[FIX] res_users.login: fix query parameters in cr.execute
bzr revid: rco@openerp.com-20121015100148-pkanx35vr6fqojuj
This commit is contained in:
parent
99c4f31111
commit
11051f32e0
|
@ -409,8 +409,8 @@ class res_users(osv.osv):
|
||||||
# prevent/delay login in that case. It will also have been logged
|
# prevent/delay login in that case. It will also have been logged
|
||||||
# as a SQL error, if anyone cares.
|
# as a SQL error, if anyone cares.
|
||||||
try:
|
try:
|
||||||
cr.execute("SELECT id FROM res_users WHERE id=%s FOR UPDATE NOWAIT", str(user_id))
|
cr.execute("SELECT id FROM res_users WHERE id=%s FOR UPDATE NOWAIT", (user_id,))
|
||||||
cr.execute("UPDATE res_users SET login_date = now() AT TIME ZONE 'UTC' WHERE id=%s", str(user_id))
|
cr.execute("UPDATE res_users SET login_date = now() AT TIME ZONE 'UTC' WHERE id=%s", (user_id,))
|
||||||
except Exception, e:
|
except Exception, e:
|
||||||
_logger.exception("Failed to update last_login for db:%s login:%s", db, login)
|
_logger.exception("Failed to update last_login for db:%s login:%s", db, login)
|
||||||
except openerp.exceptions.AccessDenied:
|
except openerp.exceptions.AccessDenied:
|
||||||
|
|
|
@ -215,6 +215,9 @@ class Cursor(object):
|
||||||
_logger.warning(query)
|
_logger.warning(query)
|
||||||
_logger.warning("SQL queries cannot contain %d or %f anymore. "
|
_logger.warning("SQL queries cannot contain %d or %f anymore. "
|
||||||
"Use only %s")
|
"Use only %s")
|
||||||
|
if params and not isinstance(params, (tuple, list, dict)):
|
||||||
|
_logger.error("SQL query parameters should be a tuple, list or dict; got %r", params)
|
||||||
|
raise ValueError("SQL query parameters should be a tuple, list or dict; got %r" % (params,))
|
||||||
|
|
||||||
if self.sql_log:
|
if self.sql_log:
|
||||||
now = mdt.now()
|
now = mdt.now()
|
||||||
|
|
|
@ -0,0 +1,36 @@
|
||||||
|
# -*- coding: utf-8 -*-
|
||||||
|
# Run with one of these commands:
|
||||||
|
# > OPENERP_ADDONS_PATH='../../addons/trunk' OPENERP_PORT=8069 \
|
||||||
|
# OPENERP_DATABASE=yy PYTHONPATH=. python tests/test_ir_sequence.py
|
||||||
|
# > OPENERP_ADDONS_PATH='../../addons/trunk' OPENERP_PORT=8069 \
|
||||||
|
# OPENERP_DATABASE=yy nosetests tests/test_ir_sequence.py
|
||||||
|
# > OPENERP_ADDONS_PATH='../../../addons/trunk' OPENERP_PORT=8069 \
|
||||||
|
# OPENERP_DATABASE=yy PYTHONPATH=../:. unit2 test_ir_sequence
|
||||||
|
# This assume an existing database.
|
||||||
|
|
||||||
|
import unittest2
|
||||||
|
|
||||||
|
import openerp
|
||||||
|
import common
|
||||||
|
|
||||||
|
DB = common.DB
|
||||||
|
ADMIN_USER_ID = common.ADMIN_USER_ID
|
||||||
|
|
||||||
|
def cursor():
|
||||||
|
return openerp.modules.registry.RegistryManager.get(DB).db.cursor()
|
||||||
|
|
||||||
|
|
||||||
|
class test_ir_sequence_standard(unittest2.TestCase):
|
||||||
|
""" Try cr.execute with wrong parameters """
|
||||||
|
|
||||||
|
def test_execute_bad_params(self):
|
||||||
|
""" Try to use non-iterable in query parameters. """
|
||||||
|
cr = cursor()
|
||||||
|
with self.assertRaises(ValueError):
|
||||||
|
cr.execute("SELECT id FROM res_users WHERE login=%s", 'admin')
|
||||||
|
with self.assertRaises(ValueError):
|
||||||
|
cr.execute("SELECT id FROM res_users WHERE id=%s", 1)
|
||||||
|
with self.assertRaises(ValueError):
|
||||||
|
cr.execute("SELECT id FROM res_users WHERE id=%s", '1')
|
||||||
|
|
||||||
|
# vim:expandtab:smartindent:tabstop=4:softtabstop=4:shiftwidth=4:
|
Loading…
Reference in New Issue