#34459: SearchVector() can return query strings that are unsafe to combine.
----------------------------------+------------------------------------
Reporter: Patryk Zawadzki | Owner: (none)
Type: Bug | Status: new
Component: contrib.postgres | Version: 4.2
Severity: Release blocker | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
----------------------------------+------------------------------------
Comment (by Mariusz Felisiak):
Replying to [comment:13 Florian Apolloner]:
> Yes, but the schema editor has generally been a thing where we know we
do suboptimal things and we have the generated SQL under control. Here we
have (in the worst case) user input and it simply feels like opening a can
of worms if we are not able to distinguish between parameters and the sql
iteself clearly.
Alternatively, we can remove `compose_sql()` from `SearchVector` (it was
added in
[https://github.com/django/django/commit/f83ee2a23ee28a271a50a005b62259d735fbea3f
f83ee2a23ee28a271a50a005b62259d735fbea3f]) but looks unnecessary now, see
draft [https://github.com/django/django/pull/16731 PR]. We can add test
for an index with `SearchVector` to confirm this.
--
Ticket URL: <https://code.djangoproject.com/ticket/34459#comment:14>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/01070187527ff090-3f55b773-c654-47a9-9445-c40c71dcb04f-000000%40eu-central-1.amazonses.com.
