openstack
/
swift
Code Issues Proposed changes

Parameterize SQL args 

'Cause I want to have shard ranges with quotes in them LIKE A CRAZY PERSON.

Change-Id: I18f84caf2eb4fe17fbe28d7cb5d65cec4da7474d
This commit is contained in:
Tim Burke 2018-04-26 16:56:53 -07:00
parent 5eb65e4b89
commit bef2a855d2
1 changed files with 12 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
swift/container/backend.py
View File

@ -1591,25 +1591,30 @@ class ContainerBroker(DatabaseBroker):
try:
condition = ''
conditions = []
params = []
if not include_deleted:
conditions.append('deleted=0')
if included_states:
state_list = ','.join([str(st) for st in included_states])
conditions.append('state in (%s)' % state_list)
conditions.append('state in (%s)' % ','.join(
'?' * len(included_states)))
params.extend(included_states)
if excluded_states:
state_list = ','.join([str(st) for st in excluded_states])
conditions.append('state not in (%s)' % state_list)
conditions.append('state not in (%s)' % ','.join(
'?' * len(excluded_states)))
params.extend(excluded_states)
if not include_own:
conditions.append('name!="%s"' % self.path)
conditions.append('name != ?')
params.append(self.path)
if exclude_others:
conditions.append('name="%s"' % self.path)
conditions.append('name = ?')
params.append(self.path)
if conditions:
condition = ' WHERE ' + ' AND '.join(conditions)
sql = '''
SELECT %s
FROM shard_ranges%s;
''' % (', '.join(SHARD_RANGE_KEYS), condition)
data = conn.execute(sql)
data = conn.execute(sql, params)
data.row_factory = None
return [row for row in data]
except sqlite3.OperationalError as err: