On 05/18/2011 02:38 PM, Ionuț Arțăriși wrote:
On 05/18/2011 01:14 PM, Jan Pazdziora wrote:
...
Nack. This is SQL-injection-prone. You have to use bind parameters
or sanitize the input properly.
Thanks, I have fixed the SQL issue.
Besides, if you allow the list of errata id's to be passed in, which
would lead to multiple erratas to be returned, shouldn't you return
the id as well to make it clear which advisory name belongs to which
id?
We don't exactly need the errata ids, but I can see how this might be
useful, so I have changed the method to return a list of (id,
advisory_name) tuples.
This is tricky. What happens if the clients update their package, but
the server is not updated yet (and therefore the API is not there)?
We could catch the error and fallback to the packages-way, but it looks
like a common scenario: the client requiring something from the server.
Or we could look with getApiNamespaceCallList if the API is there. The
question is what to do if it is not.
--
Duncan Mac-Vicar P. - Novell® Making IT Work As One™
SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix
Imendörffer, HRB 16746 (AG Nürnberg)
Maxfeldstraße 5, 90409 Nürnberg, Germany
_______________________________________________
Spacewalk-devel mailing list
Spacewalk-devel@redhat.com
https://www.redhat.com/mailman/listinfo/spacewalk-devel
