* fix(db_query): Disallow blacklisted functions in (order|group)_by
Changes:
- allow only functions that are not blacklisted in *_by clause:
currently just sleep
- perf improvemnts: lower, in, split, strip & other low hanging micro optimizations
Handle the following use cases:
- upper/lower case function usages
- spaces between function name and brackets
* test(db_query): Add tests for *_by checks
* Small fixes in set_fields and clean code
* Optimize casefolds
* Fixed functions passed in List
* get_sql => get_query - more expressive, less confusion
* Updated tests
* fix: misc fixes
local.x gets resetted on every request so switched to a simple dict
simplified is_val_used in set_next_val function for sequences
* chore: use multisql for sequence methods
* fix: fields not updating on form
* minor(base_input): removed unnecessary branching in update_input
* chore: remove prints and rename autoincremented_status_map
* chore: added proper type hint + comment + formatting
* fix: added searching in cast_name rather than handling it manually
* fix: share condition query + test_build_match_conditions
* fix: add cast_name to more places
* test: test for sequence
* fix: sequence functions
* fix: inherit frappetestcase
* minor: attach sequence methods to db context local
* chore: update sequence function names in Database
use frappe.db for sequences in naming.py
* fix: convert filename to str (for autoincremented doctypes)
* chore: better regex for modifying values for postgres
* minor: allow changing name column type (if no data is present in the doctype)
* refactor: validate_autoname
converted it to a simple function
enabled changing autoincrement autoname from customize form
* fix: use sql_ddl for change_column_type in postgres
* fix: use not null constraint in postgres when changing name type
* fix(test): updated test_autoincremented_doctype_transition with transitioning when no data is present
* fix(test): updated test_cast_name
probably messed up during rebase
* fix(test): used rollback upon error in transaction for postgres
* chore: use frappe.db.x methods for sequences
* minor: use temporary sequences in test
* minor: use generate_hash for sequence naming in sequence tests
* chore: replace sequence imports with frappe.db.x
* chore: move out casting name fields to a separate method
* refactor: cast_name
more explicit cases for casts and added docstring
* fix: added space in test_cast_name
* chore: fix linter
* chore: better naming for can_change_name_column_type
* chore: add comment for autoincremented_site_status_map
* chore: update/add docstrings
* fix(test): use data fieldtype instead of int
postgres doesn't allow using like operator on int/any non-text/varchar column
ref: https://github.com/frappe/frappe/issues/16722
* minor: updated test_fieldname_starting_with_int with child table filters
The license.txt file has been replaced with LICENSE for quite a while
now. INAL but it didn't seem accurate to say "hey, checkout license.txt
although there's no such file". Apart from this, there were
inconsistencies in the headers altogether...this change brings
consistency.
* Remove six for PY2 compatability since our dependencies are not, PY2
is legacy.
* Removed usages of utils from future/past libraries since they are
deprecated. This includes 'from __future__ ...' and 'from past...'
statements.
* Removed compatibility imports for PY2, switched from six imports to
standard library imports.
* Removed utils code blocks that handle operations depending on PY2/3
versions.
* Removed 'from __future__ ...' lines from templates/code generators
* Used PY3 syntaxes in place of PY2 compatible blocks. eg: metaclass
* fix: disallow global variable access through sql
Signed-off-by: Chinmay D. Pai <chinmaydpai@gmail.com>
Co-authored-by: Sahil Khan <sahilkhan28297@gmail.com>
* chore: add test for sql disallowed variable access
Signed-off-by: Chinmay D. Pai <chinmaydpai@gmail.com>
Co-authored-by: Sahil Khan <sahilkhan28297@gmail.com>
