Project

General

Profile

Bug #1729

Migration SQL syntax error , quotes in name.

Added by Steve Traylen over 10 years ago. Updated over 10 years ago.

Status:
Closed
Priority:
Low
Assignee:
Category:
DB migrations
Target version:
Difficulty:
Triaged:
No
Bugzilla link:
Pull request:
Fixed in Releases:
Found in Releases:
Red Hat JIRA:

Description

Running

su - foreman -s /bin/bash -c /usr/share/foreman/extras/dbmigrate

from foreman-1.0.0-0.4.el6.noarch on SL6.
-- About to review all audits, this may take a while...
rake aborted!
An error has occurred, all later migrations canceled:

Mysql2::Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right synt
ax to use near 'jveldik' van Eldik' WHERE id = 410' at line 1: UPDATE audits SET  auditable_name = 'administrator' ,  username = 'Jan 'jveldik' van Eldik' WHERE id = 410

This is with the perhaps daft input where someone has set thier first name to "Jan 'jveldik'" with single quotes in.

mysql> select login,firstname from users where login = 'jveldik';
+---------+---------------+
| login   | firstname     |
+---------+---------------+
| jveldik | Jan 'jveldik' |
+---------+---------------+
1 row in set (0.01 sec)

For now I'll remove the ''s of course in the first database.

Associated revisions

Revision b304788d (diff)
Added by Amos Benari over 10 years ago

fixes #1729 safer migration code.

History

#1 Updated by Ohad Levy over 10 years ago

  • Assignee set to Amos Benari
  • Target version set to 1.0

Amos, do you mind having a look? it seems like we can simply use http://apidock.com/rails/v3.2.1/ActiveRecord/Sanitization/ClassMethods/sanitize_sql_array

#2 Updated by Amos Benari over 10 years ago

  • Status changed from New to Closed
  • % Done changed from 0 to 100

Also available in: Atom PDF