Sample Script create or replace function inline_0 () returns integer as ‘ declare v_count integer; begin select count(*) into v_count from user_tab_columns where lower(table_name) = ”acs_object_types” and lower(column_name) = ”icon_path”; IF v_count > 0 THEN return 1; END IF; alter table acs_object_types add column icon_path character varying(100); RETURN 0; end;’ language ‘plpgsql’; select inline_0 (); [...]

Using pg_dump -U projop -E UTF8 -d projop > projop.dump instead of the usual pg_dump –no-owner –clean –disable-dollar-quoting –format=p –file projop.dump I was able to to restore the db.

http://stackoverflow.com/questions/1973/what-is-the-best-way-to-avoid-sql-injection-attacks Golden Rules: 3: Custom-Written Value Sanitation. Avoid writing your own sanitation routines as much as possible except when it’s absolutely the only option remaining (which is very unlikely in any modern language). Input sanitation is a hard problem, and the costs of getting it wrong are huge. It’s best to leave that job to [...]

Sample User (user_id:28358) with profile “Sales” (group_id:473) can’t see Employees: Principal routine to check permissions create function acs_permission__permission_p(int4,int4,varchar) returns bool as ‘ declare permission_p__object_id alias for $1; permission_p__party_id alias for $2; permission_p__privilege alias for $3; exists_p boolean; begin return exists (select 1 from acs_permissions p, party_approved_member_map m, acs_object_context_index c, acs_privilege_descendant_map h where p.object_id = c.ancestor_id [...]

On this page: Control flow / Conditions Localization Categories Permissions Views OpenACS Packages User Management Database String operations Error handling Page contract Sanity checks See also Common constructs writing ]po[ update scripts Common used build in tcl commands Commonly used sql constructs Debugging Control flow / Conditions Check for existing variable exists_and_not_null project_id Localization OpenACS [...]