r87143 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r87142‎ \| r87143 \| r87144 >
Date:	22:27, 29 April 2011
Author:	overlordq
Status:	ok (Comments)
Tags:	todo
Comment:	Followup to r85907, correctly quote table names. Followup to r87129, add handling of arrayed GROUP BY/ORDER BY options to match core class so that this will indeed work.
Modified paths:	/trunk/phase3/includes/db/DatabasePostgres.php (modified) (history)

Diff [purge]

Index: trunk/phase3/includes/db/DatabasePostgres.php
—	—	@@ -39,7 +39,7 @@
40	40	AND attname=%s;
41	41	SQL;
42	42
43		~~- $table = $db->tableName( $table );~~
	43	+ $table = $db->tableName( $table, false );
44	44	$res = $db->query(
45	45	sprintf( $q,
46	46	$db->addQuotes( $wgDBmwschema ),
—	—	@@ -819,7 +819,7 @@
820	820	if ( !$schema ) {
821	821	$schema = $wgDBmwschema;
822	822	}
823		~~- $table = $this->tableName( $table );~~
	823	+ $table = $this->tableName( $table, false );
824	824	$etable = $this->addQuotes( $table );
825	825	$eschema = $this->addQuotes( $schema );
826	826	$SQL = "SELECT 1 FROM pg_catalog.pg_class c, pg_catalog.pg_namespace n "
—	—	@@ -1002,13 +1002,21 @@
1003	1003	}
1004	1004
1005	1005	if ( isset( $options['GROUP BY'] ) ) {
1006		~~- $preLimitTail .= ' GROUP BY ' . $options['GROUP BY'];~~
	1006	+ $gb = is_array( $options['GROUP BY'] )
	1007	+ ? implode( ',', $options['GROUP BY'] )
	1008	+ : $options['GROUP BY'];
	1009	+ $preLimitTail .= " GROUP BY {$gb}";
1007	1010	}
	1011	+
1008	1012	if ( isset( $options['HAVING'] ) ) {
1009	1013	$preLimitTail .= " HAVING {$options['HAVING']}";
1010	1014	}
	1015	+
1011	1016	if ( isset( $options['ORDER BY'] ) ) {
1012		~~- $preLimitTail .= ' ORDER BY ' . $options['ORDER BY'];~~
	1017	+ $ob = is_array( $options['ORDER BY'] )
	1018	+ ? implode( ',', $options['ORDER BY'] )
	1019	+ : $options['ORDER BY'];
	1020	+ $preLimitTail .= " ORDER BY {$ob}";
1013	1021	}
1014	1022
1015	1023	//if ( isset( $options['LIMIT'] ) ) {

Past revisions this follows-up on

Revision	Commit summary	Author	Date
r85907	Follow up r85888: Add the parameter to DatabasePostgres.php and DatabaseOracl...	platonides	18:59, 12 April 2011
r87129	* (bug 21196) Article::getContributors() no longer fail on PostgreSQL...	ialex	18:27, 29 April 2011

Comments

#Comment by Brion VIBBER (talk | contribs) 00:40, 8 June 2011

Rather than calling $db->tableName( $foo, false ) with an opaque parameter and then calling $db->addQuotes() explicitly... consider simply calling $db->tableName( $foo ) and not double-escaping it. :) This will make things simpler and less confusing for future maintainers.

#Comment by Brion VIBBER (talk | contribs) 00:42, 8 June 2011

Hmm.. actually it makes sense, as identifier and *string* escaping may be different here, and you're tossing them into queries.

Proper thing to do is probably to have a clearer constant to use on the second parameter to tableName, as the 'false' is totally unclear. :) Marking OK with a todo.

Status & tagging log

00:42, 8 June 2011 Brion VIBBER (talk | contribs) changed the tags for r87143 [added: todo]
00:42, 8 June 2011 Brion VIBBER (talk | contribs) changed the status of r87143 [removed: fixme added: ok]
00:40, 8 June 2011 Brion VIBBER (talk | contribs) changed the status of r87143 [removed: new added: fixme]