Compare revisions

763dbde8 · 763dbde8 · 763dbde8 · 9f6058b3 · c673b555 · 9f6058b3
--- a/hive/server/database_api/methods.py
+++ b/hive/server/database_api/methods.py
 # pylint: disable=too-many-arguments,line-too-long,too-many-lines
 from enum import Enum

-from hive.server.common.helpers import return_error_info, valid_limit, valid_account, valid_permlink
+from hive.server.common.helpers import return_error_info, valid_limit, valid_account, valid_permlink, valid_date
 from hive.server.database_api.objects import database_post_object
 from hive.utils.normalize import rep_to_raw, number_to_json_value, time_string_with_t

@@ -20,48 +20,69 @@ async def list_comments(context, start: list, limit: int, order: str):
    if order == 'by_cashout_time':
        assert len(start) == 3, "Expecting three arguments"
        cashout_time = start[0]
+        valid_date(cashout_time)
        if cashout_time[0:4] == '1969':
            cashout_time = "infinity"
        author = start[1]
+        valid_account(author, allow_empty=True)
        permlink = start[2]
+        valid_permlink(permlink, allow_empty=True)
        sql = "SELECT * FROM list_comments_by_cashout_time(:cashout_time, :author, :permlink, :limit)"
        result = await db.query_all(sql, cashout_time=cashout_time, author=author, permlink=permlink, limit=limit)
    elif order == 'by_permlink':
        assert len(start) == 2, "Expecting two arguments"
        author = start[0]
+        valid_account(author, allow_empty=True)
        permlink = start[1]
+        valid_permlink(permlink, allow_empty=True)
        sql = "SELECT * FROM list_comments_by_permlink(:author, :permlink, :limit)"
        result = await db.query_all(sql, author=author, permlink=permlink, limit=limit)
    elif order == 'by_root':
        assert len(start) == 4, "Expecting 4 arguments"
        root_author = start[0]
+        valid_account(root_author, allow_empty=True)
        root_permlink = start[1]
+        valid_permlink(root_permlink, allow_empty=True)
        start_post_author = start[2]
+        valid_account(start_post_author, allow_empty=True)
        start_post_permlink = start[3]
+        valid_permlink(start_post_permlink, allow_empty=True)
        sql = "SELECT * FROM list_comments_by_root(:root_author, :root_permlink, :start_post_author, :start_post_permlink, :limit)"
        result = await db.query_all(sql, root_author=root_author, root_permlink=root_permlink, start_post_author=start_post_author, start_post_permlink=start_post_permlink, limit=limit)
    elif order == 'by_parent':
        assert len(start) == 4, "Expecting 4 arguments"
        parent_author = start[0]
+        valid_account(parent_author, allow_empty=True)
        parent_permlink = start[1]
+        valid_permlink(parent_permlink, allow_empty=True)
        start_post_author = start[2]
+        valid_account(start_post_author, allow_empty=True)
        start_post_permlink = start[3]
+        valid_permlink(start_post_permlink, allow_empty=True)
        sql = "SELECT * FROM list_comments_by_parent(:parent_author, :parent_permlink, :start_post_author, :start_post_permlink, :limit)"
        result = await db.query_all(sql, parent_author=parent_author, parent_permlink=parent_permlink, start_post_author=start_post_author, start_post_permlink=start_post_permlink, limit=limit)
    elif order == 'by_last_update':
        assert len(start) == 4, "Expecting 4 arguments"
        parent_author = start[0]
+        valid_account(parent_author, allow_empty=True)
        updated_at = start[1]
+        valid_date(updated_at)
        start_post_author = start[2]
+        valid_account(start_post_author, allow_empty=True)
        start_post_permlink = start[3]
+        valid_permlink(start_post_permlink, allow_empty=True)
        sql = "SELECT * FROM list_comments_by_last_update(:parent_author, :updated_at, :start_post_author, :start_post_permlink, :limit)"
        result = await db.query_all(sql, parent_author=parent_author, updated_at=updated_at, start_post_author=start_post_author, start_post_permlink=start_post_permlink, limit=limit)
    elif order == 'by_author_last_update':
        assert len(start) == 4, "Expecting 4 arguments"
        author = start[0]
+        valid_account(author, allow_empty=True)
        updated_at = start[1]
+        valid_date(updated_at)
        start_post_author = start[2]
+        valid_account(start_post_author, allow_empty=True)
        start_post_permlink = start[3]
+        valid_permlink(start_post_permlink, allow_empty=True)
        sql = "SELECT * FROM list_comments_by_author_last_update(:author, :updated_at, :start_post_author, :start_post_permlink, :limit)"
        result = await db.query_all(sql, author=author, updated_at=updated_at, start_post_author=start_post_author, start_post_permlink=start_post_permlink, limit=limit)


--- a/hive/server/hive_api/objects.py
+++ b/hive/server/hive_api/objects.py
@@ -10,7 +10,7 @@ async def accounts_by_name(db, names, observer=None, lite=True):
    """Find and return accounts by `name`."""

    sql = """SELECT id, name, display_name, about, created_at,
-                    vote_weight, rank, followers, following %s
+                    rank, followers, following %s
               FROM hive_accounts WHERE name IN :names"""
    fields = '' if lite else ', location, website, profile_image, cover_image'
    rows = await db.query_all(sql % fields, names=tuple(names))
@@ -21,7 +21,6 @@ async def accounts_by_name(db, names, observer=None, lite=True):
            'id': row['id'],
            'name': row['name'],
            'created': str(row['created_at']).split(' ')[0],
-            'sp': int(estimated_sp(row['vote_weight'])),
            'rank': row['rank'],
            'followers': row['followers'],
            'following': row['following'],

--- a/hive/utils/normalize.py
+++ b/hive/utils/normalize.py
@@ -29,6 +29,7 @@ UNIT_NAI = {

 # convert special chars into their octal formats recognized by sql
 SPECIAL_CHARS = {
+    "\x00" : " ", # nul char cannot be stored in string column (ABW: if we ever find the need to store nul chars we'll need bytea, not text)
    "\r" : "\\015",
    "\n" : "\\012",
    "\v" : "\\013",
@@ -74,21 +75,26 @@ def escape_characters(text):
    ret = "E'"

    for ch in text:
-        if ch.isprintable() or ch in SPECIAL_CHARS:
-            try:
-                dw = SPECIAL_CHARS[ch]
-                ret = ret + dw
-            except KeyError:
-                ret = ret + ch
+        if ch in SPECIAL_CHARS:
+            dw = SPECIAL_CHARS[ch]
+            ret = ret + dw
        else:
            ordinal = ord(ch)
-            if ordinal == 0 or ordinal >= 0x80:
-                escaped_value = 'u' + hex(ordinal)[2:]
-#                logging.info("Encoded unicode escape: {}".format(escaped_value))
+            if ordinal <= 0x80 and ch.isprintable():
+                ret = ret + ch
            else:
-                escaped_value = ch.encode('unicode-escape').decode('utf-8')
-
-            ret = ret + escaped_value
+                hexstr = hex(ordinal)[2:]
+                i = len(hexstr)
+                max = 4
+                escaped_value = '\\u'
+                if i > max:
+                    max = 8
+                    escaped_value = '\\U'
+                while i < max:
+                    escaped_value += '0'
+                    i += 1
+                escaped_value += hexstr
+                ret = ret + escaped_value

    ret = ret + "'"
    return ret

--- a/tests_api @ 9f6058b3
+++ b/tests_api @ 9f6058b3
-Subproject commit c673b555aa055358e0f5a1e1401a4110f7f83ca3
+Subproject commit 9f6058b31adec6378ead1b15ae6c1e7bb75823f7
No results found