#44: WebStat: Clean escape_string from queries
---------------------+------------------------------------------------------
Reporter: jlavik | Owner: jlavik
Type: defect | Status: new
Priority: minor | Milestone:
Component: WebStat | Version:
Keywords: |
---------------------+------------------------------------------------------
Running 'make kwalitee-check-sql-queries' reveals, among others, use of
escape_string in generation of queries in webstat_engine.py.
{{{
** SQL queries using charset-ignorant escape_string():
...
./modules/webstat/lib/webstat.py:33:from invenio.dbquery import run_sql,
escape_string
./modules/webstat/lib/webstat.py:174: arg = escape_string(argument)
./modules/webstat/lib/webstat_engine.py:25:from invenio.dbquery import
run_sql, escape_string
./modules/webstat/lib/webstat_engine.py:259:
sql_query.append("AND `%s`" % escape_string(col_title))
./modules/webstat/lib/webstat_engine.py:261:
sql_query.append("OR `%s`" % escape_string(col_title))
./modules/webstat/lib/webstat_engine.py:263:
sql_query.append("AND NOT `%s`" % escape_string(col_title))
./modules/webstat/lib/webstat_engine.py:317:
sql_query.append("AND `%s`" % escape_string(col_title))
./modules/webstat/lib/webstat_engine.py:319:
sql_query.append("OR `%s`" % escape_string(col_title))
./modules/webstat/lib/webstat_engine.py:321:
sql_query.append("AND NOT `%s`" % escape_string(col_title))
...
}}}
This should be cleaned.
--
Ticket URL: <http://cdswaredev.cern.ch/invenio/ticket/44>
Invenio <http://cdswaredev.cern.ch/invenio>
