[open-ils-commits] r16834 - in trunk/Open-ILS: include/openils src/c-apps (scottmk)
svn at svn.open-ils.org
svn at svn.open-ils.org
Wed Jun 30 09:32:30 EDT 2010
Author: scottmk
Date: 2010-06-30 09:32:28 -0400 (Wed, 30 Jun 2010)
New Revision: 16834
Modified:
trunk/Open-ILS/include/openils/oils_buildq.h
trunk/Open-ILS/src/c-apps/oils_buildq.c
trunk/Open-ILS/src/c-apps/oils_execsql.c
trunk/Open-ILS/src/c-apps/oils_qstore.c
trunk/Open-ILS/src/c-apps/oils_storedq.c
Log:
1. Degrade gracefully when the database connection dies.
2. Validate the user-specified operator in a series expression.
M Open-ILS/include/openils/oils_buildq.h
M Open-ILS/src/c-apps/oils_qstore.c
M Open-ILS/src/c-apps/oils_buildq.c
M Open-ILS/src/c-apps/oils_storedq.c
M Open-ILS/src/c-apps/oils_execsql.c
Modified: trunk/Open-ILS/include/openils/oils_buildq.h
===================================================================
--- trunk/Open-ILS/include/openils/oils_buildq.h 2010-06-29 21:55:51 UTC (rev 16833)
+++ trunk/Open-ILS/include/openils/oils_buildq.h 2010-06-30 13:32:28 UTC (rev 16834)
@@ -68,6 +68,7 @@
int defaults_usable; /**< Boolean; if true, we can use unconfirmed default
values for bind variables */
int values_required; /**< Boolean: if true, we need values for a bind variables */
+ int panic; /**< Boolean: set to true if database connection dies */
};
typedef enum {
Modified: trunk/Open-ILS/src/c-apps/oils_buildq.c
===================================================================
--- trunk/Open-ILS/src/c-apps/oils_buildq.c 2010-06-29 21:55:51 UTC (rev 16833)
+++ trunk/Open-ILS/src/c-apps/oils_buildq.c 2010-06-30 13:32:28 UTC (rev 16834)
@@ -35,6 +35,7 @@
state->indent = 0;
state->defaults_usable = 0;
state->values_required = 0;
+ state->panic = 0;
return state;
}
Modified: trunk/Open-ILS/src/c-apps/oils_execsql.c
===================================================================
--- trunk/Open-ILS/src/c-apps/oils_execsql.c 2010-06-29 21:55:51 UTC (rev 16833)
+++ trunk/Open-ILS/src/c-apps/oils_execsql.c 2010-06-30 13:32:28 UTC (rev 16834)
@@ -10,6 +10,8 @@
#include "opensrf/log.h"
#include "opensrf/string_array.h"
#include "opensrf/osrf_json.h"
+#include "opensrf/osrf_application.h"
+#include "openils/oils_sql.h"
#include "openils/oils_buildq.h"
static jsonObject* get_row( BuildSQLState* state );
@@ -49,6 +51,8 @@
(void) dbi_conn_error( state->dbhandle, &msg );
osrfLogError( OSRF_LOG_MARK, sqlAddMsg( state,
"Unable to execute query: %s",msg ? msg : "No description available" ));
+ if( ! oilsIsDBConnected( state->dbhandle ))
+ state->panic = 1;
return NULL;
}
Modified: trunk/Open-ILS/src/c-apps/oils_qstore.c
===================================================================
--- trunk/Open-ILS/src/c-apps/oils_qstore.c 2010-06-29 21:55:51 UTC (rev 16833)
+++ trunk/Open-ILS/src/c-apps/oils_qstore.c 2010-06-30 13:32:28 UTC (rev 16834)
@@ -204,6 +204,11 @@
osrfLogWarning( OSRF_LOG_MARK, "Unable to load stored query # %d", query_id );
osrfAppSessionStatus( ctx->session, OSRF_STATUS_BADREQUEST, "osrfMethodException",
ctx->request, "Unable to load stored query" );
+ if( state->panic ) {
+ osrfLogError( OSRF_LOG_MARK, sqlAddMsg( state,
+ "Database connection isn't working" ));
+ osrfAppSessionPanic( ctx->session );
+ }
return -1;
}
@@ -211,8 +216,8 @@
osrfLogInfo( OSRF_LOG_MARK, "Token for query id # %d is \"%s\"", query_id, token );
- // Build an object to return: a hash containing the query token
- // and a list of bind variables.
+ // Build an object to return. It will be a hash containing the query token and a
+ // list of bind variables.
jsonObject* returned_obj = jsonNewObjectType( JSON_HASH );
jsonObjectSetKey( returned_obj, "token", jsonNewObject( token ));
jsonObjectSetKey( returned_obj, "bind_variables",
@@ -261,6 +266,11 @@
if( query->state->error ) {
osrfAppSessionStatus( ctx->session, OSRF_STATUS_BADREQUEST, "osrfMethodException",
ctx->request, "Unable to get column names" );
+ if( query->state->panic ) {
+ osrfLogError( OSRF_LOG_MARK, sqlAddMsg( query->state,
+ "Database connection isn't working" ));
+ osrfAppSessionPanic( ctx->session );
+ }
return -1;
} else {
osrfAppRespondComplete( ctx, col_list );
@@ -449,6 +459,11 @@
"Unable to execute SQL statement for query id # %d", query->query->id ));
osrfAppSessionStatus( ctx->session, OSRF_STATUS_BADREQUEST, "osrfMethodException",
ctx->request, "Unable to execute SQL statement" );
+ if( query->state->panic ) {
+ osrfLogError( OSRF_LOG_MARK, sqlAddMsg( query->state,
+ "Database connection isn't working" ));
+ osrfAppSessionPanic( ctx->session );
+ }
return -1;
}
Modified: trunk/Open-ILS/src/c-apps/oils_storedq.c
===================================================================
--- trunk/Open-ILS/src/c-apps/oils_storedq.c 2010-06-29 21:55:51 UTC (rev 16833)
+++ trunk/Open-ILS/src/c-apps/oils_storedq.c 2010-06-30 13:32:28 UTC (rev 16834)
@@ -139,6 +139,8 @@
"Unable to execute dummy query for column names: #%d %s",
errnum, msg ? msg : "No description available" ));
state->error = 1;
+ if( ! oilsIsDBConnected( state->dbhandle ))
+ state->panic = 1;
return NULL;
}
@@ -210,6 +212,8 @@
"Unable to query query.stored_query table: #%d %s",
errnum, msg ? msg : "No description available" ));
state->error = 1;
+ if( ! oilsIsDBConnected( state->dbhandle ))
+ state->panic = 1;
}
pop_id( &state->query_stack );
@@ -428,6 +432,8 @@
osrfLogWarning( OSRF_LOG_MARK, sqlAddMsg( state,
"%s query # %d has no child queries within it", type_str, parent_id ));
state->error = 1;
+ if( ! oilsIsDBConnected( state->dbhandle ))
+ state->panic = 1;
return NULL;
}
} else {
@@ -605,6 +611,8 @@
"Unable to query query.from_relation table: #%d %s",
errnum, msg ? msg : "No description available" ));
state->error = 1;
+ if( ! oilsIsDBConnected( state->dbhandle ))
+ state->panic = 1;
}
if( fr )
@@ -838,6 +846,8 @@
"Unable to query query.from_relation table for join list: #%d %s",
errnum, msg ? msg : "No description available" ));
state->error = 1;
+ if( ! oilsIsDBConnected( state->dbhandle ))
+ state->panic = 1;
}
return join_list;
@@ -940,6 +950,8 @@
"Unable to query query.select_list table: #%d %s",
errnum, msg ? msg : "No description available" ));
state->error = 1;
+ if( ! oilsIsDBConnected( state->dbhandle ))
+ state->panic = 1;
}
return select_list;
@@ -1071,6 +1083,8 @@
"Unable to query query.bind_variable table for \"%s\": #%d %s",
name, errnum, msg ? msg : "No description available" ));
state->error = 1;
+ if( ! oilsIsDBConnected( state->dbhandle ))
+ state->panic = 1;
}
if( bind ) {
@@ -1251,6 +1265,8 @@
"Unable to query query.case_branch table for parent expression # %d: %s",
parent_id, errnum, msg ? msg : "No description available" ));
state->error = 1;
+ if( ! oilsIsDBConnected( state->dbhandle ))
+ state->panic = 1;
}
return branch_list;
@@ -1377,6 +1393,8 @@
"Unable to query query.datatype table: #%d %s",
errnum, msg ? msg : "No description available" ));
state->error = 1;
+ if( ! oilsIsDBConnected( state->dbhandle ))
+ state->panic = 1;
}
return datatype;
}
@@ -1506,6 +1524,8 @@
"Unable to query query.expression table: #%d %s",
errnum, msg ? msg : "No description available" ));
state->error = 1;
+ if( ! oilsIsDBConnected( state->dbhandle ))
+ state->panic = 1;
}
pop_id( &state->expr_stack );
@@ -1929,6 +1949,14 @@
"Series expression is empty in expression # %d", id ));
state->error = 1;
return NULL;
+ } else if( operator && !is_good_operator( operator )) {
+ // The specified operator contains one or more characters that aren't allowed
+ // in an operator. This isn't a true validation; it's just a protective
+ // measure to prevent certain kinds of sql injection.
+ osrfLogWarning( OSRF_LOG_MARK, sqlAddMsg( state,
+ "Series expression # %d contains invalid operator \"%s\"", id, operator ));
+ state->error = 1;
+ return NULL;
}
} else if( EXP_STRING == type ) {
@@ -2118,6 +2146,8 @@
"Unable to query query.expression table for expression list: #%d %s",
errnum, msg ? msg : "No description available" ));
state->error = 1;
+ if( ! oilsIsDBConnected( state->dbhandle ))
+ state->panic = 1;
}
return exp_list;
@@ -2166,6 +2196,8 @@
"Unable to query query.order_by_list table: #%d %s",
errnum, msg ? msg : "No description available" ));
state->error = 1;
+ if( ! oilsIsDBConnected( state->dbhandle ))
+ state->panic = 1;
}
return ord_list;
More information about the open-ils-commits
mailing list