NeoAnd/knowledge
1
0
Fork 0
mirror of https://github.com/OCA/knowledge.git synced 2025-07-22 20:12:04 -06:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

[IMP]Add functions for manage input filename and cmis query

Browse Source
This commit is contained in:
EL HADJI DEM 2014-06-12 15:46:36 -04:00 committed by Sandy Carter
parent f1b92c915d
commit 0801271125
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
cmis/cmis_model.py
View File

@ -137,6 +137,18 @@ class cmis_backend(orm.Model):
raise orm.except_orm(_('Cmis Error!'),
_("Error path for : " + path))
# Escape the name for characters not supported in filenames
def sanitize_input(self, file_name):
# for avoiding SQL Injection
file_name = file_name.replace("'", "\\'")
file_name = file_name.replace("%", "\%")
file_name = file_name.replace("_", "\_")
return file_name
def safe_query(self, query, file_name, repo):
args = map(self.sanitize_input, file_name)
return repo.query(query % ''.join(args))
_columns = {
'version': fields.selection(
_select_versions,