Skip to content

[v9.1] fix (MySQL escape): make a special case of RAND()#8694

Merged
fstagni merged 1 commit into
DIRACGrid:integrationfrom
chaen:v9.1_fix_moreMoreSqlFixes
Jul 10, 2026
Merged

[v9.1] fix (MySQL escape): make a special case of RAND()#8694
fstagni merged 1 commit into
DIRACGrid:integrationfrom
chaen:v9.1_fix_moreMoreSqlFixes

Conversation

@chaen

@chaen chaen commented Jul 10, 2026

Copy link
Copy Markdown
Contributor

@sfayer maybe there's a better way ?

BEGINRELEASENOTES
*WMS
FIX: MySQL does not escape RAND() as an order attribute

ENDRELEASENOTES

@sfayer

sfayer commented Jul 10, 2026

Copy link
Copy Markdown
Member

This seems fine to me: I think ideally I'd like to generalise the _quotedList allowDate parameter to be something like allowFuncs with a list of function names that are allowed. If this one is merged to fix the immediate problem, I'll look at how feasible it is to make a more generic fix in the very near future (likely later this afternoon). I doubt we can do much better than that: There isn't any other way to know which functions are safe for any context without them being explicitly listed.

I'll try to add some test cases for the database problems that have been found recently too so we can avoid any potential future regressions.

@fstagni fstagni merged commit bd33f36 into DIRACGrid:integration Jul 10, 2026
23 checks passed
@DIRACGridBot DIRACGridBot added the sweep:ignore Prevent sweeping from being ran for this PR label Jul 10, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

sweep:ignore Prevent sweeping from being ran for this PR

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants