--- ZSQLExtend/ZSQLExtend.py 2004/09/27 18:51:57 1.34 +++ ZSQLExtend/ZSQLExtend.py 2004/09/27 20:48:54 1.38 @@ -5,7 +5,7 @@ from Globals import DTMLFile import urllib import re import string -from pyPgSQL import libpq +#from pyPgSQL import libpq from AccessControl import getSecurityManager import os.path from Products.PageTemplates.PageTemplateFile import PageTemplateFile @@ -13,6 +13,14 @@ from Products.PageTemplates.PageTemplate from Products.ZSQLMethods.SQL import SQLConnectionIDs import Shared.DC.ZRDB.DA +def sql_quote(v): + # quote dictionary + quote_dict = {"\'": "''", "\\": "\\\\"} + for dkey in quote_dict.keys(): + if string.find(v, dkey) >= 0: + v=join(split(v,dkey),quote_dict[dkey]) + return "'%s'" % v + def showSQLConnectionIDs(self): return SQLConnectionIDs(self) @@ -294,7 +302,7 @@ class ZSQLExtendFolder(Folder,Persistent valueList=[] for x in addList.keys(): keyList.append("\""+x+"\"") - valueList.append(libpq.PgQuoteString(addList[x])) + valueList.append(sql_quote(addList[x])) keyString=string.join(keyList,",") valueString=string.join(valueList,",") @@ -304,7 +312,7 @@ class ZSQLExtendFolder(Folder,Persistent return self.REQUEST.RESPONSE.redirect(format) def ZSQLChange(self,**argv): - """Ändern von Einträgen""" + """change entries""" #qs=self.REQUEST['QUERY_STRING'] # very bad hack qs_temp=[] @@ -327,18 +335,18 @@ class ZSQLExtendFolder(Folder,Persistent table=urllib.unquote(value) elif name=="-identify": identify=urllib.unquote(value) - identify=identify.split("=")[0]+"="+libpq.PgQuoteString(identify.split("=")[1]) + identify=identify.split("=")[0]+"="+sql_quote(identify.split("=")[1]) elif name=="-format": format=urllib.unquote(value) elif (not name[0]=="-") and (not len(value)==0): - changeList.append("\""+name+"\"="+libpq.PgQuoteString(urllib.unquote(value))) + changeList.append("\""+name+"\"="+sql_quote(urllib.unquote(value))) changeString=string.join(changeList,",") queryString="UPDATE %s SET %s WHERE %s"%(table,changeString,identify) self.ZSQLSimpleSearch(queryString) return self.REQUEST.RESPONSE.redirect(format) def ZSQLChange_old(self): - """Ändern von Einträgen""" + """change entries""" qs=self.REQUEST['QUERY_STRING'] #print "CHANGE QS",self.REQUEST #return self.REQUEST @@ -352,11 +360,11 @@ class ZSQLExtendFolder(Folder,Persistent table=urllib.unquote(value) elif name=="-identify": identify=urllib.unquote(value) - identify=identify.split("=")[0]+"="+libpq.PgQuoteString(identify.split("=")[1]) + identify=identify.split("=")[0]+"="+sql_quote(identify.split("=")[1]) elif name=="-format": format=urllib.unquote(value) elif (not name[0]=="-") and (not len(value)==0): - changeList.append("\""+name+"\"="+libpq.PgQuoteString(urllib.unquote(value))) + changeList.append("\""+name+"\"="+sql_quote(urllib.unquote(value))) changeString=string.join(changeList,",") queryString="UPDATE %s SET %s WHERE %s"%(table,changeString,identify) self.ZSQLSimpleSearch(queryString) @@ -556,7 +564,7 @@ class ZSQLExtendFolder(Folder,Persistent except: value="" - #value=libpq.PgQuoteString(value) + #value=sql_quote(value) if name==iCT+"lop": @@ -606,21 +614,21 @@ class ZSQLExtendFolder(Folder,Persistent namealt=name name="LOWER("+name+")" if op=="ct": - tmp=(name+" LIKE "+libpq.PgQuoteString("%"+value+"%")) + tmp=(name+" LIKE "+sql_quote("%"+value+"%")) elif op=="gt": - tmp=(name+">"+libpq.PgQuoteString(value)) + tmp=(name+">"+sql_quote(value)) elif op=="lt": - tmp=(name+"<"+libpq.PgQuoteString(value)) + tmp=(name+"<"+sql_quote(value)) elif op=="eq": - tmp=(name+"="+libpq.PgQuoteString(value)) + tmp=(name+"="+sql_quote(value)) elif op=="bw": - tmp=(name+" LIKE "+libpq.PgQuoteString(value+"%")) + tmp=(name+" LIKE "+sql_quote(value+"%")) elif op=="ew": - tmp=(name+" LIKE "+libpq.PgQuoteString("%"+value)) + tmp=(name+" LIKE "+sql_quote("%"+value)) elif op=="all": tmps=[] for word in value.split(" "): - tmps.append(name+" LIKE "+libpq.PgQuoteString("%"+word+"%")) + tmps.append(name+" LIKE "+sql_quote("%"+word+"%")) tmp=string.join(tmps,' AND ') @@ -644,17 +652,17 @@ class ZSQLExtendFolder(Folder,Persistent ## op="ct" ## name="LOWER("+name+")" ## if op=="ct": -## whereList.append(name+" LIKE "+libpq.PgQuoteString("%"+value+"%")) +## whereList.append(name+" LIKE "+sql_quote("%"+value+"%")) ## elif op=="gt": -## whereList.append(name+">"+libpq.PgQuoteString(value)) +## whereList.append(name+">"+sql_quote(value)) ## elif op=="lt": -## whereList.append(name+"<"+libpq.PgQuoteString(value)) +## whereList.append(name+"<"+sql_quote(value)) ## elif op=="eq": -## whereList.append(name+"="+libpq.PgQuoteString(value)) +## whereList.append(name+"="+sql_quote(value)) ## elif op=="bw": -## whereList.append(name+" LIKE "+libpq.PgQuoteString(value+"%")) +## whereList.append(name+" LIKE "+sql_quote(value+"%")) ## elif op=="ew": -## whereList.append(name+" LIKE "+libpq.PgQuoteString("%"+value)) +## whereList.append(name+" LIKE "+sql_quote("%"+value)) ## op="ct" ## #except: @@ -1119,11 +1127,24 @@ class ZSQLBibliography(Folder,ZSQLExtend def getMetaDatasXML(self): """index""" + # check if the request's host part was OK + http_host = self.REQUEST['HTTP_HOST'] + host_port = self.REQUEST['SERVER_PORT'] + fix_host = None + if http_host and http_host.rfind(host_port) == -1: + print "HTTP_HOST needs fixing!" + fix_host = http_host + ":" + host_port + ret=""" """ for found in self.ZSQLSimpleSearch("select oid from %s limit ALL"%self.tableName): - link=self.absolute_url()+"/"+"record.html?oid=%i"%found.oid - metalink=self.absolute_url()+"/"+"getMetaDataXML?oid=%i"%found.oid + base_url = self.absolute_url() + if fix_host: + #print "replacing ", http_host, " by ", fix_host + base_url = string.replace(base_url, http_host, fix_host, 1) + + link=base_url+"/"+"record.html?oid=%i"%found.oid + metalink=base_url+"/"+"getMetaDataXML?oid=%i"%found.oid ret+="""\n"""%(link,metalink)