[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#702771: marked as done (unblock: sqlobject/0.12.4-2.2)

Your message dated Mon, 11 Mar 2013 20:12:00 +0000
with message-id <1363032720.29496.6.camel@jacala.jungle.funky-badger.org>
and subject line Re: Bug#702771: unblock: sqlobject/0.12.4-2.2
has caused the Debian Bug report #702771,
regarding unblock: sqlobject/0.12.4-2.2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
702771: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702771
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package sqlobject

sqlobject 0.12.4-2.2 fixes #695233, which prevents it from working
properly with the default postgres version in wheezy. Since sqlobject
is a database ORM, this is a reasonably serious regression from
squeeze, so it would be useful to have it fixed.

debdiff sqlobject_0.12.4-2.1.dsc sqlobject_0.12.4-2.2.dsc

diff -Nru sqlobject-0.12.4/debian/changelog sqlobject-0.12.4/debian/changelog
--- sqlobject-0.12.4/debian/changelog	2012-01-14 16:12:15.000000000 +0200
+++ sqlobject-0.12.4/debian/changelog	2013-02-11 13:03:52.000000000 +0200
@@ -1,3 +1,13 @@
+sqlobject (0.12.4-2.2) unstable; urgency=low
+
+  * Non-maintainer upload.
+  * Fix "SQLObject doesn't escape strings correctly for postgresql 9.1":
+    new patch postgres_escape_0.12.4 backported from upstream (1.2.0).
+    (Closes: #695233)
+
+ -- Neil Muller <drnlmuller+debian@gmail.com>  Mon, 11 Feb 2013 13:03:04 +0200
+
+
 sqlobject (0.12.4-2.1) unstable; urgency=low
 
   * Non-maintainer upload.
diff -Nru sqlobject-0.12.4/debian/patches/postgres_escape_0.12.4 sqlobject-0.12.4/debian/patches/postgres_escape_0.12.4
--- sqlobject-0.12.4/debian/patches/postgres_escape_0.12.4	1970-01-01 02:00:00.000000000 +0200
+++ sqlobject-0.12.4/debian/patches/postgres_escape_0.12.4	2013-02-11 13:02:03.000000000 +0200
@@ -0,0 +1,169 @@
+Description: Postgresql 9.1 changed the default value of standard_conforming_strings to on. SQLObject only added support for the E'' escape syntax in version 1.2.0 
+Origin:      upstream, Version 1.2.0
+Bug-Debian:  http://bugs.debian.org/695233
+Author:      phd
+Last-Update: 2013-02-11
+
+--- a/sqlobject/converters.py	(revision 4567)
++++ b/sqlobject/converters.py	(working copy)
+@@ -1,6 +1,11 @@
++from array import array
++import datetime
++from decimal import Decimal
+ import sys
+-from array import array
++import time
++from types import ClassType, InstanceType, NoneType
+ 
++
+ try:
+     import mx.DateTime.ISO
+     origISOStr = mx.DateTime.ISO.strGMT
+@@ -15,17 +20,12 @@
+         DateTimeType = None
+         DateTimeDeltaType = None
+ 
+-import time
+-import datetime
+-
+ try:
+     import Sybase
+     NumericType=Sybase.NumericType
+ except ImportError:
+     NumericType = None
+ 
+-from decimal import Decimal
+-from types import ClassType, InstanceType, NoneType
+ 
+ ########################################
+ ## Quoting
+@@ -90,6 +90,8 @@
+         value = value.replace("'", "''")
+     else:
+         assert 0, "Database %s unknown" % db
++    if db in ('postgres', 'rdbhost') and ('\\' in value):
++        return "E'%s'" % value
+     return "'%s'" % value
+ 
+ registerConverter(str, StringLikeConverter)
+@@ -198,3 +200,17 @@
+         return converter(obj, db)
+     else:
+         return reprFunc(db)
++
++
++def quote_str(s, db):
++    if db in ('postgres', 'rdbhost') and ('\\' in s):
++        return "E'%s'" % s
++    return "'%s'" % s
++
++def unquote_str(s):
++    if s.upper().startswith("E'") and s.endswith("'"):
++        return s[2:-1]
++    elif s.startswith("'") and s.endswith("'"):
++        return s[1:-1]
++    else:
++        return s
+Index: sqlobject/sqlbuilder.py
+===================================================================
+--- a/sqlobject/sqlbuilder.py	(revision 4567)
++++ b/sqlobject/sqlbuilder.py	(working copy)
+@@ -70,7 +70,7 @@
+ import weakref
+ 
+ import classregistry
+-from converters import sqlrepr, registerConverter
++from converters import registerConverter, sqlrepr, quote_str, unquote_str
+ 
+ 
+ class VersionError(Exception):
+@@ -896,18 +896,18 @@
+         if isinstance(s, SQLExpression):
+             values = []
+             if self.prefix:
+-                values.append("'%s'" % self.prefix)
++                values.append(quote_str(self.prefix, db))
+             s = _quote_like_special(sqlrepr(s, db), db)
+             values.append(s)
+             if self.postfix:
+-                values.append("'%s'" % self.postfix)
++                values.append(quote_str(self.postfix, db))
+             if db == "mysql":
+                 return "CONCAT(%s)" % ", ".join(values)
+             else:
+                 return " || ".join(values)
+         elif isinstance(s, basestring):
+-            s = _quote_like_special(sqlrepr(s, db)[1:-1], db)
+-            return "'%s%s%s'" % (self.prefix, s, self.postfix)
++            s = _quote_like_special(unquote_str(sqlrepr(s, db)), db)
++            return quote_str("%s%s%s" % (self.prefix, s, self.postfix), db)
+         else:
+            raise TypeError, "expected str, unicode or SQLExpression, got %s" % type(s)
+ 
+Index: sqlobject/tests/test_converters.py
+===================================================================
+--- a/sqlobject/tests/test_converters.py	(revision 4567)
++++ b/sqlobject/tests/test_converters.py	(working copy)
+@@ -1,9 +1,11 @@
+ import sys
+ from sqlobject.sqlbuilder import sqlrepr
++from sqlobject.converters import registerConverter, sqlrepr, \
++     quote_str, unquote_str
+ from sqlobject.sqlbuilder import SQLExpression, SQLObjectField, \
+      Select, Insert, Update, Delete, Replace, \
+-     SQLTrueClauseClass, SQLConstant, SQLPrefix, SQLCall, SQLOp
+-from sqlobject.converters import registerConverter
++     SQLTrueClauseClass, SQLConstant, SQLPrefix, SQLCall, SQLOp, \
++     _LikeQuoted
+ 
+ class TestClass:
+ 
+@@ -40,23 +42,23 @@
+     assert sqlrepr('A String', 'firebird') == "'A String'"
+ 
+ def test_string_newline():
+-    assert sqlrepr('A String\nAnother', 'postgres') == "'A String\\nAnother'"
++    assert sqlrepr('A String\nAnother', 'postgres') == "E'A String\\nAnother'"
+     assert sqlrepr('A String\nAnother', 'sqlite') == "'A String\nAnother'"
+ 
+ def test_string_tab():
+-    assert sqlrepr('A String\tAnother', 'postgres') == "'A String\\tAnother'"
++    assert sqlrepr('A String\tAnother', 'postgres') == "E'A String\\tAnother'"
+ 
+ def test_string_r():
+-    assert sqlrepr('A String\rAnother', 'postgres') == "'A String\\rAnother'"
++    assert sqlrepr('A String\rAnother', 'postgres') == "E'A String\\rAnother'"
+ 
+ def test_string_b():
+-    assert sqlrepr('A String\bAnother', 'postgres') == "'A String\\bAnother'"
++    assert sqlrepr('A String\bAnother', 'postgres') == "E'A String\\bAnother'"
+ 
+ def test_string_000():
+-    assert sqlrepr('A String\000Another', 'postgres') == "'A String\\0Another'"
++    assert sqlrepr('A String\000Another', 'postgres') == "E'A String\\0Another'"
+ 
+ def test_string_():
+-    assert sqlrepr('A String\tAnother', 'postgres') == "'A String\\tAnother'"
++    assert sqlrepr('A String\tAnother', 'postgres') == "E'A String\\tAnother'"
+     assert sqlrepr('A String\'Another', 'firebird') == "'A String''Another'"
+ 
+ def test_simple_unicode():
+@@ -195,3 +197,18 @@
+             pass
+         else:
+             assert sqlrepr(Set([1])) == "(1)"
++
++def test_quote_unquote_str():
++    assert quote_str('test%', 'postgres') == "'test%'"
++    assert quote_str('test%', 'sqlite') == "'test%'"
++    assert quote_str('test\%', 'postgres') == "E'test\\%'"
++    assert quote_str('test\\%', 'sqlite') == "'test\%'"
++    assert unquote_str("'test%'") == 'test%'
++    assert unquote_str("'test\\%'") == 'test\\%'
++    assert unquote_str("E'test\\%'") == 'test\\%'
++
++def test_like_quoted():
++    assert sqlrepr(_LikeQuoted('test'), 'postgres') == "'test'"
++    assert sqlrepr(_LikeQuoted('test'), 'sqlite') == "'test'"
++    assert sqlrepr(_LikeQuoted('test%'), 'postgres') == r"E'test\\%'"
++    assert sqlrepr(_LikeQuoted('test%'), 'sqlite') == r"'test\%'"
diff -Nru sqlobject-0.12.4/debian/patches/series sqlobject-0.12.4/debian/patches/series
--- sqlobject-0.12.4/debian/patches/series	2012-01-14 16:05:43.000000000 +0200
+++ sqlobject-0.12.4/debian/patches/series	2013-02-11 12:27:45.000000000 +0200
@@ -1,2 +1,3 @@
 get_rid_of_setuptools
 psycopg2-autocommit
+postgres_escape_0.12.4



unblock sqlobject/0.12.4-2.2

-- System Information:
Debian Release: 7.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

--- End Message ---
--- Begin Message --- 
On Mon, 2013-03-11 at 11:22 +0200, Neil Muller wrote:
> sqlobject 0.12.4-2.2 fixes #695233, which prevents it from working
> properly with the default postgres version in wheezy. Since sqlobject
> is a database ORM, this is a reasonably serious regression from
> squeeze, so it would be useful to have it fixed.

The rejigging of the import statements was a little annoying; ah well.
Unblocked.

Regards,

Adam

--- End Message ---
Reply to: