[jifty-devel] jifty-dbi 0.71: Unknown operator 'REGEXP'

Ruslan Zakirov ruz at bestpractical.com
Wed Sep 28 06:31:42 EDT 2011


If more developers +1 this then I don't see problems pushing it into
the repo. You can always cook a pull request.

On Mon, Sep 26, 2011 at 8:05 PM, Stanislav Sinyagin <ssinyagin at yahoo.com> wrote:
> would be great to have that on Github...
>
> ________________________________
> From: Ruslan Zakirov <ruz at bestpractical.com>
> To: Nifty apps in a Jiffy <jifty-devel at lists.jifty.org>
> Sent: Tuesday, August 30, 2011 7:09 PM
> Subject: Re: [jifty-devel] jifty-dbi 0.71: Unknown operator 'REGEXP'
>
> On Tue, Aug 30, 2011 at 8:20 PM, Thomas Sibley <trs at bestpractical.com>
> wrote:
>> On 08/30/2011 10:23 AM, Stanislav Sinyagin wrote:
>>> Obviously line 1284 in lib/Jifty/DBI/Collection.pm produces that.
>>>
>>> It will be great to have a workaround which allows non-ANSI SQL
>>> operators.
>>
>> Perhaps a different key?  Or a refactoring the operator check into the
>> handle class, so it can be db-specific?
>>
>> I'm not sure what the best solution is at the moment.
>
> That check was implemented to prevent SQL injections and It's possible
> to loose granularity to:
>
> /^(=|<|>|!=|<>|<=|>=|[a-z_\s]+)$/ix
>
> Or a little bit more precise:
>
> /^(=|<|>|!=|<>|<=|>=|((IS\s+)?(NOT\s+)?)[a-z_]+)$/ix
>
>
> I think it covers security pretty well and gives freedom.
>
>> Thomas
>> _______________________________________________
>> jifty-devel mailing list
>> jifty-devel at lists.jifty.org
>> http://lists.jifty.org/cgi-bin/mailman/listinfo/jifty-devel
>>
>
>
>
> --
> Best regards, Ruslan.
> _______________________________________________
> jifty-devel mailing list
> jifty-devel at lists.jifty.org
> http://lists.jifty.org/cgi-bin/mailman/listinfo/jifty-devel
>
>
>
> _______________________________________________
> jifty-devel mailing list
> jifty-devel at lists.jifty.org
> http://lists.jifty.org/cgi-bin/mailman/listinfo/jifty-devel
>
>



-- 
Best regards, Ruslan.


More information about the jifty-devel mailing list