Opened 7 years ago
Last modified 11 months ago
#4540 closed defect
[PATCH] Lobby rating not working if username contains underscore — at Version 10
Reported by: | elexis | Owned by: | user1 |
---|---|---|---|
Priority: | Should Have | Milestone: | Alpha 27 |
Component: | Multiplayer lobby | Keywords: | patch rfc |
Cc: | user1, scythetwirler | Patch: | Phab:D628 |
Description (last modified by )
As reported by moe _, finishing a rated game has no effect on the player who has an underscore or other odd character in the playername.
(04:58:02) scythetwirler: underscore in SQL LIKE clauses is some sort of wildcard
related ticket
Change History (12)
comment:1 by , 7 years ago
Cc: | added |
---|
comment:2 by , 7 years ago
by , 7 years ago
Attachment: | echelon_escape_like.patch added |
---|
This escapes _, %, [, ], and \ in 3 places that sqlalchemy's ilike method is used. (first upload was sloppy. forgot to remove some logging )
comment:3 by , 7 years ago
broken down it's like this:
Player.jid.ilike ( str(JID).translate ( str.maketrans ( {"_": r"\_", "[": r"\[", "]": r"\]", "%": r"\%", "\\": r"\\"} ## backslash needs to be escaped in the left operand but not the right ) ), "\\" ## tell ilike to use backslash as an escape character (we also escape this backslash) )
comment:4 by , 7 years ago
Keywords: | patch rfc added |
---|---|
Summary: | Lobby rating not working if username contains underscore → [PATCH] Lobby rating not working if username contains underscore |
22:32 < user1> elexis: looks like there is no function in sqlalchemy core but insteadwe would have to install python3-sqlalchemy-utils which has what we need but i don't know if it's worth it
by , 7 years ago
Attachment: | echelon_escape_like2.patch added |
---|
This version uses the method escape_like from sqlalchemy_utils. (note that this will require installing the package python3-sqlalchemy-utils on the server) (reuploaded)
comment:5 by , 7 years ago
Patch: | → Phab:D629 |
---|
comment:7 by , 7 years ago
Milestone: | Alpha 22 → Work In Progress |
---|
Important to fix, but since we can change the lobby bot code after the release, it shouldn't block this. Also we need to fix the readme and should add the module (Phab:D280)
comment:8 by , 3 years ago
Owner: | set to |
---|
comment:9 by , 2 years ago
Description: | modified (diff) |
---|
Adding a link to a related ticket in the description
comment:10 by , 2 years ago
Description: | modified (diff) |
---|
Which makes one wonder why someone is using like there, with unsanitized input.