projects / postgresql.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 1f4ec89) | patch
Prohibit transaction commands in security definer procedures
authorPeter Eisentraut <peter_e@gmx.net>
Wed, 4 Jul 2018 07:26:19 +0000 (09:26 +0200)
committerPeter Eisentraut <peter_e@gmx.net>
Fri, 13 Jul 2018 08:41:32 +0000 (10:41 +0200)
commit3884072329bd1ad7d41bf7582c5d60e969365634
treeda3724960a864d083aab60b66d060f35a9b9ced9tree
parent1f4ec8945967a75f711d721860752985624a0957commit | diff
Prohibit transaction commands in security definer procedures

Starting and aborting transactions in security definer procedures
doesn't work.  StartTransaction() insists that the security context
stack is empty, so this would currently cause a crash, and
AbortTransaction() resets it.  This could be made to work by
reorganizing the code, but right now we just prohibit it.

Reported-by: amul sul <sulamul@gmail.com>
Discussion: https://www.postgresql.org/message-id/flat/CAAJ_b96Gupt_LFL7uNyy3c50-wbhA68NUjiK5%3DrF6_w%3Dpq_T%3DQ%40mail.gmail.com
doc/src/sgml/ref/create_procedure.sgml diff | blob | blame | history
src/backend/commands/functioncmds.c diff | blob | blame | history
src/pl/plpgsql/src/expected/plpgsql_transaction.out diff | blob | blame | history
src/pl/plpgsql/src/sql/plpgsql_transaction.sql diff | blob | blame | history
This is the main PostgreSQL git repository.