pgsql: Don't pass strings directly to errdetail() and errhint() - use %s

From: mha(at)postgresql(dot)org (Magnus Hagander)
To: pgsql-committers(at)postgresql(dot)org
Subject: pgsql: Don't pass strings directly to errdetail() and errhint() - use %s
Date: 2008-11-20 15:36:22
Message-ID: 20081120153622.C98757545A4@cvs.postgresql.org
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-committers

Log Message:
-----------
Don't pass strings directly to errdetail() and errhint() - use
%s to unescape them. Fixes a potential security issue (in as yet
unreleased code)

Modified Files:
--------------
pgsql/src/pl/plpgsql/src:
pl_exec.c (r1.224 -> r1.225)
(http://anoncvs.postgresql.org/cvsweb.cgi/pgsql/src/pl/plpgsql/src/pl_exec.c?r1=1.224&r2=1.225)

Browse pgsql-committers by date

  From Date Subject
Next Message Magnus Hagander 2008-11-20 15:39:32 Re: Re: [COMMITTERS] pgsql: Silence compiler warning about ignored return value.
Previous Message Magnus Hagander 2008-11-20 15:34:19 Re: Re: [COMMITTERS] pgsql: Silence compiler warning about ignored return value.