X-Git-Url: https://git.openstreetmap.org./nominatim.git/blobdiff_plain/e7dc24c026cb8059493b4a04df8debe9809b311b..6e688a01138dd18c643cf3a5e3541506d9f63b20:/nominatim/api/logging.py diff --git a/nominatim/api/logging.py b/nominatim/api/logging.py index 37ae7f5f..30999a3f 100644 --- a/nominatim/api/logging.py +++ b/nominatim/api/logging.py @@ -13,6 +13,7 @@ import datetime as dt import textwrap import io import re +import html import sqlalchemy as sa from sqlalchemy.ext.asyncio import AsyncConnection @@ -83,33 +84,49 @@ class BaseLogger: def format_sql(self, conn: AsyncConnection, statement: 'sa.Executable', extra_params: Union[Mapping[str, Any], Sequence[Mapping[str, Any]], None]) -> str: - """ Return the comiled version of the statement. + """ Return the compiled version of the statement. """ compiled = cast('sa.ClauseElement', statement).compile(conn.sync_engine) params = dict(compiled.params) if isinstance(extra_params, Mapping): for k, v in extra_params.items(): - params[k] = str(v) + if hasattr(v, 'to_wkt'): + params[k] = v.to_wkt() + elif isinstance(v, (int, float)): + params[k] = v + else: + params[k] = str(v) elif isinstance(extra_params, Sequence) and extra_params: for k in extra_params[0]: params[k] = f':{k}' sqlstr = str(compiled) - if sa.__version__.startswith('1'): - try: - sqlstr = re.sub(r'__\[POSTCOMPILE_[^]]*\]', '%s', sqlstr) - return sqlstr % tuple((repr(params.get(name, None)) - for name in compiled.positiontup)) # type: ignore - except TypeError: - return sqlstr + if conn.dialect.name == 'postgresql': + if sa.__version__.startswith('1'): + try: + sqlstr = re.sub(r'__\[POSTCOMPILE_[^]]*\]', '%s', sqlstr) + return sqlstr % tuple((repr(params.get(name, None)) + for name in compiled.positiontup)) # type: ignore + except TypeError: + return sqlstr - # Fixes an odd issue with Python 3.7 where percentages are not - # quoted correctly. - sqlstr = re.sub(r'%(?!\()', '%%', sqlstr) - sqlstr = re.sub(r'__\[POSTCOMPILE_([^]]*)\]', r'%(\1)s', sqlstr) - return sqlstr % params + # Fixes an odd issue with Python 3.7 where percentages are not + # quoted correctly. + sqlstr = re.sub(r'%(?!\()', '%%', sqlstr) + sqlstr = re.sub(r'__\[POSTCOMPILE_([^]]*)\]', r'%(\1)s', sqlstr) + return sqlstr % params + + assert conn.dialect.name == 'sqlite' + + # params in positional order + pparams = (repr(params.get(name, None)) for name in compiled.positiontup) # type: ignore + + sqlstr = re.sub(r'__\[POSTCOMPILE_([^]]*)\]', '?', sqlstr) + sqlstr = re.sub(r"\?", lambda m: next(pparams), sqlstr) + + return sqlstr class HTMLLogger(BaseLogger): """ Logger that formats messages in HTML. @@ -211,7 +228,7 @@ class HTMLLogger(BaseLogger): HtmlFormatter(nowrap=True, lineseparator='
')) self._write(f'
{sqlstr}
') else: - self._write(f'{sqlstr}') + self._write(f'{html.escape(sqlstr)}') def _python_var(self, var: Any) -> str: @@ -219,7 +236,7 @@ class HTMLLogger(BaseLogger): fmt = highlight(str(var), PythonLexer(), HtmlFormatter(nowrap=True)) return f'
{fmt}
' - return f'{str(var)}' + return f'{html.escape(str(var))}' def _write(self, text: str) -> None: