#15209 closed (duplicate)
Manager.raw() allow for WITH ( ... ) SELECT
| Reported by: | Mike Fogel | Owned by: | nobody |
|---|---|---|---|
| Component: | Database layer (models, ORM) | Version: | dev |
| Severity: | Keywords: | with, Manager.raw() | |
| Cc: | Mike Fogel | Triage Stage: | Accepted |
| Has patch: | yes | Needs documentation: | yes |
| Needs tests: | yes | Patch needs improvement: | yes |
| Easy pickings: | no | UI/UX: | no |
Description
The RawQuery object used by Manager.raw() validates input SQL to ensure that only SELECT queries can be ran through it. This is done such that SELECT queries with using a WITH (...) clause fail validation.
I propose changing the validation of the SQL such that SELECTs with these WITH clauses are ok.
The attached patch does that. It also does not weaken the validation as preceding WITH clauses can only be used with SELECT statements. Re:
- Postgres: http://www.postgresql.org/docs/9.0/static/sql-select.html
- Oracle: http://www.oracle-base.com/articles/misc/WithClause.php
- Other backends don't support the WITH clause.
Attachments (1)
Change History (4)
by , 13 years ago
| Attachment: | with_clause_allow.diff added |
|---|
comment:1 by , 13 years ago
| Needs documentation: | set |
|---|---|
| Needs tests: | set |
| Patch needs improvement: | set |
| Triage Stage: | Unreviewed → Accepted |
Note:
See TracTickets
for help on using tickets.
Accepted on principle; a WITH clause is easy to identify,
However, if all backends don't support a feature, then validation should be a backend-specific feature.
In addition, the patch requires tests and documentation updates.