From: | "Christopher Kings-Lynne" <chriskl(at)familyhealth(dot)com(dot)au> |
---|---|
To: | "Christopher Kings-Lynne" <chriskl(at)familyhealth(dot)com(dot)au>, "Hackers" <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: getting confused parsing ACLITEMS... |
Date: | 2003-08-08 09:09:09 |
Message-ID: | 149a01c35d8c$bdd45640$2800a8c0@mars |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
The situation seems to be a bug that this patch would address. It seems to
me that when a username is considered unsafe due to containing double
quotes, the double quotes should be escaped (and the backslashes)!
Does this look alright?
Chris
Index: src/backend/utils/adt/acl.c
===================================================================
RCS file: /projects/cvsroot/pgsql-server/src/backend/utils/adt/acl.c,v
retrieving revision 1.94
diff -c -r1.94 acl.c
*** src/backend/utils/adt/acl.c 4 Aug 2003 02:40:04 -0000 1.94
--- src/backend/utils/adt/acl.c 8 Aug 2003 09:03:19 -0000
***************
*** 124,131 ****
}
if (!safe)
*p++ = '"';
! for (src = s; *src; src++)
*p++ = *src;
if (!safe)
*p++ = '"';
*p = '\0';
--- 124,134 ----
}
if (!safe)
*p++ = '"';
! for (src = s; *src; src++) {
! if (!safe && (*src == '"' || *src == '\\'))
! *p++ = '\\';
*p++ = *src;
+ }
if (!safe)
*p++ = '"';
*p = '\0';
From | Date | Subject | |
---|---|---|---|
Next Message | Christoph Haller | 2003-08-08 09:17:05 | Re: no of affected rows in prepared stmts |
Previous Message | Christopher Kings-Lynne | 2003-08-08 08:31:01 | getting confused parsing ACLITEMS... |