BaseDatabaseOperations.quote_parameter should be relocated to DatabaseSchemaEditor
|Reported by:||manfre||Owned by:||nobody|
|Has patch:||no||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||no|
Schema migrations added BaseDatabaseOperations.quote_parameter to help generate an SQL string. Per the docstring "This should NOT be used to prepare SQL statements to send to the database". It should be relocated to BaseDatabaseSchemaEditor because that is the only place it should be used.
Setting ticket as release blocker because leaving it on BaseDatabaseOperations can lead to future code misusing this and the implementation (specifically Oracle's) is an SQL injection waiting to happen.
Change History (2)
comment:1 Changed 3 years ago by aaugustin
- Component changed from Database layer (models, ORM) to Migrations
- Needs documentation unset
- Needs tests unset
- Patch needs improvement unset
- Triage Stage changed from Unreviewed to Accepted