projects / postgresql.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 4f59eed) | patch
Further fixes to the pg_get_expr() security fix in back branches.
authorTom Lane <[email protected]>
Sat, 25 Sep 2010 19:57:05 +0000 (15:57 -0400)
committerTom Lane <[email protected]>
Sat, 25 Sep 2010 20:19:35 +0000 (16:19 -0400)
commita824c59c184435184c8466be62fd6a6ba3dfd6a6
tree134e93c16fe46448a773e2416d016da026bb3c5ctree
parent4f59eed6eb4c7d4af586b0f6a9c3d4225ba9a8e1commit | diff
Further fixes to the pg_get_expr() security fix in back branches.

It now emerges that the JDBC driver expects to be able to use pg_get_expr()
on an output of a sub-SELECT.  So extend the check logic to be able to recurse
into a sub-SELECT to see if the argument is ultimately coming from an
appropriate column.  Per report from Thomas Kellerer.
src/backend/parser/parse_func.c diff | blob | blame | history
This is the main PostgreSQL git repository.