Project

General

Profile

Bug #1729

Migration SQL syntax error , quotes in name.

Added by Steve Traylen almost 7 years ago. Updated almost 7 years ago.

Status:
Closed
Priority:
Low
Assignee:
Category:
DB migrations
Target version:
Difficulty:
Triaged:
No
Bugzilla link:
Pull request:
Team Backlog:
Fixed in Releases:
Found in Releases:

Description

Running

su - foreman -s /bin/bash -c /usr/share/foreman/extras/dbmigrate

from foreman-1.0.0-0.4.el6.noarch on SL6.
-- About to review all audits, this may take a while...
rake aborted!
An error has occurred, all later migrations canceled:

Mysql2::Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right synt
ax to use near 'jveldik' van Eldik' WHERE id = 410' at line 1: UPDATE audits SET  auditable_name = 'administrator' ,  username = 'Jan 'jveldik' van Eldik' WHERE id = 410

This is with the perhaps daft input where someone has set thier first name to "Jan 'jveldik'" with single quotes in.

mysql> select login,firstname from users where login = 'jveldik';
+---------+---------------+
| login   | firstname     |
+---------+---------------+
| jveldik | Jan 'jveldik' |
+---------+---------------+
1 row in set (0.01 sec)

For now I'll remove the ''s of course in the first database.

Associated revisions

Revision b304788d (diff)
Added by Amos Benari almost 7 years ago

fixes #1729 safer migration code.

History

#1 Updated by Ohad Levy almost 7 years ago

  • Assignee set to Amos Benari
  • Target version set to 1.0

Amos, do you mind having a look? it seems like we can simply use http://apidock.com/rails/v3.2.1/ActiveRecord/Sanitization/ClassMethods/sanitize_sql_array

#2 Updated by Amos Benari almost 7 years ago

  • Status changed from New to Closed
  • % Done changed from 0 to 100

Also available in: Atom PDF