]> granicus.if.org Git - postgresql/commit
projects / postgresql / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 5efa144) | patch
Further fixes to the pg_get_expr() security fix in back branches.
authorTom Lane <tgl@sss.pgh.pa.us>
Sat, 25 Sep 2010 19:57:05 +0000 (15:57 -0400)
committerTom Lane <tgl@sss.pgh.pa.us>
Sat, 25 Sep 2010 20:39:44 +0000 (16:39 -0400)
commit3c2da80df6bc70ab16cc1bcb30149040575b35bc
tree82e5d55a8216b6297c1d5037a8d6e2c002720e2dtree | snapshot
parent5efa1444e61fed7f6641dc13010582f00cb98111commit | diff
Further fixes to the pg_get_expr() security fix in back branches.

It now emerges that the JDBC driver expects to be able to use pg_get_expr()
on an output of a sub-SELECT.  So extend the check logic to be able to recurse
into a sub-SELECT to see if the argument is ultimately coming from an
appropriate column.  Per report from Thomas Kellerer.
src/backend/parser/parse_func.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.