Re: [Django] #30408: CheckConstraint with lookup using LIKE & % crash on Oracle and PostgreSQL.

Wed, 10 May 2023 10:21:18 -0700 

#30408: CheckConstraint with lookup using LIKE & % crash on Oracle and 
PostgreSQL.
-------------------------------------+-------------------------------------
     Reporter:  David Sanders        |                    Owner:  Simon
                                     |  Charette
         Type:  Bug                  |                   Status:  closed
    Component:  Database layer       |                  Version:  2.2
  (models, ORM)                      |
     Severity:  Release blocker      |               Resolution:  fixed
     Keywords:                       |             Triage Stage:  Ready for
                                     |  checkin
    Has patch:  1                    |      Needs documentation:  0
  Needs tests:  0                    |  Patch needs improvement:  0
Easy pickings:  0                    |                    UI/UX:  0
-------------------------------------+-------------------------------------

Comment (by Mariusz Felisiak <felisiak.mariusz@…>):

 In [changeset:"ffff17d4b0117cce59f65c9f56fa164694eafd23" ffff17d4]:
 {{{
 #!CommitTicketReference repository=""
 revision="ffff17d4b0117cce59f65c9f56fa164694eafd23"
 Fixed #34553 -- Fixed improper % escaping of literal in constraints.

 Proper escaping of % in string literals used when defining constaints
 was attempted (a8b3f96f6) by overriding quote_value of Postgres and
 Oracle schema editor. The same approach was used when adding support for
 constraints to the MySQL/MariaDB backend (1fc2c70).

 Later on it was discovered that this approach was not appropriate and
 that a preferable one was to pass params=None when executing the
 constraint creation DDL to avoid any form of interpolation in the first
 place (42e8cf47).

 When the second patch was applied the corrective of the first were not
 removed which caused % literals to be unnecessary doubled. This flew
 under the radar because the existings test were crafted in a way that
 consecutive %% didn't catch regressions.

 This commit introduces an extra test for __exact lookups which
 highlights more adequately % doubling problems but also adjust a
 previous __endswith test to cover % doubling problems (%\% -> %%\%%).

 Thanks Thomas Kolar for the report.

 Refs #32369, #30408, #30593.
 }}}

-- 
Ticket URL: <https://code.djangoproject.com/ticket/30408#comment:7>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/0107018806ae5567-4629c73e-f128-495b-bdad-0b89be8fdb90-000000%40eu-central-1.amazonses.com.

Reply via email to