db_pas 폐기

func.py

@@ -18,8 +18,6 @@ session_opts = {
 
 app = beaker.middleware.SessionMiddleware(app(), session_opts)
 
-db_pas = pymysql.escape_string
-
 from mark import *
 
 def diff(seqm):
@@ -48,13 +46,13 @@ def admin_check(num):
     curs = conn.cursor(pymysql.cursors.DictCursor)
 
     ip = ip_check() 
-    curs.execute("select acl from user where id = '" + db_pas(ip) + "'")
+    curs.execute("select acl from user where id = '" + pymysql.escape_string(ip) + "'")
     user = curs.fetchall()
     if(user):
         reset = 0
         while(1):
             if(num == 1 and reset == 0):
-                curs.execute('select name from alist where name = "' + db_pas(user[0]["acl"]) + '" and acl = "ban"')
+                curs.execute('select name from alist where name = "' + pymysql.escape_string(user[0]["acl"]) + '" and acl = "ban"')
                 acl_data = curs.fetchall()
                 if(acl_data):
                     conn.close()
@@ -62,7 +60,7 @@ def admin_check(num):
                 else:
                     reset = 1
             elif(num == 2 and reset == 0):
-                curs.execute('select name from alist where name = "' + db_pas(user[0]["acl"]) + '" and acl = "mdel"')
+                curs.execute('select name from alist where name = "' + pymysql.escape_string(user[0]["acl"]) + '" and acl = "mdel"')
                 acl_data = curs.fetchall()
                 if(acl_data):
                     conn.close()
@@ -70,7 +68,7 @@ def admin_check(num):
                 else:
                     reset = 1
             elif(num == 3 and reset == 0):
-                curs.execute('select name from alist where name = "' + db_pas(user[0]["acl"]) + '" and acl = "toron"')
+                curs.execute('select name from alist where name = "' + pymysql.escape_string(user[0]["acl"]) + '" and acl = "toron"')
                 acl_data = curs.fetchall()
                 if(acl_data):
                     conn.close()
@@ -78,7 +76,7 @@ def admin_check(num):
                 else:
                     reset = 1
             elif(num == 4 and reset == 0):
-                curs.execute('select name from alist where name = "' + db_pas(user[0]["acl"]) + '" and acl = "check"')
+                curs.execute('select name from alist where name = "' + pymysql.escape_string(user[0]["acl"]) + '" and acl = "check"')
                 acl_data = curs.fetchall()
                 if(acl_data):
                     conn.close()
@@ -86,7 +84,7 @@ def admin_check(num):
                 else:
                     reset = 1
             elif(num == 5 and reset == 0):
-                curs.execute('select name from alist where name = "' + db_pas(user[0]["acl"]) + '" and acl = "acl"')
+                curs.execute('select name from alist where name = "' + pymysql.escape_string(user[0]["acl"]) + '" and acl = "acl"')
                 acl_data = curs.fetchall()
                 if(acl_data):
                     conn.close()
@@ -94,7 +92,7 @@ def admin_check(num):
                 else:
                     reset = 1
             elif(num == 6 and reset == 0):
-                curs.execute('select name from alist where name = "' + db_pas(user[0]["acl"]) + '" and acl = "hidel"')
+                curs.execute('select name from alist where name = "' + pymysql.escape_string(user[0]["acl"]) + '" and acl = "hidel"')
                 acl_data = curs.fetchall()
                 if(acl_data):
                     conn.close()
@@ -102,7 +100,7 @@ def admin_check(num):
                 else:
                     reset = 1
             else:
-                curs.execute('select name from alist where name = "' + db_pas(user[0]["acl"]) + '" and acl = "owner"')
+                curs.execute('select name from alist where name = "' + pymysql.escape_string(user[0]["acl"]) + '" and acl = "owner"')
                 acl_data = curs.fetchall()
                 if(acl_data):
                     conn.close()
@@ -121,7 +119,7 @@ def include_check(name, data):
     curs = conn.cursor(pymysql.cursors.DictCursor)
 
     if(re.search('^틀:', name)):
-        curs.execute("select link from back where title = '" + db_pas(name) + "' and type = 'include'")
+        curs.execute("select link from back where title = '" + pymysql.escape_string(name) + "' and type = 'include'")
         back = curs.fetchall()
         for backp in back:
             namumark(backp['link'], data, 1)
@@ -147,7 +145,7 @@ def ip_pas(raw_ip, num):
     if(re.search("(\.|:)", raw_ip)):
         ip = raw_ip
     else:
-        curs.execute("select title from data where title = '사용자:" + db_pas(raw_ip) + "'")
+        curs.execute("select title from data where title = '사용자:" + pymysql.escape_string(raw_ip) + "'")
         row = curs.fetchall()
         if(row):
             ip = '<a href="/w/' + url_pas('사용자:' + raw_ip) + '">' + raw_ip + '</a>'
@@ -192,7 +190,7 @@ def acl_check(ip, name):
                 conn.close()
                 return(1)
             else:
-                curs.execute("select * from ban where block = '" + db_pas(ip) + "'")
+                curs.execute("select * from ban where block = '" + pymysql.escape_string(ip) + "'")
                 rows = curs.fetchall()
                 if(rows):
                     conn.close()
@@ -211,22 +209,22 @@ def acl_check(ip, name):
         b = re.search("^([0-9](?:[0-9]?[0-9]?)\.[0-9](?:[0-9]?[0-9]?))", ip)
         if(b):
             results = b.groups()
-            curs.execute("select * from ban where block = '" + db_pas(results[0]) + "' and band = 'O'")
+            curs.execute("select * from ban where block = '" + pymysql.escape_string(results[0]) + "' and band = 'O'")
             rowss = curs.fetchall()
             if(rowss):
                 conn.close()
                 return(1)
             else:
-                curs.execute("select * from ban where block = '" + db_pas(ip) + "'")
+                curs.execute("select * from ban where block = '" + pymysql.escape_string(ip) + "'")
                 rows = curs.fetchall()
                 if(rows):
                     conn.close()
                     return(1)
                 else:
-                    curs.execute("select acl from data where title = '" + db_pas(name) + "'")
+                    curs.execute("select acl from data where title = '" + pymysql.escape_string(name) + "'")
                     row = curs.fetchall()
                     if(row):
-                        curs.execute("select * from user where id = '" + db_pas(ip) + "'")
+                        curs.execute("select * from user where id = '" + pymysql.escape_string(ip) + "'")
                         rows = curs.fetchall()
                         if(row[0]['acl'] == 'user'):
                             if(rows):
@@ -253,16 +251,16 @@ def acl_check(ip, name):
                         conn.close()
                         return(0)
         else:
-            curs.execute("select * from ban where block = '" + db_pas(ip) + "'")
+            curs.execute("select * from ban where block = '" + pymysql.escape_string(ip) + "'")
             rows = curs.fetchall()
             if(rows):
                 conn.close()
                 return(1)
             else:
-                curs.execute("select acl from data where title = '" + db_pas(name) + "'")
+                curs.execute("select acl from data where title = '" + pymysql.escape_string(name) + "'")
                 row = curs.fetchall()
                 if(row):
-                    curs.execute("select * from user where id = '" + db_pas(ip) + "'")
+                    curs.execute("select * from user where id = '" + pymysql.escape_string(ip) + "'")
                     rows = curs.fetchall()
                     if(row[0]['acl'] == 'user'):
                         if(rows):
@@ -302,13 +300,13 @@ def ban_check(ip):
     b = re.search("^([0-9](?:[0-9]?[0-9]?)\.[0-9](?:[0-9]?[0-9]?))", ip)
     if(b):
         results = b.groups()
-        curs.execute("select * from ban where block = '" + db_pas(results[0]) + "' and band = 'O'")
+        curs.execute("select * from ban where block = '" + pymysql.escape_string(results[0]) + "' and band = 'O'")
         rowss = curs.fetchall()
         if(rowss):
             conn.close()
             return(1)
         else:
-            curs.execute("select * from ban where block = '" + db_pas(ip) + "'")
+            curs.execute("select * from ban where block = '" + pymysql.escape_string(ip) + "'")
             rows = curs.fetchall()
             if(rows):
                 conn.close()
@@ -317,7 +315,7 @@ def ban_check(ip):
                 conn.close()
                 return(0)
     else:
-        curs.execute("select * from ban where block = '" + db_pas(ip) + "'")
+        curs.execute("select * from ban where block = '" + pymysql.escape_string(ip) + "'")
         rows = curs.fetchall()
         if(rows):
             conn.close()
@@ -339,19 +337,19 @@ def topic_check(ip, name, sub):
     b = re.search("^([0-9](?:[0-9]?[0-9]?)\.[0-9](?:[0-9]?[0-9]?))", ip)
     if(b):
         results = b.groups()
-        curs.execute("select * from ban where block = '" + db_pas(results[0]) + "' and band = 'O'")
+        curs.execute("select * from ban where block = '" + pymysql.escape_string(results[0]) + "' and band = 'O'")
         rowss = curs.fetchall()
         if(rowss):
             conn.close()
             return(1)
         else:
-            curs.execute("select * from ban where block = '" + db_pas(ip) + "'")
+            curs.execute("select * from ban where block = '" + pymysql.escape_string(ip) + "'")
             rows = curs.fetchall()
             if(rows):
                 conn.close()
                 return(1)
             else:
-                curs.execute("select * from stop where title = '" + db_pas(name) + "' and sub = '" + db_pas(sub) + "'")
+                curs.execute("select * from stop where title = '" + pymysql.escape_string(name) + "' and sub = '" + pymysql.escape_string(sub) + "'")
                 rows = curs.fetchall()
                 if(rows):
                     conn.close()
@@ -360,13 +358,13 @@ def topic_check(ip, name, sub):
                     conn.close()
                     return(0)
     else:
-        curs.execute("select * from ban where block = '" + db_pas(ip) + "'")
+        curs.execute("select * from ban where block = '" + pymysql.escape_string(ip) + "'")
         rows = curs.fetchall()
         if(rows):
             conn.close()
             return(1)
         else:
-            curs.execute("select * from stop where title = '" + db_pas(name) + "' and sub = '" + db_pas(sub) + "'")
+            curs.execute("select * from stop where title = '" + pymysql.escape_string(name) + "' and sub = '" + pymysql.escape_string(sub) + "'")
             rows = curs.fetchall()
             if(rows):
                 conn.close()
@@ -385,12 +383,12 @@ def rd_plus(title, sub, date):
     )
     curs = conn.cursor(pymysql.cursors.DictCursor)
 
-    curs.execute("select * from rd where title = '" + db_pas(title) + "' and sub = '" + db_pas(sub) + "'")
+    curs.execute("select * from rd where title = '" + pymysql.escape_string(title) + "' and sub = '" + pymysql.escape_string(sub) + "'")
     rd = curs.fetchall()
     if(rd):
-        curs.execute("update rd set date = '" + db_pas(date) + "' where title = '" + db_pas(title) + "' and sub = '" + db_pas(sub) + "'")
+        curs.execute("update rd set date = '" + pymysql.escape_string(date) + "' where title = '" + pymysql.escape_string(title) + "' and sub = '" + pymysql.escape_string(sub) + "'")
     else:
-        curs.execute("insert into rd (title, sub, date) value ('" + db_pas(title) + "', '" + db_pas(sub) + "', '" + db_pas(date) + "')")
+        curs.execute("insert into rd (title, sub, date) value ('" + pymysql.escape_string(title) + "', '" + pymysql.escape_string(sub) + "', '" + pymysql.escape_string(date) + "')")
     conn.commit()
     
     conn.close()
@@ -404,7 +402,7 @@ def rb_plus(block, end, today, blocker, why):
     )
     curs = conn.cursor(pymysql.cursors.DictCursor)
 
-    curs.execute("insert into rb (block, end, today, blocker, why) value ('" + db_pas(block) + "', '" + db_pas(end) + "', '" + today + "', '" + db_pas(blocker) + "', '" + db_pas(why) + "')")
+    curs.execute("insert into rb (block, end, today, blocker, why) value ('" + pymysql.escape_string(block) + "', '" + pymysql.escape_string(end) + "', '" + today + "', '" + pymysql.escape_string(blocker) + "', '" + pymysql.escape_string(why) + "')")
     conn.commit()
     
     conn.close()
@@ -418,13 +416,13 @@ def history_plus(title, data, date, ip, send, leng):
     )
     curs = conn.cursor(pymysql.cursors.DictCursor)
 
-    curs.execute("select * from history where title = '" + db_pas(title) + "' order by id+0 desc limit 1")
+    curs.execute("select * from history where title = '" + pymysql.escape_string(title) + "' order by id+0 desc limit 1")
     rows = curs.fetchall()
     if(rows):
         number = int(rows[0]['id']) + 1
-        curs.execute("insert into history (id, title, data, date, ip, send, leng) value ('" + str(number) + "', '" + db_pas(title) + "', '" + db_pas(data) + "', '" + date + "', '" + db_pas(ip) + "', '" + db_pas(send) + "', '" + leng + "')")
+        curs.execute("insert into history (id, title, data, date, ip, send, leng) value ('" + str(number) + "', '" + pymysql.escape_string(title) + "', '" + pymysql.escape_string(data) + "', '" + date + "', '" + pymysql.escape_string(ip) + "', '" + pymysql.escape_string(send) + "', '" + leng + "')")
     else:
-        curs.execute("insert into history (id, title, data, date, ip, send, leng) value ('1', '" + db_pas(title) + "', '" + db_pas(data) + "', '" + date + "', '" + db_pas(ip) + "', '" + db_pas(send + ' (새 문서)') + "', '" + leng + "')")
+        curs.execute("insert into history (id, title, data, date, ip, send, leng) value ('1', '" + pymysql.escape_string(title) + "', '" + pymysql.escape_string(data) + "', '" + date + "', '" + pymysql.escape_string(ip) + "', '" + pymysql.escape_string(send + ' (새 문서)') + "', '" + leng + "')")
     conn.commit()
     
     conn.close()

mark.py

@@ -35,8 +35,6 @@ def ip_check():
             ip = request.environ.get('REMOTE_ADDR')
 
     return(ip)
-    
-db_pas = pymysql.escape_string
 
 def url_pas(data):
     return(parse.quote(data).replace('/','%2F'))
@@ -330,10 +328,10 @@ def backlink_plus(name, link, backtype, num):
         conn = pymysql.connect(user = set_data['user'], password = set_data['pw'], charset = 'utf8mb4', db = set_data['db'])
         curs = conn.cursor(pymysql.cursors.DictCursor)
         
-        curs.execute("select title from back where title = '" + db_pas(link) + "' and link = '" + db_pas(name) + "' and type = '" + backtype + "'")
+        curs.execute("select title from back where title = '" + pymysql.escape_string(link) + "' and link = '" + pymysql.escape_string(name) + "' and type = '" + backtype + "'")
         y = curs.fetchall()
         if(not y):
-            curs.execute("insert into back (title, link, type) value ('" + db_pas(link) + "', '" + db_pas(name) + "',  '" + backtype + "')")
+            curs.execute("insert into back (title, link, type) value ('" + pymysql.escape_string(link) + "', '" + pymysql.escape_string(name) + "',  '" + backtype + "')")
             conn.commit()
             
         conn.close()
@@ -343,10 +341,10 @@ def cat_plus(name, link, num):
         conn = pymysql.connect(user = set_data['user'], password = set_data['pw'], charset = 'utf8mb4', db = set_data['db'])
         curs = conn.cursor(pymysql.cursors.DictCursor)
         
-        curs.execute("select title from cat where title = '" + db_pas(link) + "' and cat = '" + db_pas(name) + "'")
+        curs.execute("select title from cat where title = '" + pymysql.escape_string(link) + "' and cat = '" + pymysql.escape_string(name) + "'")
         y = curs.fetchall()
         if(not y):
-            curs.execute("insert into cat (title, cat) value ('" + db_pas(link) + "', '" + db_pas(name) + "')")
+            curs.execute("insert into cat (title, cat) value ('" + pymysql.escape_string(link) + "', '" + pymysql.escape_string(name) + "')")
             conn.commit()
             
         conn.close()
@@ -374,7 +372,7 @@ def namumark(title, data, num):
             if(results[0] == title):
                 data = include.sub("<b>" + results[0] + "</b>", data, 1)
             else:
-                curs.execute("select * from data where title = '" + db_pas(results[0]) + "'")
+                curs.execute("select * from data where title = '" + pymysql.escape_string(results[0]) + "'")
                 in_con = curs.fetchall()
                 
                 backlink_plus(title, results[0], 'include', num)
@@ -455,7 +453,7 @@ def namumark(title, data, num):
                 cat_plus(title, g[0], num)
                     
                 if(category == ''):
-                    curs.execute("select title from data where title = '" + db_pas(g[0]) + "'")
+                    curs.execute("select title from data where title = '" + pymysql.escape_string(g[0]) + "'")
                     exists = curs.fetchall()
                     if(exists):
                         red = ""
@@ -464,7 +462,7 @@ def namumark(title, data, num):
                         
                     category += '<a ' + red + ' href="/w/' + url_pas(g[0]) + '">' + re.sub("분류:", "", g[0]) + '</a>'
                 else:
-                    curs.execute("select title from data where title = '" + db_pas(g[0]) + "'")
+                    curs.execute("select title from data where title = '" + pymysql.escape_string(g[0]) + "'")
                     exists = curs.fetchall()
                     if(exists):
                         red = ""
@@ -664,7 +662,7 @@ def namumark(title, data, num):
                 else:
                     nosharp = re.sub("<sharp>", "#", results[0])
                     
-                    curs.execute("select title from data where title = '" + db_pas(nosharp) + "'")
+                    curs.execute("select title from data where title = '" + pymysql.escape_string(nosharp) + "'")
                     y = curs.fetchall()
                     if(y):
                         clas = ''

update.py

@@ -13,8 +13,6 @@ conn = pymysql.connect(
 )
 curs = conn.cursor(pymysql.cursors.DictCursor)   
 
-db_pas = pymysql.escape_string
-
 r_ver = '2.1.7'
 
 conn.commit()