Re: Re: [COMMITTERS] pgsql: Prevent the injection of invalidly encoded strings by PL/Python

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Peter Eisentraut <peter_e(at)gmx(dot)net>
Cc: Andrew Dunstan <andrew(at)dunslane(dot)net>, pgsql-hackers(at)postgresql(dot)org
Subject: Re: Re: [COMMITTERS] pgsql: Prevent the injection of invalidly encoded strings by PL/Python
Date: 2010-03-22 23:29:53
Message-ID: 16506.1269300593@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-committers pgsql-hackers

Peter Eisentraut <peter_e(at)gmx(dot)net> writes:
> I have never used Tcl before just now, and the documentation is sketchy,
> but it looks like the behavior of Tcl is kind of mixed in this area.

> Escapes such as "\xd0" are apparently converted to Unicode code points
> rather than bytes when the appropriate OS locale is set. So that is
> safe. Except that it doesn't work in some locale/charset setups, such
> as EUC_JP. To adapt Hannu's original example:

The pltcl code special-cases Unicode IIRC.

regards, tom lane

In response to

Responses

Browse pgsql-committers by date

  From Date Subject
Next Message Peter Eisentraut 2010-03-22 23:48:04 Re: Re: [COMMITTERS] pgsql: Prevent the injection of invalidly encoded strings by PL/Python
Previous Message Peter Eisentraut 2010-03-22 23:10:44 Re: [COMMITTERS] pgsql: Prevent the injection of invalidly encoded strings by PL/Python

Browse pgsql-hackers by date

  From Date Subject
Next Message Andrew Dunstan 2010-03-22 23:38:45 Re: xmlconcat (was 9.0 release notes done)
Previous Message Bruce Momjian 2010-03-22 23:12:46 Re: 9.0 release notes done