On 02/16/2011 11:50 AM, Thomas Mortagne wrote:
On Wed, Feb 16, 2011 at 11:36, Sergiu
Dumitriu<sergiu(a)xwiki.com> wrote:
On 02/16/2011 10:09 AM, tmortagne (SVN) wrote:
Author: tmortagne
Date: 2011-02-16 10:09:31 +0100 (Wed, 16 Feb 2011)
New Revision: 34718
Modified:
platform/core/branches/xwiki-core-2.7/xwiki-core/src/main/java/com/xpn/xwiki/store/XWikiHibernateBaseStore.java
platform/core/branches/xwiki-core-2.7/xwiki-core/src/main/java/com/xpn/xwiki/store/XWikiHibernateStore.java
Log:
XWIKI-5976: Cannot create subwiki named "lines"
Better (but a lot less elegant...) fix
Modified:
platform/core/branches/xwiki-core-2.7/xwiki-core/src/main/java/com/xpn/xwiki/store/XWikiHibernateBaseStore.java
===================================================================
---
platform/core/branches/xwiki-core-2.7/xwiki-core/src/main/java/com/xpn/xwiki/store/XWikiHibernateBaseStore.java
2011-02-16 09:09:21 UTC (rev 34717)
+++
platform/core/branches/xwiki-core-2.7/xwiki-core/src/main/java/com/xpn/xwiki/store/XWikiHibernateBaseStore.java
2011-02-16 09:09:31 UTC (rev 34718)
@@ -504,7 +504,6 @@
}
} catch (Exception e) {
}
- ;
try {
if (bTransaction) {
endTransaction(context, true);
@@ -600,13 +599,14 @@
if (context.getDatabase() != null) {
String schemaName = getSchemaFromWikiName(context);
+ String escapedSchemaName = escapeSchema(schemaName, context);
DatabaseProduct databaseProduct =
getDatabaseProductName(context);
if (DatabaseProduct.ORACLE == databaseProduct) {
Statement stmt = null;
try {
stmt = session.connection().createStatement();
- stmt.execute("alter session set current_schema = "
+ schemaName);
+ stmt.execute("alter session set current_schema = "
+ escapedSchemaName);
} finally {
try {
if (stmt != null) {
@@ -620,7 +620,7 @@
Statement stmt = null;
try {
stmt = session.connection().createStatement();
- stmt.execute("SET SCHEMA " + schemaName);
+ stmt.execute("SET SCHEMA " + escapedSchemaName);
} finally {
try {
if (stmt != null) {
@@ -648,6 +648,29 @@
}
/**
+ * Escape schema name depending of the database engine.
+ *
+ * @param schema the schema name to escape
+ * @param context the XWiki context to get database engine identifier
+ * @return the escaped version
+ */
+ protected String escapeSchema(String schema, XWikiContext context)
+ {
+ DatabaseProduct databaseProduct = getDatabaseProductName(context);
+
+ String escapedSchema;
You should use this instead:
escapedSchema = dialect.openQuote() + schema + dialect.closeQuote();
Ok thanks
I think nobody wants to use ` or " in the wiki name, so there shouldn't
be a need for doubling them.
No sure about that. We have to do something, either remove or properly
escape then otherwise it's not very safe
OK, you can double the openQuote() character. For SQLServer dialect you
have to do it differently, though:
replace("[", "[[]")
Although, simple doubling isn't enough, for example trying to create
this database will drop the xyz database:
x\`; drop database xyz; \`
turns into:
create database `x\``; drop database xxx; \```;
which fails to create the first database (invalid name), drops the
second database, and fails to execute the ` command. I tested it on the
mysql console, not through Hibernate.
BTW, SQLServer uses [ ] for quoting.
You mean DB2 ?
I mean Microsoft's SQL Server, their complete lack of imagination makes
it hard to distinguish their product.
>
>> + if (DatabaseProduct.MYSQL == databaseProduct) {
>> + // MySQL does not use SQL92 escaping syntax by default
>> + escapedSchema = "`" + schema.replace("`",
"``") + "`";
>> + } else {
>> + // Use SQL92 escape syntax
>> + escapedSchema = "\"" +
schema.replace("\"", "\"\"") + "\"";
>> + }
>> +
>> + return escapedSchema;
>> + }
>> +
>> + /**
>> * Begins a transaction
>> *
>> * @param context
--
Sergiu Dumitriu
http://purl.org/net/sergiu/