X-Git-Url: https://git.quassel-irc.org/?p=quassel.git;a=blobdiff_plain;f=src%2Fcore%2Fpostgresqlstorage.cpp;h=b7e8c9bc03e62cd280e88b1ac043d64673f951dc;hp=d9ba073e33000d138c2e63d6771d6a73c1819ea1;hb=aa1008be162cb27da938cce93ba533f54d228869;hpb=4a5065255e652dd0c301bac0db41b7afb777ef49 diff --git a/src/core/postgresqlstorage.cpp b/src/core/postgresqlstorage.cpp index d9ba073e..b7e8c9bc 100644 --- a/src/core/postgresqlstorage.cpp +++ b/src/core/postgresqlstorage.cpp @@ -96,11 +96,47 @@ QVariantMap PostgreSqlStorage::setupDefaults() const } -void PostgreSqlStorage::initDbSession(QSqlDatabase &db) -{ - // this blows... but unfortunately Qt's PG driver forces us to this... - db.exec("set standard_conforming_strings = off"); - db.exec("set escape_string_warning = off"); +bool PostgreSqlStorage::initDbSession(QSqlDatabase &db) +{ + // check whether the Qt driver performs string escaping or not. + // i.e. test if it doubles slashes. + QSqlField testField; + testField.setType(QVariant::String); + testField.setValue("\\"); + QString formattedString = db.driver()->formatValue(testField); + switch(formattedString.count('\\')) { + case 2: + // yes it does... and we cannot do anything to change the behavior of Qt. + // If this is a legacy DB (Postgres < 8.2), then everything is already ok, + // as this is the expected behavior. + // If it is a newer version, switch to legacy mode. + + quWarning() << "Switching Postgres to legacy mode. (set standard conforming strings to off)"; + // If the following calls fail, it is a legacy DB anyways, so it doesn't matter + // and no need to check the outcome. + db.exec("set standard_conforming_strings = off"); + db.exec("set escape_string_warning = off"); + break; + case 1: + // ok, so Qt does not escape... + // That means we have to ensure that postgres uses standard conforming strings... + { + QSqlQuery query = db.exec("set standard_conforming_strings = on"); + if (query.lastError().isValid()) { + // We cannot enable standard conforming strings... + // since Quassel does no escaping by itself, this would yield a major vulnerability. + quError() << "Failed to enable standard_conforming_strings for the Postgres db!"; + return false; + } + } + break; + default: + // The slash got replaced with 0 or more than 2 slashes! o_O + quError() << "Your version of Qt does something _VERY_ strange to slashes in QSqlQueries! You should consult your trusted doctor!"; + return false; + break; + } + return true; } @@ -279,21 +315,26 @@ void PostgreSqlStorage::setUserSetting(UserId userId, const QString &settingName out << data; QSqlDatabase db = logDb(); - QSqlQuery query(db); - query.prepare(queryString("insert_user_setting")); - query.bindValue(":userid", userId.toInt()); - query.bindValue(":settingname", settingName); - query.bindValue(":settingvalue", rawData); - safeExec(query); + QSqlQuery selectQuery(db); + selectQuery.prepare(queryString("select_user_setting")); + selectQuery.bindValue(":userid", userId.toInt()); + selectQuery.bindValue(":settingname", settingName); + safeExec(selectQuery); - if (query.lastError().isValid()) { - QSqlQuery updateQuery(db); - updateQuery.prepare(queryString("update_user_setting")); - updateQuery.bindValue(":userid", userId.toInt()); - updateQuery.bindValue(":settingname", settingName); - updateQuery.bindValue(":settingvalue", rawData); - safeExec(updateQuery); + QString setQueryString; + if (!selectQuery.first()) { + setQueryString = queryString("insert_user_setting"); + } + else { + setQueryString = queryString("update_user_setting"); } + + QSqlQuery setQuery(db); + setQuery.prepare(setQueryString); + setQuery.bindValue(":userid", userId.toInt()); + setQuery.bindValue(":settingname", settingName); + setQuery.bindValue(":settingvalue", rawData); + safeExec(setQuery); }