diff options
| author | Tom Lane | 2006-05-27 18:07:22 +0000 |
|---|---|---|
| committer | Tom Lane | 2006-05-27 18:07:22 +0000 |
| commit | b71b22d901c5067621d4d7d5d6680902292b6797 (patch) | |
| tree | 77b265ef428751b17b50c751b75147ea7b231c6c | |
| parent | cad1ff1037523c3c20ed63ee1ce0894167498037 (diff) | |
Fix initdb to properly escape quotes and backslashes in the supplied
superuser password, and also in the paths of the various files it issues
SQL COPY commands for. Per bug #2424.
| -rw-r--r-- | src/bin/initdb/initdb.c | 40 |
1 files changed, 24 insertions, 16 deletions
diff --git a/src/bin/initdb/initdb.c b/src/bin/initdb/initdb.c index c8ab77a2e77..3469fa506cf 100644 --- a/src/bin/initdb/initdb.c +++ b/src/bin/initdb/initdb.c @@ -42,7 +42,7 @@ * Portions Copyright (c) 1994, Regents of the University of California * Portions taken from FreeBSD. * - * $PostgreSQL: pgsql/src/bin/initdb/initdb.c,v 1.99.2.2 2006/02/24 00:55:27 adunstan Exp $ + * $PostgreSQL: pgsql/src/bin/initdb/initdb.c,v 1.99.2.3 2006/05/27 18:07:22 tgl Exp $ * *------------------------------------------------------------------------- */ @@ -1178,20 +1178,20 @@ setup_config(void) conflines = replace_token(conflines, "#port = 5432", repltok); #endif - lc_messages = escape_quotes(lc_messages); - snprintf(repltok, sizeof(repltok), "lc_messages = '%s'", lc_messages); + snprintf(repltok, sizeof(repltok), "lc_messages = '%s'", + escape_quotes(lc_messages)); conflines = replace_token(conflines, "#lc_messages = 'C'", repltok); - lc_monetary = escape_quotes(lc_monetary); - snprintf(repltok, sizeof(repltok), "lc_monetary = '%s'", lc_monetary); + snprintf(repltok, sizeof(repltok), "lc_monetary = '%s'", + escape_quotes(lc_monetary)); conflines = replace_token(conflines, "#lc_monetary = 'C'", repltok); - lc_numeric = escape_quotes(lc_numeric); - snprintf(repltok, sizeof(repltok), "lc_numeric = '%s'", lc_numeric); + snprintf(repltok, sizeof(repltok), "lc_numeric = '%s'", + escape_quotes(lc_numeric)); conflines = replace_token(conflines, "#lc_numeric = 'C'", repltok); - lc_time = escape_quotes(lc_time); - snprintf(repltok, sizeof(repltok), "lc_time = '%s'", lc_time); + snprintf(repltok, sizeof(repltok), "lc_time = '%s'", + escape_quotes(lc_time)); conflines = replace_token(conflines, "#lc_time = 'C'", repltok); snprintf(path, sizeof(path), "%s/postgresql.conf", pg_data); @@ -1483,8 +1483,8 @@ get_set_pwd(void) PG_CMD_OPEN; - PG_CMD_PRINTF2("ALTER USER \"%s\" WITH PASSWORD '%s';\n", - username, pwd1); + PG_CMD_PRINTF2("ALTER USER \"%s\" WITH PASSWORD E'%s';\n", + username, escape_quotes(pwd1)); PG_CMD_CLOSE; @@ -1681,8 +1681,8 @@ setup_description(void) " objsubid int4, " " description text) WITHOUT OIDS;\n"); - PG_CMD_PRINTF1("COPY tmp_pg_description FROM '%s';\n", - desc_file); + PG_CMD_PRINTF1("COPY tmp_pg_description FROM E'%s';\n", + escape_quotes(desc_file)); PG_CMD_PUTS("INSERT INTO pg_description " " SELECT t.objoid, c.oid, t.objsubid, t.description " @@ -1853,8 +1853,8 @@ setup_schema(void) PG_CMD_PRINTF1("COPY information_schema.sql_features " " (feature_id, feature_name, sub_feature_id, " " sub_feature_name, is_supported, comments) " - " FROM '%s';\n", - features_file); + " FROM E'%s';\n", + escape_quotes(features_file)); PG_CMD_CLOSE; @@ -2031,7 +2031,15 @@ check_ok(void) } /* - * Escape any single quotes or backslashes in given string + * Escape (by doubling) any single quotes or backslashes in given string + * + * Note: this is used to process both postgresql.conf entries and SQL + * string literals. Since postgresql.conf strings are defined to treat + * backslashes as escapes, we have to double backslashes here. Hence, + * when using this for a SQL string literal, use E'' syntax. + * + * We do not need to worry about encoding considerations because all + * valid backend encodings are ASCII-safe. */ static char * escape_quotes(const char *src) |