UNSAFE: Raw string warning for SVN in Diffusion


#1

Observed Behavior:

  1. open top folder in SVN repository
  2. see couple of warnings like this in dark console
'UNSAFE: Raw string ("") passed to query ("SELECT * FROM %s WHERE repositoryID = %s AND pathID = %s AND commitSequence <= %s %Q ORDER BY commitSequence DESC LIMIT %d, %d") for "%Q" conversion. %Q should be passed a query string.' at [qsprintf.php:435]

From \DiffusionHistoryQueryConduitAPIMethod::getSVNResult method.

'UNSAFE: Raw string ("AND svnCommit <= 927") passed to query ("SELECT pathID, max(svnCommit) maxCommit FROM %s WHERE repositoryID = %s AND parentID = %s %Q GROUP BY pathID") for "%Q" conversion. %Q should be passed a query string.' at [qsprintf.php:435]

From \DiffusionBrowseQueryConduitAPIMethod::getSVNResult method.

'UNSAFE: Raw string ("(pathID = 79 AND svnCommit = 3)") passed to query ("SELECT *, p.path pathName FROM %s f JOIN %s p ON f.pathID = p.id WHERE repositoryID = %s AND parentID = %s AND existed = 1 AND (%LO) ORDER BY pathName") subclause for "%LO" conversion. Subclause conversions should be passed a list of PhutilQueryString objects.' at [qsprintf.php:413]

From \DiffusionBrowseQueryConduitAPIMethod::getSVNResult method.

I’m getting warnings due %Q and %LO usage for queryfx_all calls.

Expected Behavior:
No warnings in dark console.

Phabricator Version:
Week 6, Year 2019.

Reproduction Steps:
I’m not able reproduce this on upstream, but code causing the issues haven’t changed.


#2

Thanks, see https://secure.phabricator.com/D20244.


closed #3