Opened 3 years ago

Closed 3 years ago

#21844 closed Cleanup/optimization (fixed)

BaseDatabaseOperations.quote_parameter should be relocated to DatabaseSchemaEditor

Reported by: manfre Owned by: nobody
Component: Migrations Version: master
Severity: Release blocker Keywords:
Cc: Triage Stage: Accepted
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no


Schema migrations added BaseDatabaseOperations.quote_parameter to help generate an SQL string. Per the docstring "This should NOT be used to prepare SQL statements to send to the database". It should be relocated to BaseDatabaseSchemaEditor because that is the only place it should be used.

Setting ticket as release blocker because leaving it on BaseDatabaseOperations can lead to future code misusing this and the implementation (specifically Oracle's) is an SQL injection waiting to happen.

Change History (2)

comment:1 Changed 3 years ago by aaugustin

  • Component changed from Database layer (models, ORM) to Migrations
  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset
  • Triage Stage changed from Unreviewed to Accepted

comment:2 Changed 3 years ago by Andrew Godwin <andrew@…>

  • Resolution set to fixed
  • Status changed from new to closed

In 42607a9e33e63639d1da2166b9a2f85c691e07ae:

Fixed #21844: Move quote_parameter off of Operations and rename

Note: See TracTickets for help on using tickets.
Back to Top