Skip to content
Snippets Groups Projects
Commit f53357ab authored by Henrik tom Wörden's avatar Henrik tom Wörden
Browse files

MAINT: use standard escape function

parent 18271153
No related branches found
No related tags found
1 merge request!160STY: styling
Pipeline #47060 failed
......@@ -32,9 +32,10 @@ from datetime import datetime
from functools import lru_cache
from typing import Any
import caosdb as db
import linkahead as db
import yaml
from caosdb.cached import cached_get_entity_by, cached_query
from db.utils.escape import escape_quoted_text
from .identifiable import Identifiable
from .utils import has_parent
......@@ -45,7 +46,8 @@ logger = logging.getLogger(__name__)
def get_children_of_rt(rtname):
"""Supply the name of a recordtype. This name and the name of all children RTs are returned in
a list"""
return [p.name for p in cached_query(f"FIND RECORDTYPE '{rtname}'")]
escaped = escape_quoted_text(rtname)
return [p.name for p in cached_query(f"FIND RECORDTYPE '{escaped}'")]
def convert_value(value: Any):
......@@ -70,8 +72,7 @@ def convert_value(value: Any):
elif isinstance(value, bool):
return str(value).upper()
elif isinstance(value, str):
# replace single quotes, otherwise they may break the queries
return value.replace("\'", "\\'")
return escape_quoted_text(value)
else:
return str(value)
......@@ -114,7 +115,8 @@ identifiabel, identifiable and identified record) for a Record.
query_string = "FIND RECORD "
if ident.record_type is not None:
query_string += f"'{ident.record_type}'"
escaped_rt = escape_quoted_text(ident.record_type)
query_string += f"'{escaped_rt}'"
for ref in ident.backrefs:
eid = ref
if isinstance(ref, db.Entity):
......@@ -124,7 +126,7 @@ identifiabel, identifiable and identified record) for a Record.
query_string += " WITH "
if ident.name is not None:
query_string += "name='{}'".format(convert_value(ident.name))
query_string += "name='{}'".format(escape_quoted_text(ident.name))
if len(ident.properties) > 0:
query_string += " AND "
......@@ -140,10 +142,10 @@ identifiabel, identifiable and identified record) for a Record.
query_string = ""
for pname, pvalue in entity.properties.items():
if pvalue is None:
query_string += "'" + pname + "' IS NULL AND "
query_string += "'" + escape_quoted_text(pname) + "' IS NULL AND "
elif isinstance(pvalue, list):
for v in pvalue:
query_string += ("'" + pname + "'='" +
query_string += ("'" + escape_quoted_text(pname) + "'='" +
convert_value(v) + "' AND ")
# TODO: (for review)
......@@ -157,7 +159,7 @@ identifiabel, identifiable and identified record) for a Record.
# IdentifiableAdapter.create_property_query(p.value) +
# ") AND ")
else:
query_string += ("'" + pname + "'='" +
query_string += ("'" + escape_quoted_text(pname) + "'='" +
convert_value(pvalue) + "' AND ")
# remove the last AND
return query_string[:-4]
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment