Raphael Collet (OpenERP) has proposed merging
lp:~openerp-dev/openobject-server/trunk-fix_execute_params-rco into
lp:openobject-server.
Requested reviews:
OpenERP Core Team (openerp)
For more details, see:
https://code.launchpad.net/~openerp-dev/openobject-server/trunk-fix_execute_params-rco/+merge/129640
Fix an incorrect use of cr.execute in method login() of model res.users.
--
https://code.launchpad.net/~openerp-dev/openobject-server/trunk-fix_execute_params-rco/+merge/129640
Your team OpenERP R&D Team is subscribed to branch
lp:~openerp-dev/openobject-server/trunk-fix_execute_params-rco.
=== modified file 'openerp/addons/base/res/res_users.py'
--- openerp/addons/base/res/res_users.py 2012-10-05 10:12:20 +0000
+++ openerp/addons/base/res/res_users.py 2012-10-15 10:10:29 +0000
@@ -409,8 +409,8 @@
# prevent/delay login in that case. It will also have been logged
# as a SQL error, if anyone cares.
try:
- cr.execute("SELECT id FROM res_users WHERE id=%s FOR UPDATE NOWAIT", str(user_id))
- cr.execute("UPDATE res_users SET login_date = now() AT TIME ZONE 'UTC' WHERE id=%s", str(user_id))
+ cr.execute("SELECT id FROM res_users WHERE id=%s FOR UPDATE NOWAIT", (user_id,))
+ cr.execute("UPDATE res_users SET login_date = now() AT TIME ZONE 'UTC' WHERE id=%s", (user_id,))
except Exception, e:
_logger.exception("Failed to update last_login for db:%s login:%s", db, login)
except openerp.exceptions.AccessDenied:
=== modified file 'openerp/sql_db.py'
--- openerp/sql_db.py 2012-09-24 10:14:04 +0000
+++ openerp/sql_db.py 2012-10-15 10:10:29 +0000
@@ -215,6 +215,9 @@
_logger.warning(query)
_logger.warning("SQL queries cannot contain %d or %f anymore. "
"Use only %s")
+ if params and not isinstance(params, (tuple, list, dict)):
+ _logger.error("SQL query parameters should be a tuple, list or dict; got %r", params)
+ raise ValueError("SQL query parameters should be a tuple, list or dict; got %r" % (params,))
if self.sql_log:
now = mdt.now()
=== added file 'openerp/tests/test_db_cursor.py'
--- openerp/tests/test_db_cursor.py 1970-01-01 00:00:00 +0000
+++ openerp/tests/test_db_cursor.py 2012-10-15 10:10:29 +0000
@@ -0,0 +1,36 @@
+# -*- coding: utf-8 -*-
+# Run with one of these commands:
+# > OPENERP_ADDONS_PATH='../../addons/trunk' OPENERP_PORT=8069 \
+# OPENERP_DATABASE=yy PYTHONPATH=. python tests/test_ir_sequence.py
+# > OPENERP_ADDONS_PATH='../../addons/trunk' OPENERP_PORT=8069 \
+# OPENERP_DATABASE=yy nosetests tests/test_ir_sequence.py
+# > OPENERP_ADDONS_PATH='../../../addons/trunk' OPENERP_PORT=8069 \
+# OPENERP_DATABASE=yy PYTHONPATH=../:. unit2 test_ir_sequence
+# This assume an existing database.
+
+import unittest2
+
+import openerp
+import common
+
+DB = common.DB
+ADMIN_USER_ID = common.ADMIN_USER_ID
+
+def cursor():
+ return openerp.modules.registry.RegistryManager.get(DB).db.cursor()
+
+
+class test_ir_sequence_standard(unittest2.TestCase):
+ """ Try cr.execute with wrong parameters """
+
+ def test_execute_bad_params(self):
+ """ Try to use non-iterable in query parameters. """
+ cr = cursor()
+ with self.assertRaises(ValueError):
+ cr.execute("SELECT id FROM res_users WHERE login=%s", 'admin')
+ with self.assertRaises(ValueError):
+ cr.execute("SELECT id FROM res_users WHERE id=%s", 1)
+ with self.assertRaises(ValueError):
+ cr.execute("SELECT id FROM res_users WHERE id=%s", '1')
+
+# vim:expandtab:smartindent:tabstop=4:softtabstop=4:shiftwidth=4:
_______________________________________________
Mailing list: https://launchpad.net/~openerp-dev-gtk
Post to : [email protected]
Unsubscribe : https://launchpad.net/~openerp-dev-gtk
More help : https://help.launchpad.net/ListHelp
