On Tue, Aug 30, 2011 at 8:20 PM, Thomas Sibley <t...@bestpractical.com> wrote: > On 08/30/2011 10:23 AM, Stanislav Sinyagin wrote: >> Obviously line 1284 in lib/Jifty/DBI/Collection.pm produces that. >> >> It will be great to have a workaround which allows non-ANSI SQL operators. > > Perhaps a different key? Or a refactoring the operator check into the > handle class, so it can be db-specific? > > I'm not sure what the best solution is at the moment.
That check was implemented to prevent SQL injections and It's possible to loose granularity to: /^(=|<|>|!=|<>|<=|>=|[a-z_\s]+)$/ix Or a little bit more precise: /^(=|<|>|!=|<>|<=|>=|((IS\s+)?(NOT\s+)?)[a-z_]+)$/ix I think it covers security pretty well and gives freedom. > Thomas > _______________________________________________ > jifty-devel mailing list > jifty-devel@lists.jifty.org > http://lists.jifty.org/cgi-bin/mailman/listinfo/jifty-devel > -- Best regards, Ruslan. _______________________________________________ jifty-devel mailing list jifty-devel@lists.jifty.org http://lists.jifty.org/cgi-bin/mailman/listinfo/jifty-devel
