Opened 11 years ago
Closed 11 years ago
#21844 closed Cleanup/optimization (fixed)
BaseDatabaseOperations.quote_parameter should be relocated to DatabaseSchemaEditor
| Reported by: | Michael Manfre | Owned by: | nobody |
|---|---|---|---|
| Component: | Migrations | Version: | dev |
| Severity: | Release blocker | Keywords: | |
| Cc: | Triage Stage: | Accepted | |
| Has patch: | no | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
Schema migrations added BaseDatabaseOperations.quote_parameter to help generate an SQL string. Per the docstring "This should NOT be used to prepare SQL statements to send to the database". It should be relocated to BaseDatabaseSchemaEditor because that is the only place it should be used.
Setting ticket as release blocker because leaving it on BaseDatabaseOperations can lead to future code misusing this and the implementation (specifically Oracle's) is an SQL injection waiting to happen.
Change History (2)
comment:1 by , 11 years ago
| Component: | Database layer (models, ORM) → Migrations |
|---|---|
| Triage Stage: | Unreviewed → Accepted |
comment:2 by , 11 years ago
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
Note:
See TracTickets
for help on using tickets.
In 42607a9e33e63639d1da2166b9a2f85c691e07ae: