From 54548d4bd5fa85b413af0d1675cbd27ce36ab8f6 Mon Sep 17 00:00:00 2001
From: posativ <info@posativ.org>
Date: Tue, 16 Oct 2012 19:32:55 +0200
Subject: [PATCH] docs and input sanitization

---
 isso/db.py       | 13 ++++++++-----
 specs/test_db.py |  8 ++++----
 2 files changed, 12 insertions(+), 9 deletions(-)

diff --git a/isso/db.py b/isso/db.py
index 2038b09..da5cd4c 100644
--- a/isso/db.py
+++ b/isso/db.py
@@ -38,6 +38,10 @@ class Abstract:
 
 
 class SQLite(Abstract):
+    """A basic :class:`Abstract` implementation using SQLite3.  All comments
+    share a single database. The tuple (id, path) acts as unique identifier
+    for a comment. Multiple comments per path (= that is the URI to your blog
+    post) are ordered by that id."""
 
     fields = [
         'id', 'path', 'timestamp',
@@ -45,8 +49,7 @@ class SQLite(Abstract):
     ]
 
     def initialize(self, conf):
-
-        self.dbpath = join(conf['DATA_DIR'], 'comments.db')
+        self.dbpath = conf['SQLITE']
 
         with sqlite3.connect(self.dbpath) as con:
             sql = ('main.comments (id INTEGER NOT NULL, path VARCHAR(255) NOT NULL,'
@@ -78,7 +81,7 @@ class SQLite(Abstract):
             keys = ','.join(self.fields)
             values = ','.join('?'*len(self.fields))
             con.execute('INSERT INTO comments (%s) VALUES (%s);' % (keys, values),
-                [0, path, time.time(), c.text, c.author, c.email, c.website, c.parent])
+                (0, path, time.time(), c.text, c.author, c.email, c.website, c.parent))
 
     def update(self, path, comment):
         return
@@ -88,8 +91,8 @@ class SQLite(Abstract):
 
     def retrieve(self, path, limit=20):
         with sqlite3.connect(self.dbpath) as con:
-            rv = con.execute("SELECT * FROM comments WHERE path = '%s'" % path \
-               + " ORDER BY id DESC;").fetchall()
+            rv = con.execute("SELECT * FROM comments WHERE path = ?" \
+               + " ORDER BY id DESC;", (path, )).fetchall()
 
         for item in rv:
             yield self.query2comment(item)
diff --git a/specs/test_db.py b/specs/test_db.py
index f00b4bb..fd661fc 100644
--- a/specs/test_db.py
+++ b/specs/test_db.py
@@ -1,5 +1,5 @@
 
-import shutil
+import os
 import tempfile
 import unittest
 
@@ -11,9 +11,9 @@ class TestSQLite(unittest.TestCase):
 
     def setUp(self):
 
-        self.path = tempfile.mkdtemp()
+        fd, self.path = tempfile.mkstemp()
         self.db = SQLite()
-        self.db.initialize({'DATA_DIR': self.path})
+        self.db.initialize({'SQLITE': self.path})
 
     def test_add(self):
 
@@ -33,4 +33,4 @@ class TestSQLite(unittest.TestCase):
         assert rv[0].text == 'Baz'
 
     def tearDown(self):
-        shutil.rmtree(self.path)
+        os.unlink(self.path)