Awight has uploaded a new change for review.
https://gerrit.wikimedia.org/r/282308
Change subject: Escape paging IDs
......................................................................
Escape paging IDs
This allows us to use unsafe or non-numeric column data for paging.
Change-Id: I9c052e43fee85785f6c4139f5008a83ba8d174f1
---
M database/db.py
1 file changed, 4 insertions(+), 3 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/wikimedia/fundraising/tools
refs/changes/08/282308/1
diff --git a/database/db.py b/database/db.py
index 2009890..c783a8e 100644
--- a/database/db.py
+++ b/database/db.py
@@ -78,7 +78,7 @@
count = 0
query.limit = pageSize
- query.order_by.append("%s %s" % (pageIndex, dir))
+ query.order_by.append("'%s' %s" %
(self.db_conn.escape_string(pageIndex), dir))
lastId = None
while True:
@@ -95,10 +95,11 @@
if lastId is not None:
del query.where[-1]
lastId = result[pageIndex]
+ query.params['lastId'] = lastId
if dir == 'ASC':
- query.where.append("%s > %s" % (pageIndex, lastId))
+ query.where.append("%s > %%(lastId)s" % (pageIndex))
else:
- query.where.append("%s < %s" % (pageIndex, lastId))
+ query.where.append("%s < %%(lastId)s" % (pageIndex))
def last_insert_id(self):
--
To view, visit https://gerrit.wikimedia.org/r/282308
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I9c052e43fee85785f6c4139f5008a83ba8d174f1
Gerrit-PatchSet: 1
Gerrit-Project: wikimedia/fundraising/tools
Gerrit-Branch: master
Gerrit-Owner: Awight <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
