From ef5f9b6ae8c873927aa6047f5f9d1d902a0c2177 Mon Sep 17 00:00:00 2001 From: Matt Robenolt Date: Wed, 10 Sep 2014 07:23:58 +0000 Subject: [PATCH] Fixed #23460 -- Added literal `%s` support to extra() QuerySets. --- django/db/models/sql/query.py | 3 ++- docs/ref/models/querysets.txt | 11 ++++++----- docs/releases/1.8.txt | 3 +++ tests/queries/tests.py | 15 +++++++++++++++ 4 files changed, 26 insertions(+), 6 deletions(-) diff --git a/django/db/models/sql/query.py b/django/db/models/sql/query.py index d8c711d18fa..b1fb28a302b 100644 --- a/django/db/models/sql/query.py +++ b/django/db/models/sql/query.py @@ -1775,7 +1775,8 @@ class Query(object): entry_params = [] pos = entry.find("%s") while pos != -1: - entry_params.append(next(param_iter)) + if pos == 0 or entry[pos - 1] != '%': + entry_params.append(next(param_iter)) pos = entry.find("%s", pos + 2) select_pairs[name] = (entry, entry_params) # This is order preserving, since self.extra_select is an OrderedDict. diff --git a/docs/ref/models/querysets.txt b/docs/ref/models/querysets.txt index 294eeb6ef55..c7d3bf6b904 100644 --- a/docs/ref/models/querysets.txt +++ b/docs/ref/models/querysets.txt @@ -1144,11 +1144,12 @@ of the arguments is required, but you should use at least one of them. select=OrderedDict([('a', '%s'), ('b', '%s')]), select_params=('one', 'two')) - The only thing to be careful about when using select parameters in - ``extra()`` is to avoid using the substring ``"%%s"`` (that's *two* - percent characters before the ``s``) in the select strings. Django's - tracking of parameters looks for ``%s`` and an escaped ``%`` character - like this isn't detected. That will lead to incorrect results. + If you need to use a literal ``%s`` inside your select string, use + the sequence ``%%s``. + + .. versionchanged:: 1.8 + + Prior to 1.8, you were unable to escape a literal ``%s``. * ``where`` / ``tables`` diff --git a/docs/releases/1.8.txt b/docs/releases/1.8.txt index c77b40a6a3c..15fe657d4b4 100644 --- a/docs/releases/1.8.txt +++ b/docs/releases/1.8.txt @@ -281,6 +281,9 @@ Models Django uses whenever objects are loaded using the ORM. The method allows customizing model loading behavior. +* ``extra(select={...})`` now allows you to escape a literal ``%s`` sequence + using ``%%s``. + Signals ^^^^^^^ diff --git a/tests/queries/tests.py b/tests/queries/tests.py index 20c5f5d8d39..406710f8fdf 100644 --- a/tests/queries/tests.py +++ b/tests/queries/tests.py @@ -1655,6 +1655,21 @@ class Queries5Tests(TestCase): ['', ''] ) + def test_extra_select_literal_percent_s(self): + # Allow %%s to escape select clauses + self.assertEqual( + Note.objects.extra(select={'foo': "'%%s'"})[0].foo, + '%s' + ) + self.assertEqual( + Note.objects.extra(select={'foo': "'%%s bar %%s'"})[0].foo, + '%s bar %s' + ) + self.assertEqual( + Note.objects.extra(select={'foo': "'bar %%s'"})[0].foo, + 'bar %s' + ) + class SelectRelatedTests(TestCase): def test_tickets_3045_3288(self):