mirror of
				https://github.com/zulip/zulip.git
				synced 2025-10-25 17:14:02 +00:00 
			
		
		
		
	migrations: Escape more pedantically in pgroonga.0003_v2_api_upgrade.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
This commit is contained in:
		
				
					committed by
					
						 Anders Kaseorg
						Anders Kaseorg
					
				
			
			
				
	
			
			
			
						parent
						
							0cc897d08d
						
					
				
				
					commit
					674158b817
				
			| @@ -11,24 +11,28 @@ class Migration(migrations.Migration): | |||||||
|  |  | ||||||
|     database_setting = settings.DATABASES["default"] |     database_setting = settings.DATABASES["default"] | ||||||
|     operations = [ |     operations = [ | ||||||
|         migrations.RunSQL([""" |         migrations.RunSQL([(""" | ||||||
| ALTER ROLE %(USER)s SET search_path TO %(SCHEMA)s,public; | DO $$BEGIN | ||||||
|  | EXECUTE format('ALTER ROLE %%I SET search_path TO %%L,public', %(USER)s, %(SCHEMA)s); | ||||||
|  |  | ||||||
| SET search_path = %(SCHEMA)s,public; | SET search_path = %(SCHEMA)s,public; | ||||||
|  |  | ||||||
| DROP INDEX zerver_message_search_pgroonga; | DROP INDEX zerver_message_search_pgroonga; | ||||||
| """ % database_setting, """ | END$$ | ||||||
|  | """, database_setting), """ | ||||||
|  |  | ||||||
| CREATE INDEX CONCURRENTLY zerver_message_search_pgroonga ON zerver_message | CREATE INDEX CONCURRENTLY zerver_message_search_pgroonga ON zerver_message | ||||||
|   USING pgroonga(search_pgroonga pgroonga_text_full_text_search_ops_v2); |   USING pgroonga(search_pgroonga pgroonga_text_full_text_search_ops_v2); | ||||||
| """], | """], | ||||||
|                           [""" |                           [(""" | ||||||
| ALTER ROLE %(USER)s SET search_path TO %(SCHEMA)s,public,pgroonga,pg_catalog; | DO $$BEGIN | ||||||
|  | EXECUTE format('ALTER ROLE %%I SET search_path TO %%L,public,pgroonga,pg_catalog', %(USER)s, %(SCHEMA)s); | ||||||
|  |  | ||||||
| SET search_path = %(SCHEMA)s,public,pgroonga,pg_catalog; | SET search_path = %(SCHEMA)s,public,pgroonga,pg_catalog; | ||||||
|  |  | ||||||
| DROP INDEX zerver_message_search_pgroonga; | DROP INDEX zerver_message_search_pgroonga; | ||||||
| """ % database_setting, """ | END$$ | ||||||
|  | """, database_setting), """ | ||||||
|  |  | ||||||
| CREATE INDEX CONCURRENTLY zerver_message_search_pgroonga ON zerver_message | CREATE INDEX CONCURRENTLY zerver_message_search_pgroonga ON zerver_message | ||||||
|   USING pgroonga(search_pgroonga pgroonga.text_full_text_search_ops); |   USING pgroonga(search_pgroonga pgroonga.text_full_text_search_ops); | ||||||
|   | |||||||
| @@ -74,6 +74,8 @@ rules: | |||||||
|       - pattern: psycopg2.sql.SQL(... .format(...)) |       - pattern: psycopg2.sql.SQL(... .format(...)) | ||||||
|       - pattern: django.db.migrations.RunSQL(..., ... % ..., ...) |       - pattern: django.db.migrations.RunSQL(..., ... % ..., ...) | ||||||
|       - pattern: django.db.migrations.RunSQL(..., "..." .format(...), ...) |       - pattern: django.db.migrations.RunSQL(..., "..." .format(...), ...) | ||||||
|  |       - pattern: django.db.migrations.RunSQL(..., [..., ... % ..., ...], ...) | ||||||
|  |       - pattern: django.db.migrations.RunSQL(..., [..., "..." .format(...), ...], ...) | ||||||
|     severity: ERROR |     severity: ERROR | ||||||
|     message: "Do not write a SQL injection vulnerability please" |     message: "Do not write a SQL injection vulnerability please" | ||||||
|  |  | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user