diff --git a/glom/libglom/privs.cc b/glom/libglom/privs.cc
index 48e8dc0..f29f6cc 100644
--- a/glom/libglom/privs.cc
+++ b/glom/libglom/privs.cc
@@ -231,8 +231,7 @@ void Privs::set_table_privileges(const Glib::ustring& group_name, const Glib::us
//This must match the Grant or Revoke:
strQuery += "TO";
- //TODO: Quote and escape group_name?
- strQuery += " GROUP \"" + group_name + "\"";
+ strQuery += " GROUP " + DbUtils::escape_sql_id(group_name);
const bool test = DbUtils::query_execute_string(strQuery);
if(!test)
diff --git a/glom/mode_design/users/dialog_groups_list.cc b/glom/mode_design/users/dialog_groups_list.cc
index 65c97d0..6e56334 100644
--- a/glom/mode_design/users/dialog_groups_list.cc
+++ b/glom/mode_design/users/dialog_groups_list.cc
@@ -222,7 +222,7 @@ void Dialog_GroupsList::on_button_group_delete()
if(response == Gtk::RESPONSE_OK)
{
- const Glib::ustring strQuery = "DROP GROUP \"" + group + "\"";
+ const Glib::ustring strQuery = "DROP GROUP " + DbUtils::escape_sql_id(group);
const bool test = DbUtils::query_execute_string(strQuery);
if(!test)
std::cerr << G_STRFUNC << ": DROP GROUP failed." << std::endl;
@@ -255,7 +255,7 @@ void Dialog_GroupsList::on_button_group_new()
if(!group_name.empty())
{
- const Glib::ustring strQuery = "CREATE GROUP \"" + group_name + "\"";
+ const Glib::ustring strQuery = "CREATE GROUP " + DbUtils::escape_sql_id(group_name);
const bool test = DbUtils::query_execute_string(strQuery);
if(!test)
std::cout << "debug: " << G_STRFUNC << ": CREATE GROUP failed." << std::endl;
@@ -485,8 +485,7 @@ bool Dialog_GroupsList::set_table_privilege(const Glib::ustring& table_name, con
else
strQuery += "FROM";
- //TODO: Quote and escape group_name?
- strQuery += " GROUP \"" + group_name + "\"";
+ strQuery += " GROUP " + DbUtils::escape_sql_id(group_name);
const bool test = DbUtils::query_execute_string(strQuery); //TODO: Handle errors.
if(!test)
diff --git a/glom/mode_design/users/dialog_users_list.cc b/glom/mode_design/users/dialog_users_list.cc
index a23c72b..68bf5cb 100644
--- a/glom/mode_design/users/dialog_users_list.cc
+++ b/glom/mode_design/users/dialog_users_list.cc
@@ -204,8 +204,7 @@ void Dialog_UsersList::on_button_user_add()
if(!user.empty())
{
//Add it to the group:
- //TODO: Quote and escape the group and user names?
- const Glib::ustring strQuery = "ALTER GROUP \"" + m_combo_group->get_active_text() + "\" ADD USER \"" + user + "\"";
+ const Glib::ustring strQuery = "ALTER GROUP " + DbUtils::escape_sql_id(m_combo_group->get_active_text()) + " ADD USER " + DbUtils::escape_sql_id(user);
const bool test = DbUtils::query_execute_string(strQuery);
if(!test)
std::cerr << G_STRFUNC << ": ALTER GROUP failed." << std::endl;
@@ -215,9 +214,8 @@ void Dialog_UsersList::on_button_user_add()
for(Document::type_listTableInfo::const_iterator iter = table_list.begin(); iter != table_list.end(); ++iter)
{
- //TODO: Quote and escape user?
const Glib::ustring table_name = (*iter)->get_name();
- const Glib::ustring strQuery = "REVOKE ALL PRIVILEGES ON " + DbUtils::escape_sql_id(table_name) + " FROM \"" + user + "\"";
+ const Glib::ustring strQuery = "REVOKE ALL PRIVILEGES ON " + DbUtils::escape_sql_id(table_name) + " FROM " + DbUtils::escape_sql_id(user);
const bool test = DbUtils::query_execute_string(strQuery);
if(!test)
std::cerr << G_STRFUNC << ": REVOKE failed." << std::endl;
@@ -328,7 +326,7 @@ void Dialog_UsersList::on_button_user_edit()
if(!user.empty() && !password.empty())
{
- const Glib::ustring strQuery = "ALTER USER \"" + user + "\" PASSWORD '" + password + "'" ; //TODO: Escape the password.
+ const Glib::ustring strQuery = "ALTER USER " + DbUtils::escape_sql_id(user) + " PASSWORD '" + password + "'" ; //TODO: Escape the password.
const bool test = DbUtils::query_execute_string(strQuery);
if(!test)
std::cerr << G_STRFUNC << ": ALTER USER failed." << std::endl;
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
