[security] fix security insertion on DISTINCT queries stable
authorSylvain Thénault <sylvain.thenault@logilab.fr>
Wed, 26 May 2010 17:19:44 +0200
branchstable
changeset 5596 d66a5d98db5b
parent 5593 f6c55bec9326
child 5598 0a68e7f5829c
[security] fix security insertion on DISTINCT queries
server/querier.py
--- a/server/querier.py	Wed May 26 15:45:22 2010 +0200
+++ b/server/querier.py	Wed May 26 17:19:44 2010 +0200
@@ -269,6 +269,7 @@
                 # transform in subquery when len(localchecks)>1 and groups
                 if nbtrees > 1 and (select.orderby or select.groupby or
                                     select.having or select.has_aggregat or
+                                    select.distinct or
                                     select.limit or select.offset):
                     newselect = Select()
                     # only select variables in subqueries
@@ -303,6 +304,7 @@
                         select.offset = 0
                     myunion = Union()
                     newselect.set_with([SubQuery(aliases, myunion)], check=False)
+                    newselect.distinct = select.distinct
                     solutions = [sol.copy() for sol in select.solutions]
                     cleanup_solutions(newselect, solutions)
                     newselect.set_possible_types(solutions)