diff options
| author | Mike Bayer <mike_mp@zzzcomputing.com> | 2021-04-12 14:33:50 -0400 |
|---|---|---|
| committer | Mike Bayer <mike_mp@zzzcomputing.com> | 2021-04-12 14:33:50 -0400 |
| commit | f0a334903316aa1f320053e368842458f667cbf3 (patch) | |
| tree | c220fb647b5d4d772267afd3fa06292185256046 /lib/sqlalchemy/sql | |
| parent | cf6f342150791ace82c6a099e8ea2923138bd61e (diff) | |
| download | sqlalchemy-f0a334903316aa1f320053e368842458f667cbf3.tar.gz | |
Ensure bindparam key escaping applied in all cases
Fixed regression where the :class:`_sql.BindParameter` object would not
properly render for an IN expression (i.e. using the "post compile" feature
in 1.4) if the object were copied from either an internal cloning
operation, or from a pickle operation, and the parameter name contained
spaces or other special characters.
Fixes: #6249
Change-Id: Icd0d4096c8fa4eb1a1d4c20f8a96d8b1ae439f0a
Diffstat (limited to 'lib/sqlalchemy/sql')
| -rw-r--r-- | lib/sqlalchemy/sql/elements.py | 16 |
1 files changed, 11 insertions, 5 deletions
diff --git a/lib/sqlalchemy/sql/elements.py b/lib/sqlalchemy/sql/elements.py index 9e1b69088..e97ed252e 100644 --- a/lib/sqlalchemy/sql/elements.py +++ b/lib/sqlalchemy/sql/elements.py @@ -1363,9 +1363,10 @@ class BindParameter(roles.InElementRole, ColumnElement): if unique: self.key = _anonymous_label.safe_construct( id(self), - re.sub(r"[%\(\) \$]+", "_", key).strip("_") + key if key is not None and not isinstance(key, _anonymous_label) else "param", + sanitize_key=True, ) self._key_is_anon = True elif key: @@ -1479,7 +1480,7 @@ class BindParameter(roles.InElementRole, ColumnElement): c = ClauseElement._clone(self, **kw) if not maintain_key and self.unique: c.key = _anonymous_label.safe_construct( - id(c), c._orig_key or "param" + id(c), c._orig_key or "param", sanitize_key=True ) return c @@ -1514,7 +1515,7 @@ class BindParameter(roles.InElementRole, ColumnElement): if not self.unique: self.unique = True self.key = _anonymous_label.safe_construct( - id(self), self._orig_key or "param" + id(self), self._orig_key or "param", sanitize_key=True ) def __getstate__(self): @@ -1531,7 +1532,7 @@ class BindParameter(roles.InElementRole, ColumnElement): def __setstate__(self, state): if state.get("unique", False): state["key"] = _anonymous_label.safe_construct( - id(self), state.get("_orig_key", "param") + id(self), state.get("_orig_key", "param"), sanitize_key=True ) self.__dict__.update(state) @@ -5048,9 +5049,14 @@ class _anonymous_label(_truncated_label): __slots__ = () @classmethod - def safe_construct(cls, seed, body, enclosing_label=None): + def safe_construct( + cls, seed, body, enclosing_label=None, sanitize_key=False + ): # type: (int, str, Optional[_anonymous_label]) -> _anonymous_label + if sanitize_key: + body = re.sub(r"[%\(\) \$]+", "_", body).strip("_") + label = "%%(%d %s)s" % (seed, body.replace("%", "%%")) if enclosing_label: label = "%s%s" % (enclosing_label, label) |