From 7a728f9bd38014690d3393eb4fc0a58829302af7 Mon Sep 17 00:00:00 2001 From: Jonathan Schleifer Date: Sun, 11 Aug 2024 17:22:05 +0000 Subject: [PATCH] Remove -[PGConnection insertRow:] It can be used in a way that leads to security issues, so it's better not to have it at all. FossilOrigin-Name: 30633656b050a8f3f41989bed97bb200a0a583bd47e69fd36f2ae450c4bad606 --- src/PGConnection.h | 3 -- src/PGConnection.m | 69 ---------------------------------------------- tests/Tests.m | 3 -- 3 files changed, 75 deletions(-) diff --git a/src/PGConnection.h b/src/PGConnection.h index 091616d..a5893e4 100644 --- a/src/PGConnection.h +++ b/src/PGConnection.h @@ -41,9 +41,6 @@ typedef OFDictionary OF_GENERIC(OFString *, id) *PGRow; - (nullable PGResult *)executeCommand: (OFConstantString *)command; - (nullable PGResult *)executeCommand: (OFConstantString *)command parameters: (id)firstParameter, ... OF_SENTINEL; -- (void)insertRow: (PGRow)row intoTable: (OFString *)table; -- (void)insertRows: (OFArray OF_GENERIC(PGRow) *)rows - intoTable: (OFString *)table; @end OF_ASSUME_NONNULL_END diff --git a/src/PGConnection.m b/src/PGConnection.m index d5fac7f..b7ac8c2 100644 --- a/src/PGConnection.m +++ b/src/PGConnection.m @@ -164,73 +164,4 @@ command: command]; } } - -- (void)insertRow: (PGRow)row intoTable: (OFString *)table -{ - void *pool = objc_autoreleasePoolPush(); - OFMutableString *command; - OFEnumerator *enumerator; - const char **values; - PGresult *result; - OFString *key, *value; - size_t i, count; - - command = [OFMutableString stringWithString: @"INSERT INTO "]; - [command appendString: table]; - [command appendString: @" ("]; - - count = row.count; - - i = 0; - enumerator = [row keyEnumerator]; - while ((key = [enumerator nextObject]) != nil) { - if (i > 0) - [command appendString: @", "]; - - [command appendString: key]; - - i++; - } - - [command appendString: @") VALUES ("]; - - values = OFAllocMemory(count, sizeof(*values)); - @try { - i = 0; - enumerator = [row objectEnumerator]; - while ((value = [enumerator nextObject]) != nil) { - if (i > 0) - [command appendString: @", "]; - - values[i] = value.UTF8String; - - [command appendFormat: @"$%zd", ++i]; - } - - [command appendString: @")"]; - - result = PQexecParams(_connection, command.UTF8String, - (int)count, NULL, values, NULL, NULL, 0); - } @finally { - OFFreeMemory(values); - } - - objc_autoreleasePoolPop(pool); - - if (PQresultStatus(result) != PGRES_COMMAND_OK) { - PQclear(result); - @throw [PGCommandFailedException - exceptionWithConnection: self - command: command]; - } - - PQclear(result); -} - -- (void)insertRows: (OFArray OF_GENERIC(PGRow) *)rows - intoTable: (OFString *)table -{ - for (OFDictionary *row in rows) - [self insertRow: row intoTable: table]; -} @end diff --git a/tests/Tests.m b/tests/Tests.m index c5bdd8a..bfe98cd 100644 --- a/tests/Tests.m +++ b/tests/Tests.m @@ -59,9 +59,6 @@ OF_APPLICATION_DELEGATE(Test) parameters: [OFNumber numberWithInt: 2], [OFNumber numberWithInt: 2], [OFNumber numberWithBool: true], nil]; - [_connection insertRow: [OFDictionary dictionaryWithKeysAndObjects: - @"content", @"Hallo!", @"name", @"foo", nil] - intoTable: @"test"]; result = [_connection executeCommand: @"SELECT * FROM test"]; OFLog(@"%@", result);