* fixed some problems with SQL escapement for roster versioning. For example when we have double quote or another character like this. Fixes #5159

* some code refactoring for roster versioning in common/logger.py
* added a docstring and some comments in common/logger.py
This commit is contained in:
Anaël Verrier 2009-07-13 15:21:35 +02:00
parent d75fbca31b
commit 88065eb34f
1 changed files with 26 additions and 26 deletions

View File

@ -833,21 +833,25 @@ class Logger:
accout_name is the name of the account to change accout_name is the name of the account to change
roster_version is the version of the new roster roster_version is the version of the new roster
roster is the new version ''' roster is the new version '''
# First we must reset roster_version value to ensure that the server
# sends back all the roster at the next connexion if the replacement
# didn't work properly.
gajim.config.set_per('accounts', account_name, 'roster_version', '') gajim.config.set_per('accounts', account_name, 'roster_version', '')
account_jid = gajim.get_jid_from_account(account_name) account_jid = gajim.get_jid_from_account(account_name)
account_jid_id = self.get_jid_id(account_jid) account_jid_id = self.get_jid_id(account_jid)
# Delete old roster # Delete old roster
sql = 'DELETE FROM roster_entry WHERE account_jid_id = %d' % ( self.remove_roster(account_jid)
account_jid_id)
sql = 'DELETE FROM roster_group WHERE account_jid_id = %d' % (
account_jid_id)
# Fill roster tables with the new roster # Fill roster tables with the new roster
for jid in roster: for jid in roster:
self.add_or_update_contact(account_jid, jid, roster[jid]['name'], self.add_or_update_contact(account_jid, jid, roster[jid]['name'],
roster[jid]['subscription'], roster[jid]['ask'], roster[jid]['subscription'], roster[jid]['ask'],
roster[jid]['groups']) roster[jid]['groups'])
# At this point, we are sure the replacement works properly so we can
# set the new roster_version value.
gajim.config.set_per('accounts', account_name, 'roster_version', gajim.config.set_per('accounts', account_name, 'roster_version',
roster_version) roster_version)
@ -858,10 +862,9 @@ class Logger:
jid_id = self.get_jid_id(jid) jid_id = self.get_jid_id(jid)
except exceptions.PysqliteOperationalError, e: except exceptions.PysqliteOperationalError, e:
raise exceptions.PysqliteOperationalError(str(e)) raise exceptions.PysqliteOperationalError(str(e))
sql = 'DELETE FROM roster_group WHERE account_jid_id=%d AND jid_id=%d' % (account_jid_id, jid_id) self.cur.execute('DELETE FROM roster_group WHERE account_jid_id=? AND jid_id=?', (account_jid_id, jid_id))
self.cur.execute(sql) self.cur.execute('DELETE FROM roster_entry WHERE account_jid_id=? AND jid_id=?', (account_jid_id, jid_id))
sql = 'DELETE FROM roster_entry WHERE account_jid_id=%d AND jid_id=%d' % (account_jid_id, jid_id) self.con.commit()
self.simple_commit(sql)
def add_or_update_contact(self, account_jid, jid, name, sub, ask, groups): def add_or_update_contact(self, account_jid, jid, name, sub, ask, groups):
''' Add or update a contact from account_jid roster. ''' ''' Add or update a contact from account_jid roster. '''
@ -877,22 +880,20 @@ class Logger:
# Update groups information # Update groups information
# First we delete all previous groups information # First we delete all previous groups information
sql = 'DELETE FROM roster_group WHERE account_jid_id=%d AND jid_id=%d' % (account_jid_id, jid_id) self.cur.execute('DELETE FROM roster_group WHERE account_jid_id=? AND jid_id=?', (account_jid_id, jid_id))
self.cur.execute(sql)
# Then we add all new groups information # Then we add all new groups information
for group in groups: for group in groups:
sql = 'INSERT INTO roster_group VALUES("%d", "%d", "%s")' % ( self.cur.execute('INSERT INTO roster_group VALUES(?, ?, ?)',
account_jid_id, jid_id, group) (account_jid_id, jid_id, group))
self.cur.execute(sql)
if name is None: if name is None:
name = '' name = ''
sql = 'REPLACE INTO roster_entry VALUES("%d", "%d", "%s", "%s", "%d")'\ self.cur.execute('REPLACE INTO roster_entry VALUES(?, ?, ?, ?, ?)',
% (account_jid_id, jid_id, name, (account_jid_id, jid_id, name,
self.convert_human_subscription_values_to_db_api_values(sub), self.convert_human_subscription_values_to_db_api_values(sub),
bool(ask)) bool(ask)))
self.simple_commit(sql) self.con.commit()
def get_roster(self, account_jid): def get_roster(self, account_jid):
''' Return the accound_jid roster in NonBlockingRoster format. ''' ''' Return the accound_jid roster in NonBlockingRoster format. '''
@ -900,7 +901,7 @@ class Logger:
account_jid_id = self.get_jid_id(account_jid) account_jid_id = self.get_jid_id(account_jid)
# First we fill data with roster_entry informations # First we fill data with roster_entry informations
self.cur.execute('SELECT j.jid, re.jid_id, re.name, re.subscription, re.ask FROM roster_entry re, jids j WHERE re.account_jid_id="%(account_jid_id)s" AND j.jid_id=re.jid_id' % {'account_jid_id': account_jid_id}) self.cur.execute('SELECT j.jid, re.jid_id, re.name, re.subscription, re.ask FROM roster_entry re, jids j WHERE re.account_jid_id=? AND j.jid_id=re.jid_id', (account_jid_id,))
for jid, jid_id, name, subscription, ask in self.cur: for jid, jid_id, name, subscription, ask in self.cur:
data[jid] = {} data[jid] = {}
if name: if name:
@ -918,7 +919,7 @@ class Logger:
# Then we add group for roster entries # Then we add group for roster entries
for jid in data: for jid in data:
self.cur.execute('SELECT group_name FROM roster_group WHERE account_jid_id="%(account_jid_id)s" AND jid_id="%(jid_id)s"' % {'account_jid_id': account_jid_id, 'jid_id': data[jid]['id']}) self.cur.execute('SELECT group_name FROM roster_group WHERE account_jid_id=? AND jid_id=?', (account_jid_id, data[jid]['id']))
for (group_name,) in self.cur: for (group_name,) in self.cur:
data[jid]['groups'].append(group_name) data[jid]['groups'].append(group_name)
del data[jid]['id'] del data[jid]['id']
@ -926,14 +927,13 @@ class Logger:
return data return data
def remove_roster(self, account_jid): def remove_roster(self, account_jid):
''' Remove all entry from account_jid roster. '''
account_jid_id = self.get_jid_id(account_jid) account_jid_id = self.get_jid_id(account_jid)
sql = 'DELETE FROM roster_group WHERE account_jid_id=%d' % ( self.cur.execute('DELETE FROM roster_entry WHERE account_jid_id=?',
account_jid_id) (account_jid_id,))
self.cur.execute(sql) self.cur.execute('DELETE FROM roster_group WHERE account_jid_id=?',
(account_jid_id,))
sql = 'DELETE FROM roster_entry WHERE account_jid_id=%d' % ( self.con.commit()
account_jid_id)
self.simple_commit(sql)
# vim: se ts=3: # vim: se ts=3: