[exim-dev] [Bug 1706] New: wrong escaping for PostgreSQL "%"…

Startseite
Nachricht löschen
Nachricht beantworten
Autor: admin
Datum:  
To: exim-dev
Betreff: [exim-dev] [Bug 1706] New: wrong escaping for PostgreSQL "%" and "_"
https://bugs.exim.org/show_bug.cgi?id=1706

            Bug ID: 1706
           Summary: wrong escaping for PostgreSQL "%" and "_"
           Product: Exim
           Version: 4.86
          Hardware: x86
                OS: Linux
            Status: NEW
          Severity: bug
          Priority: medium
         Component: Lookups
          Assignee: nigel@???
          Reporter: exim.org@???
                CC: exim-dev@???


When using "_" or "%" characters in lookups to PostgreSQL databases, the
characters are escaped when they shouldn't, thus causing issues with PostgreSQL
9.x (or any version where standard_conforming_strings = on , which has been the
default for quite a few years now)


This issue was already coming up in 2012 on the dev-list:

https://lists.exim.org/lurker/message/20120921.150112.993f28a2.en.html


Using E'' for the queries as suggested in bug 932 is also not a good idea, see

https://lists.exim.org/lurker/message/20120926.153049.a091c952.en.html



And a simple solution was suggested and somehow probably forgotten..:

https://lists.exim.org/lurker/message/20121008.082335.34e66679.en.html

----------------------------

Author: Micha Lenk
Date: 2012-10-08 10:23 +200
To: exim-dev
Subject: Re: [exim-dev] Quoting of percent and underscore pgsql_quote()

Hi Phil,

On 09/27/2012 04:32 AM CEST +02:00, Phil Pennock wrote:
>> So, given that the Perl module DBD::Pg dropped the escaping of these
>> > characters already some years ago (CPAN RT #27538), what are the reasons
>> > to keep this useless escaping of percent and underscore in future Exim code?
> Confirmation that the relevant code change is adequate. :)
>
> So, src/lookups/pgsql.c in function pgsql_quote(), around line 463, you
> should find:
>
> else if (Ustrchr("\n\t\r\b\"\\%_", c) != NULL)
>
> If you remove the % and _ from that string, does that fix the problem
> for you?
>
> By my reading of the code, that's all that's required.


I second that, but also only by reading the code. Once I have time to
actually work on that again, I will try it out and report back my results.

Regards,
Micha
----------------------------

--
You are receiving this mail because:
You are on the CC list for the bug.