Remove GetByBean method because sometimes it's danger when query condition parameter is zero and also introduce new generic methods #28220
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…ition parameter is zero
delvh
reviewed
Nov 26, 2023
delvh
approved these changes
Dec 3, 2023
wolfogre
reviewed
Dec 7, 2023
wolfogre
approved these changes
Dec 7, 2023
zjjhot
added a commit
to zjjhot/gitea
that referenced
this pull request
Dec 8, 2023
* giteaofficial/main: Improve text in Security settings (go-gitea#28393) Fix Docker meta action for releases (go-gitea#28232) Make gogit Repository.GetBranchNames consistent (go-gitea#28348) Remove GetByBean method because sometimes it's danger when query condition parameter is zero and also introduce new generic methods (go-gitea#28220) Include public repos in doer's dashboard for issue search (go-gitea#28304) Issue fixes for RSS feed improvements (go-gitea#28380) Fix margin in server signed signature verification view (go-gitea#28379) [skip ci] Updated translations via Crowdin Fix incorrect run order of action jobs (go-gitea#28367) Improve RSS feed icons (go-gitea#28368) Use `filepath` instead of `path` to create SQLite3 database file (go-gitea#28374) Fix incorrect default value of `[attachment].MAX_SIZE` (go-gitea#28373) Fix object does not exist error when checking citation file (go-gitea#28314)
lunny
added a commit
that referenced
this pull request
Dec 27, 2023
This is a regression from #28220 . `builder.Cond` will not add `` ` `` automatically but xorm method `Get/Find` adds `` ` ``. This PR also adds tests to prevent the method from being implemented incorrectly. The tests are added in `integrations` to test every database.
lunny
added a commit
that referenced
this pull request
Jan 15, 2024
Following #28220 This PR move more functions to use `db.Find`. --------- Co-authored-by: delvh <dev.lh@web.de>
fuxiaohei
pushed a commit
to fuxiaohei/gitea
that referenced
this pull request
Jan 17, 2024
…ition parameter is zero and also introduce new generic methods (go-gitea#28220) The function `GetByBean` has an obvious defect that when the fields are empty values, it will be ignored. Then users will get a wrong result which is possibly used to make a security problem. To avoid the possibility, this PR removed function `GetByBean` and all references. And some new generic functions have been introduced to be used. The recommand usage like below. ```go // if query an object according id obj, err := db.GetByID[Object](ctx, id) // query with other conditions obj, err := db.Get[Object](ctx, builder.Eq{"a": a, "b":b}) ```
fuxiaohei
pushed a commit
to fuxiaohei/gitea
that referenced
this pull request
Jan 17, 2024
This is a regression from go-gitea#28220 . `builder.Cond` will not add `` ` `` automatically but xorm method `Get/Find` adds `` ` ``. This PR also adds tests to prevent the method from being implemented incorrectly. The tests are added in `integrations` to test every database.
fuxiaohei
pushed a commit
to fuxiaohei/gitea
that referenced
this pull request
Jan 17, 2024
Following go-gitea#28220 This PR move more functions to use `db.Find`. --------- Co-authored-by: delvh <dev.lh@web.de>
silverwind
pushed a commit
to silverwind/gitea
that referenced
this pull request
Feb 20, 2024
…ition parameter is zero and also introduce new generic methods (go-gitea#28220) The function `GetByBean` has an obvious defect that when the fields are empty values, it will be ignored. Then users will get a wrong result which is possibly used to make a security problem. To avoid the possibility, this PR removed function `GetByBean` and all references. And some new generic functions have been introduced to be used. The recommand usage like below. ```go // if query an object according id obj, err := db.GetByID[Object](ctx, id) // query with other conditions obj, err := db.Get[Object](ctx, builder.Eq{"a": a, "b":b}) ```
silverwind
pushed a commit
to silverwind/gitea
that referenced
this pull request
Feb 20, 2024
This is a regression from go-gitea#28220 . `builder.Cond` will not add `` ` `` automatically but xorm method `Get/Find` adds `` ` ``. This PR also adds tests to prevent the method from being implemented incorrectly. The tests are added in `integrations` to test every database.
silverwind
pushed a commit
to silverwind/gitea
that referenced
this pull request
Feb 20, 2024
Following go-gitea#28220 This PR move more functions to use `db.Find`. --------- Co-authored-by: delvh <dev.lh@web.de>
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The function
GetByBeanhas an obvious defect that when the fields are empty values, it will be ignored. Then users will get a wrong result which is possibly used to make a security problem.To avoid the possibility, this PR removed function
GetByBeanand all references.And some new generic functions have been introduced to be used.
The recommand usage like below.