From cdf320dfb232fe5a22c9354acbd23477e31aabc9 Mon Sep 17 00:00:00 2001 From: Adam Johnson Date: Wed, 6 May 2020 05:35:26 +0100 Subject: [3.0.x] Fixed a/an typos in "SQL" usage. Backport of 1c2c6f1b51a540bddc7ae95f4d1213688411ca44 from master --- docs/ref/models/expressions.txt | 12 ++++++------ docs/ref/models/fields.txt | 2 +- 2 files changed, 7 insertions(+), 7 deletions(-) (limited to 'docs/ref/models') diff --git a/docs/ref/models/expressions.txt b/docs/ref/models/expressions.txt index baae1e3137..cbb3a552ae 100644 --- a/docs/ref/models/expressions.txt +++ b/docs/ref/models/expressions.txt @@ -338,7 +338,7 @@ The ``Func`` API is as follows: **extra_context ) - To avoid a SQL injection vulnerability, ``extra_context`` :ref:`must + To avoid an SQL injection vulnerability, ``extra_context`` :ref:`must not contain untrusted user input ` as these values are interpolated into the SQL string rather than passed as query parameters, where the database driver would escape them. @@ -353,7 +353,7 @@ assumed to be column references and will be wrapped in ``F()`` expressions while other values will be wrapped in ``Value()`` expressions. The ``**extra`` kwargs are ``key=value`` pairs that can be interpolated -into the ``template`` attribute. To avoid a SQL injection vulnerability, +into the ``template`` attribute. To avoid an SQL injection vulnerability, ``extra`` :ref:`must not contain untrusted user input ` as these values are interpolated into the SQL string rather than passed as query parameters, where the database @@ -1157,12 +1157,12 @@ SQL injection:: template = "%(function)s('%(substring)s' in %(expressions)s)" def __init__(self, expression, substring): - # substring=substring is a SQL injection vulnerability! + # substring=substring is an SQL injection vulnerability! super().__init__(expression, substring=substring) -This function generates a SQL string without any parameters. Since ``substring`` -is passed to ``super().__init__()`` as a keyword argument, it's interpolated -into the SQL string before the query is sent to the database. +This function generates an SQL string without any parameters. Since +``substring`` is passed to ``super().__init__()`` as a keyword argument, it's +interpolated into the SQL string before the query is sent to the database. Here's a corrected rewrite:: diff --git a/docs/ref/models/fields.txt b/docs/ref/models/fields.txt index 9a3de0db78..2fad2d64b7 100644 --- a/docs/ref/models/fields.txt +++ b/docs/ref/models/fields.txt @@ -1440,7 +1440,7 @@ relation works. null=True, ) - ``on_delete`` doesn't create a SQL constraint in the database. Support for + ``on_delete`` doesn't create an SQL constraint in the database. Support for database-level cascade options :ticket:`may be implemented later <21961>`. The possible values for :attr:`~ForeignKey.on_delete` are found in -- cgit v1.3