[jifty-devel] jifty-dbi 0.71: Unknown operator 'REGEXP'
Stanislav Sinyagin
ssinyagin at yahoo.com
Mon Sep 26 12:05:35 EDT 2011
would be great to have that on Github...
>________________________________
>From: Ruslan Zakirov <ruz at bestpractical.com>
>To: Nifty apps in a Jiffy <jifty-devel at lists.jifty.org>
>Sent: Tuesday, August 30, 2011 7:09 PM
>Subject: Re: [jifty-devel] jifty-dbi 0.71: Unknown operator 'REGEXP'
>
>On Tue, Aug 30, 2011 at 8:20 PM, Thomas Sibley <trs at bestpractical.com> wrote:
>> On 08/30/2011 10:23 AM, Stanislav Sinyagin wrote:
>>> Obviously line 1284 in lib/Jifty/DBI/Collection.pm produces that.
>>>
>>> It will be great to have a workaround which allows non-ANSI SQL operators.
>>
>> Perhaps a different key? Or a refactoring the operator check into the
>> handle class, so it can be db-specific?
>>
>> I'm not sure what the best solution is at the moment.
>
>That check was implemented to prevent SQL injections and It's possible
>to loose granularity to:
>
>/^(=|<|>|!=|<>|<=|>=|[a-z_\s]+)$/ix
>
>Or a little bit more precise:
>
>/^(=|<|>|!=|<>|<=|>=|((IS\s+)?(NOT\s+)?)[a-z_]+)$/ix
>
>
>I think it covers security pretty well and gives freedom.
>
>> Thomas
>> _______________________________________________
>> jifty-devel mailing list
>> jifty-devel at lists.jifty.org
>> http://lists.jifty.org/cgi-bin/mailman/listinfo/jifty-devel
>>
>
>
>
>--
>Best regards, Ruslan.
>_______________________________________________
>jifty-devel mailing list
>jifty-devel at lists.jifty.org
>http://lists.jifty.org/cgi-bin/mailman/listinfo/jifty-devel
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.jifty.org/pipermail/jifty-devel/attachments/20110926/5e994dd1/attachment.html>
More information about the jifty-devel
mailing list