Don't pass strings directly to errdetail() and errhint() - use

%s to unescape them. Fixes a potential security issue (in as yet unreleased code)
author: Magnus Hagander 2008-11-20 15:36:22 +0000
committer: Magnus Hagander 2008-11-20 15:36:22 +0000
commit: 6c3690d835e3bb7fc86b4f08335cb7a8fd22f4e2 (patch)
tree: 57aff6be54441f1dd49b1d8455b5789a5e8abdbe
parent: 284491ee714bb106ba11468d25fec5e485f03e90 (diff)
1 files changed, 3 insertions, 3 deletions
diff --git a/src/pl/plpgsql/src/pl_exec.c b/src/pl/plpgsql/src/pl_exec.c
index 1393fb265d1..35cd6cbaff5 100644
--- a/src/pl/plpgsql/src/pl_exec.c
+++ b/src/pl/plpgsql/src/pl_exec.c
@@ -8,7 +8,7 @@
  *
  *
  * IDENTIFICATION
- *	  $PostgreSQL: pgsql/src/pl/plpgsql/src/pl_exec.c,v 1.224 2008/11/05 00:07:54 tgl Exp $
+ *	  $PostgreSQL: pgsql/src/pl/plpgsql/src/pl_exec.c,v 1.225 2008/11/20 15:36:22 mha Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -2538,8 +2538,8 @@ exec_stmt_raise(PLpgSQL_execstate *estate, PLpgSQL_stmt_raise *stmt)
 	ereport(stmt->elog_level,
 			(err_code ? errcode(err_code) : 0,
 			 errmsg_internal("%s", err_message),
-			 (err_detail != NULL) ? errdetail(err_detail) : 0,
-			 (err_hint != NULL) ? errhint(err_hint) : 0));
+			 (err_detail != NULL) ? errdetail("%s", err_detail) : 0,
+			 (err_hint != NULL) ? errhint("%s", err_hint) : 0));
 
 	estate->err_text = NULL;	/* un-suppress... */
author	Magnus Hagander	2008-11-20 15:36:22 +0000
committer	Magnus Hagander	2008-11-20 15:36:22 +0000
commit	6c3690d835e3bb7fc86b4f08335cb7a8fd22f4e2 (patch)
tree	57aff6be54441f1dd49b1d8455b5789a5e8abdbe
parent	284491ee714bb106ba11468d25fec5e485f03e90 (diff)