projects / users / hanada / postgres.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: dbf859c) | patch
Further fixes to the pg_get_expr() security fix in back branches. REL7_4_STABLE
authorTom Lane <[email protected]>
Sat, 25 Sep 2010 19:57:05 +0000 (15:57 -0400)
committerTom Lane <[email protected]>
Sat, 25 Sep 2010 21:01:39 +0000 (17:01 -0400)
commit42c387166d4cd3e7151c88692a157bfe9a621a4d
treeed09a4da8a9950783f9a57bac91309939ef1d6d7tree
parentdbf859c711b3d5981a5343a26a35236511b8d0aacommit | diff
Further fixes to the pg_get_expr() security fix in back branches.

It now emerges that the JDBC driver expects to be able to use pg_get_expr()
on an output of a sub-SELECT.  So extend the check logic to be able to recurse
into a sub-SELECT to see if the argument is ultimately coming from an
appropriate column.  Per report from Thomas Kellerer.
src/backend/parser/parse_func.c diff | blob | blame | history
Hanada's development tree.