#36795: Always quote user-provided aliases
-------------------------------------+-------------------------------------
Reporter: Jacob Walls | Owner: Simon
Type: | Charette
Cleanup/optimization | Status: closed
Component: Database layer | Version: dev
(models, ORM) |
Severity: Normal | Resolution: fixed
Keywords: | Triage Stage: Ready for
| checkin
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Changes (by Jacob Walls <jacobtylerwalls@…>):
* resolution: => fixed
* status: assigned => closed
Comment:
In [changeset:"f05fac88c4699c6d04a8f1ac3328cf6c7bd39228" f05fac8]:
{{{#!CommitTicketReference repository=""
revision="f05fac88c4699c6d04a8f1ac3328cf6c7bd39228"
Fixed #36795 -- Enforced quoting of all database object names.
This ensures all database identifiers are quoted independently of their
orign
and most importantly that user provided aliases through annotate() and
alias()
which paves the way for dropping the allow list of characters such aliases
can
contain.
This will require adjustments to raw SQL interfaces such as RawSQL that
might
make reference to ORM managed annotations as these will now be quoted.
The `SQLCompiler.quote_name_unless_alias` method is kept for now as an
alias
for the newly introduced `.quote_name` method but will be duly deprecated
in
a follow up commit.
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/36795#comment:8>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion visit
https://groups.google.com/d/msgid/django-updates/0107019d06e98e24-a8f5938e-f65c-4c4c-9a49-89f2c13c938e-000000%40eu-central-1.amazonses.com.
