projects / users / c2main / postgres.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 76833ae) | patch
Further fixes to the pg_get_expr() security fix in back branches.
authorTom Lane <tgl@sss.pgh.pa.us>
Sat, 25 Sep 2010 19:57:05 +0000 (15:57 -0400)
committerTom Lane <tgl@sss.pgh.pa.us>
Sat, 25 Sep 2010 20:02:32 +0000 (16:02 -0400)
commit78b0a0d8c026d20788b584266c2aef5f5add16b2
tree6968a1fb0fd8999115904b265049e4ae86ba3425tree
parent76833aeab9f12768204078eedeac4e539986ac07commit | diff
Further fixes to the pg_get_expr() security fix in back branches.

It now emerges that the JDBC driver expects to be able to use pg_get_expr()
on an output of a sub-SELECT.  So extend the check logic to be able to recurse
into a sub-SELECT to see if the argument is ultimately coming from an
appropriate column.  Per report from Thomas Kellerer.
src/backend/parser/parse_func.c diff | blob | blame | history
Cedric's Stuff