arno/isso
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

docs and input sanitization

Browse Source
This commit is contained in:
posativ 2012-10-16 19:32:55 +02:00
parent 1199424a2b
commit 54548d4bd5
2 changed files with 12 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
isso/db.py
View File

@ -38,6 +38,10 @@ class Abstract:
class SQLite(Abstract): class SQLite(Abstract):
"""A basic :class:`Abstract` implementation using SQLite3. All comments
share a single database. The tuple (id, path) acts as unique identifier
for a comment. Multiple comments per path (= that is the URI to your blog
post) are ordered by that id."""
fields = [ fields = [
'id', 'path', 'timestamp', 'id', 'path', 'timestamp',
@ -45,8 +49,7 @@ class SQLite(Abstract):
] ]
def initialize(self, conf): def initialize(self, conf):
self.dbpath = conf['SQLITE']
self.dbpath = join(conf['DATA_DIR'], 'comments.db')
with sqlite3.connect(self.dbpath) as con: with sqlite3.connect(self.dbpath) as con:
sql = ('main.comments (id INTEGER NOT NULL, path VARCHAR(255) NOT NULL,' sql = ('main.comments (id INTEGER NOT NULL, path VARCHAR(255) NOT NULL,'
@ -78,7 +81,7 @@ class SQLite(Abstract):
keys = ','.join(self.fields) keys = ','.join(self.fields)
values = ','.join('?'*len(self.fields)) values = ','.join('?'*len(self.fields))
con.execute('INSERT INTO comments (%s) VALUES (%s);' % (keys, values), con.execute('INSERT INTO comments (%s) VALUES (%s);' % (keys, values),
[0, path, time.time(), c.text, c.author, c.email, c.website, c.parent]) (0, path, time.time(), c.text, c.author, c.email, c.website, c.parent))
def update(self, path, comment): def update(self, path, comment):
return return
@ -88,8 +91,8 @@ class SQLite(Abstract):
def retrieve(self, path, limit=20): def retrieve(self, path, limit=20):
with sqlite3.connect(self.dbpath) as con: with sqlite3.connect(self.dbpath) as con:
rv = con.execute("SELECT * FROM comments WHERE path = '%s'" % path \ rv = con.execute("SELECT * FROM comments WHERE path = ?" \
+ " ORDER BY id DESC;").fetchall() + " ORDER BY id DESC;", (path, )).fetchall()
for item in rv: for item in rv:
yield self.query2comment(item) yield self.query2comment(item)

8
specs/test_db.py
View File

@ -1,5 +1,5 @@
import shutil import os
import tempfile import tempfile
import unittest import unittest
@ -11,9 +11,9 @@ class TestSQLite(unittest.TestCase):
def setUp(self): def setUp(self):
self.path = tempfile.mkdtemp() fd, self.path = tempfile.mkstemp()
self.db = SQLite() self.db = SQLite()
self.db.initialize({'DATA_DIR': self.path}) self.db.initialize({'SQLITE': self.path})
def test_add(self): def test_add(self):
@ -33,4 +33,4 @@ class TestSQLite(unittest.TestCase):
assert rv[0].text == 'Baz' assert rv[0].text == 'Baz'
def tearDown(self): def tearDown(self):
shutil.rmtree(self.path) os.unlink(self.path)