Fixed #22649: Beefed up quote_value

This commit is contained in:
Andrew Godwin 2014-05-20 15:41:01 +01:00
parent 4e32e47348
commit 125b3d4407
3 changed files with 8 additions and 10 deletions

View File

@ -30,10 +30,6 @@ class DatabaseSchemaEditor(BaseDatabaseSchemaEditor):
def quote_value(self, value): def quote_value(self, value):
# Inner import to allow module to fail to load gracefully # Inner import to allow module to fail to load gracefully
import MySQLdb.converters import MySQLdb.converters
if isinstance(value, six.string_types):
return '"%s"' % six.text_type(value)
else:
return MySQLdb.escape(value, MySQLdb.converters.conversions) return MySQLdb.escape(value, MySQLdb.converters.conversions)
def skip_default(self, field): def skip_default(self, field):
@ -49,8 +45,7 @@ class DatabaseSchemaEditor(BaseDatabaseSchemaEditor):
# Simulate the effect of a one-off default. # Simulate the effect of a one-off default.
if self.skip_default(field) and field.default not in {None, NOT_PROVIDED}: if self.skip_default(field) and field.default not in {None, NOT_PROVIDED}:
effective_default = self.effective_default(field) effective_default = self.effective_default(field)
self.execute('UPDATE %(table)s SET %(column)s=%(default)s' % { self.execute('UPDATE %(table)s SET %(column)s = %%s' % {
'table': self.quote_name(model._meta.db_table), 'table': self.quote_name(model._meta.db_table),
'column': self.quote_name(field.column), 'column': self.quote_name(field.column),
'default': self.quote_value(effective_default), }, [effective_default])
})

View File

@ -1,5 +1,6 @@
import copy import copy
import datetime import datetime
import binascii
from django.utils import six from django.utils import six
from django.db.backends.schema import BaseDatabaseSchemaEditor from django.db.backends.schema import BaseDatabaseSchemaEditor
@ -21,7 +22,9 @@ class DatabaseSchemaEditor(BaseDatabaseSchemaEditor):
if isinstance(value, (datetime.date, datetime.time, datetime.datetime)): if isinstance(value, (datetime.date, datetime.time, datetime.datetime)):
return "'%s'" % value return "'%s'" % value
elif isinstance(value, six.string_types): elif isinstance(value, six.string_types):
return repr(value) return "'%s'" % six.text_type(value).replace("\'", "\'\'")
elif isinstance(value, buffer):
return "'%s'" % binascii.hexlify(value)
elif isinstance(value, bool): elif isinstance(value, bool):
return "1" if value else "0" return "1" if value else "0"
else: else:

View File

@ -27,7 +27,7 @@ class DatabaseSchemaEditor(BaseDatabaseSchemaEditor):
elif isinstance(value, six.integer_types): elif isinstance(value, six.integer_types):
return str(value) return str(value)
elif isinstance(value, six.string_types): elif isinstance(value, six.string_types):
return '"%s"' % six.text_type(value) return "'%s'" % six.text_type(value).replace("\'", "\'\'")
elif value is None: elif value is None:
return "NULL" return "NULL"
elif isinstance(value, (bytes, bytearray, six.memoryview)): elif isinstance(value, (bytes, bytearray, six.memoryview)):