[GRASS-SVN] r51866 - grass/trunk/lib/python/temporal
svn_grass at osgeo.org
svn_grass at osgeo.org
Tue May 29 05:14:28 PDT 2012
Author: huhabla
Date: 2012-05-29 05:14:27 -0700 (Tue, 29 May 2012)
New Revision: 51866
Modified:
grass/trunk/lib/python/temporal/abstract_space_time_dataset.py
grass/trunk/lib/python/temporal/extract.py
Log:
Poor man's solution to avoid SQL injection.
Modified: grass/trunk/lib/python/temporal/abstract_space_time_dataset.py
===================================================================
--- grass/trunk/lib/python/temporal/abstract_space_time_dataset.py 2012-05-29 11:02:04 UTC (rev 51865)
+++ grass/trunk/lib/python/temporal/abstract_space_time_dataset.py 2012-05-29 12:14:27 UTC (rev 51866)
@@ -699,9 +699,9 @@
sql = "SELECT * FROM %s WHERE %s.id IN (SELECT id FROM %s)" % (map_view, map_view, self.get_map_register())
if where:
- sql += " AND %s" % (where)
+ sql += " AND (%s)" % (where.split(";")[0])
if order:
- sql += " ORDER BY %s" % (order)
+ sql += " ORDER BY %s" % (order.split(";")[0])
try:
dbif.cursor.execute(sql)
Modified: grass/trunk/lib/python/temporal/extract.py
===================================================================
--- grass/trunk/lib/python/temporal/extract.py 2012-05-29 11:02:04 UTC (rev 51865)
+++ grass/trunk/lib/python/temporal/extract.py 2012-05-29 12:14:27 UTC (rev 51866)
@@ -40,6 +40,11 @@
@param layer The vector layer number to be used when no timestamped layer is present, default is 1
@param vtype The feature type to be extracted for vector maps, default is point,line,boundary,centroid,area and face
"""
+
+ # Check the parameters
+
+ if expression and not base:
+ core.fatal(_("You need to specify the base name of new created maps"))
mapset = core.gisenv()["MAPSET"]
More information about the grass-commit
mailing list