Mercurial Mercurial > pub > hg > cubicweb / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
misc/migration/3.14.0_Any.py
author Aurelien Campeas <aurelien.campeas@logilab.fr>
Tue, 19 Mar 2013 15:30:06 +0100
changeset 8736 b84a233cb8b0
parent 8483 4ba11607d84a
child 10589 7c23b7de2b8d
permissions -rw-r--r--
[views/primary] some inner sections should use the `limit` by default to avoid a denial of service (closes #2719110) Today, it is possible to call .related and get a huge unlimited database-dos-inducing resultset that will be nevertheless limited a bit further in pure python in the `autolimited` view. While we cannot completely avoid potential denial of services such as these we mitigate the problem with the default ui settings: if the inner vid is `autolimited`, then the relation result sets is computed using the user-defined limit. This change respects the semantics of the `autolimited` view and shouldn't break anything.

config['rql-cache-size'] = config['rql-cache-size'] * 10

add_entity_type('CWDataImport')

from cubicweb.schema import CONSTRAINTS, guess_rrqlexpr_mainvars
for rqlcstr in rql('Any X,XT,XV WHERE X is CWConstraint, X cstrtype XT, X value XV,'
                   'X cstrtype XT, XT name IN ("RQLUniqueConstraint","RQLConstraint","RQLVocabularyConstraint"),'
                   'NOT X value ~= ";%"').entities():
    expression = rqlcstr.value
    mainvars = guess_rrqlexpr_mainvars(expression)
    yamscstr = CONSTRAINTS[rqlcstr.type](expression, mainvars)
    rqlcstr.cw_set(value=yamscstr.serialize())
    print 'updated', rqlcstr.type, rqlcstr.value.strip()
cubicweb