https://bugs.exim.org/show_bug.cgi?id=1706
Bug ID: 1706
Summary: wrong escaping for PostgreSQL "%" and "_"
Product: Exim
Version: 4.86
Hardware: x86
OS: Linux
Status: NEW
Severity: bug
Priority: medium
Component: Lookups
Assignee: nigel@???
Reporter: exim.org@???
CC: exim-dev@???
When using "_" or "%" characters in lookups to PostgreSQL databases, the
characters are escaped when they shouldn't, thus causing issues with PostgreSQL
9.x (or any version where standard_conforming_strings = on , which has been the
default for quite a few years now)
This issue was already coming up in 2012 on the dev-list:
https://lists.exim.org/lurker/message/20120921.150112.993f28a2.en.html
Using E'' for the queries as suggested in bug 932 is also not a good idea, see
https://lists.exim.org/lurker/message/20120926.153049.a091c952.en.html
And a simple solution was suggested and somehow probably forgotten..:
https://lists.exim.org/lurker/message/20121008.082335.34e66679.en.html
----------------------------
Author: Micha Lenk
Date: 2012-10-08 10:23 +200
To: exim-dev
Subject: Re: [exim-dev] Quoting of percent and underscore pgsql_quote()
Hi Phil,
On 09/27/2012 04:32 AM CEST +02:00, Phil Pennock wrote:
>> So, given that the Perl module DBD::Pg dropped the escaping of these
>> > characters already some years ago (CPAN RT #27538), what are the reasons
>> > to keep this useless escaping of percent and underscore in future Exim code?
> Confirmation that the relevant code change is adequate. :)
>
> So, src/lookups/pgsql.c in function pgsql_quote(), around line 463, you
> should find:
>
> else if (Ustrchr("\n\t\r\b\"\\%_", c) != NULL)
>
> If you remove the % and _ from that string, does that fix the problem
> for you?
>
> By my reading of the code, that's all that's required.
I second that, but also only by reading the code. Once I have time to
actually work on that again, I will try it out and report back my results.
Regards,
Micha
----------------------------
--
You are receiving this mail because:
You are on the CC list for the bug.
