On 05/18/2011 03:22 PM, Duncan Mac-Vicar P. wrote: > On 05/18/2011 02:38 PM, Ionuț Arțăriși wrote: >> On 05/18/2011 01:14 PM, Jan Pazdziora wrote: >> >> ... >>> Nack. This is SQL-injection-prone. You have to use bind parameters >>> or sanitize the input properly. >> Thanks, I have fixed the SQL issue. >> >>> Besides, if you allow the list of errata id's to be passed in, which >>> would lead to multiple erratas to be returned, shouldn't you return >>> the id as well to make it clear which advisory name belongs to which >>> id? >> >> We don't exactly need the errata ids, but I can see how this might be >> useful, so I have changed the method to return a list of (id, >> advisory_name) tuples. > > This is tricky. What happens if the clients update their package, but > the server is not updated yet (and therefore the API is not there)? > > We could catch the error and fallback to the packages-way, but it looks > like a common scenario: the client requiring something from the server. > > Or we could look with getApiNamespaceCallList if the API is there.
Or you can use capability. See commit: 6006097b890aa925e06bf65a81d11d73f78b9103 for example. -- Miroslav Suchy Red Hat Satellite Engineering _______________________________________________ Spacewalk-devel mailing list Spacewalk-devel@redhat.com https://www.redhat.com/mailman/listinfo/spacewalk-devel
