From: Nathan Wagner Date: Sun, 3 Oct 2021 22:19:23 +0000 (-0500) Subject: fix string escape in hashing X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=c969c2fb395020c100222b7a20619f4279ffcd7b;p=pgm fix string escape in hashing --- diff --git a/functions/hashing.sql b/functions/hashing.sql deleted file mode 100644 index 057ad56..0000000 --- a/functions/hashing.sql +++ /dev/null @@ -1,37 +0,0 @@ -create function zz_concat(text, text) returns text as - 'select md5($1 || $2);' language 'sql'; - -create aggregate zz_hashagg(text) ( - sfunc = zz_concat, - stype = text, - initcond = ''); - - -create function table_hash(t regclass) returns text language plpgsql as $$ -declare - tval text; - sql text; -begin - sql := 'select migration.zz_hashagg(md5(t::text) order by _migration_id) from '; - execute sql into tval; - return tval; -end; -$$; - -create function all_hash() returns text language plpgsql as $$ -declare - tval text; - sql text; -begin - select migration.zz_hashagg(migration.table_hash(C.oid) order by C.relname) into tval - from pg_attribute A - join pg_class C on C.oid = A.attrelid - where - A.attname = '_migration_id' - and C.relkind = 'r' - ; - - return tval; -end; -$$; - diff --git a/functions/table_hash.sql b/functions/table_hash.sql index be14335..2176ce3 100644 --- a/functions/table_hash.sql +++ b/functions/table_hash.sql @@ -1,4 +1,5 @@ -create function zz_concat(bytea, bytea) returns bytea as +create function zz_concat(bytea, bytea) returns bytea +as $$select digest($1 || $2,'sha256');$$ strict language 'sql'; create aggregate zz_hashagg(bytea) ( @@ -7,7 +8,9 @@ create aggregate zz_hashagg(bytea) ( ); create function table_hash(t regclass, key text) returns text -language plpgsql as $$ +language plpgsql +set search_path from current +as $$ declare tval bytea; sql text; @@ -22,7 +25,9 @@ end; $$; create function table_hash(t regclass, firstn bigint) returns text -language plpgsql as $$ +language plpgsql +set search_path from current +as $$ declare P migration.posting; tval bytea; @@ -32,7 +37,7 @@ declare key text; begin select * into strict P from migration.posting where table_oid = t; - selq := regexp_replace(P.selectq, ' where [[:print:]]+ = \?$', ''); + selq := regexp_replace(P.selectq, E' where [[:print:]]+ = \\?$', ''); key := P.keycol; sql := 'select zz_hashagg(digest(t::text, ''sha256'') order by '