projects / users / gsingh / postgres.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 9825ad9) | patch
Further fixes to the pg_get_expr() security fix in back branches.
authorTom Lane <tgl@sss.pgh.pa.us>
Sat, 25 Sep 2010 19:57:05 +0000 (15:57 -0400)
committerTom Lane <tgl@sss.pgh.pa.us>
Sat, 25 Sep 2010 20:20:50 +0000 (16:20 -0400)
commit2c875a1deaba78d04e749397b630073d7723c476
tree338d4b67c5d8b2eac44ed9baea957e2dfeb10a55tree
parent9825ad9f4fd2da51e6decbf62c55023cec09fa43commit | diff
Further fixes to the pg_get_expr() security fix in back branches.

It now emerges that the JDBC driver expects to be able to use pg_get_expr()
on an output of a sub-SELECT.  So extend the check logic to be able to recurse
into a sub-SELECT to see if the argument is ultimately coming from an
appropriate column.  Per report from Thomas Kellerer.
src/backend/parser/parse_func.c diff | blob | blame | history
Postgres clone for personal branches