[MediaWiki-commits] [Gerrit] Substitue values in SQL returned for display - change (wikimedia...dash)

[Ejegg (Code Review)]

Ejegg has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/180090

Change subject: Substitue values in SQL returned for display
......................................................................

Substitue values in SQL returned for display

Shows quoted values instead of '?' placeholders in sqlQuery returned
for display.  Note: output of this fn is not to be sent to database
under any circumstances!

Change-Id: I5642061184eaaca042fd6ab62075b6d0da75164c
---
M routes/data.js
1 file changed, 19 insertions(+), 1 deletion(-)


  git pull ssh://gerrit.wikimedia.org:29418/wikimedia/fundraising/dash 
refs/changes/90/180090/1

diff --git a/routes/data.js b/routes/data.js
index 59b9372..a61103d 100644
--- a/routes/data.js
+++ b/routes/data.js
@@ -170,6 +170,24 @@
        return '';
 }
 
+/**
+ * Create a SQL string to show what the query looks like with parameter values
+ * inserted at placeholders.
+ * CAUTION: Only for display. Do not send the output of this function to the 
db!
+ * @param string sqlQuery query text with '?' placeholders
+ * @param Array values parameter values to insert
+ * @returns string query formatted for display. DO NOT SEND TO DB!
+ */
+function substituteParams( sqlQuery, values) {
+       var valueIndex = 0;
+       while ( sqlQuery.indexOf( '?' ) > -1 ) {
+               // Replace only the first ?
+               sqlQuery = sqlQuery.replace( /\?/, '\'' + values[valueIndex] + 
'\'' );
+               valueIndex++;
+       }
+       return sqlQuery;
+}
+
 module.exports = function(req, res) {
        var widget = widgets[req.params.widget],
                qs = urlParser.parse( req.url ).query,
@@ -258,7 +276,7 @@
                        res.json( { error: 'Query error: ' + error } );
                        return;
                }
-               result = { results: dbResults, sqlQuery: sqlQuery, timestamp: 
new Date().getTime() };
+               result = { results: dbResults, sqlQuery: substituteParams( 
sqlQuery, values), timestamp: new Date().getTime() };
                logger.debug( 'Storing results at cache key ' + cacheKey );
                cache.put( req.url, result, config.cacheDuration );
                res.json( result );

-- 
To view, visit https://gerrit.wikimedia.org/r/180090
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I5642061184eaaca042fd6ab62075b6d0da75164c
Gerrit-PatchSet: 1
Gerrit-Project: wikimedia/fundraising/dash
Gerrit-Branch: master
Gerrit-Owner: Ejegg <eeggles...@wikimedia.org>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits