| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Alvaro Herrera <alvherre(at)alvh(dot)no-ip(dot)org> |
| Cc: | Bharath Rupireddy <bharath(dot)rupireddyforpostgres(at)gmail(dot)com>, PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: Add pg_strtoupper and pg_strtolower functions |
| Date: | 2022-05-04 13:40:03 |
| Message-ID: | 2336554.1651671603@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Alvaro Herrera <alvherre(at)alvh(dot)no-ip(dot)org> writes:
> Currently, pg_toupper/pg_tolower are used in very limited situations.
> Are they really always safe enough to run in arbitrary situations,
> enough to create this new layer on top of them?
They are not, and we should absolutely not be encouraging additional uses
of them. The existing multi-character str_toupper/str_tolower functions
should be used instead. (Perhaps those should be relocated to someplace
more prominent?)
> Reading the comment on
> pg_tolower, "the whole thing is a bit bogus for multibyte charsets", I
> worry that we might create security holes, either now or in future
> callsites that use these new functions.
I doubt that they are security holes, but they do give unexpected
answers in some locales.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter Eisentraut | 2022-05-04 13:53:27 | Re: [PATCH] Log details for client certificate failures |
| Previous Message | Peter Eisentraut | 2022-05-04 13:39:34 | Re: Add a new function and a document page to get/show all the server hooks |