Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit58a2dbc

Browse files
committed
Fix initdb to properly escape quotes and backslashes in the supplied
superuser password, and also in the paths of the various files it issuesSQL COPY commands for. Per bug #2424.
1 parent0780ce6 commit58a2dbc

File tree

1 file changed

+26
-19
lines changed

1 file changed

+26
-19
lines changed

‎src/bin/initdb/initdb.c

Lines changed: 26 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -42,7 +42,7 @@
4242
* Portions Copyright (c) 1994, Regents of the University of California
4343
* Portions taken from FreeBSD.
4444
*
45-
* $PostgreSQL: pgsql/src/bin/initdb/initdb.c,v 1.115 2006/05/26 23:48:54 momjian Exp $
45+
* $PostgreSQL: pgsql/src/bin/initdb/initdb.c,v 1.116 2006/05/27 18:07:06 tgl Exp $
4646
*
4747
*-------------------------------------------------------------------------
4848
*/
@@ -1222,20 +1222,20 @@ setup_config(void)
12221222
conflines=replace_token(conflines,"#port = 5432",repltok);
12231223
#endif
12241224

1225-
lc_messages=escape_quotes(lc_messages);
1226-
snprintf(repltok,sizeof(repltok),"lc_messages = '%s'",lc_messages);
1225+
snprintf(repltok,sizeof(repltok),"lc_messages ='%s'",
1226+
escape_quotes(lc_messages));
12271227
conflines=replace_token(conflines,"#lc_messages = 'C'",repltok);
12281228

1229-
lc_monetary=escape_quotes(lc_monetary);
1230-
snprintf(repltok,sizeof(repltok),"lc_monetary = '%s'",lc_monetary);
1229+
snprintf(repltok,sizeof(repltok),"lc_monetary ='%s'",
1230+
escape_quotes(lc_monetary));
12311231
conflines=replace_token(conflines,"#lc_monetary = 'C'",repltok);
12321232

1233-
lc_numeric=escape_quotes(lc_numeric);
1234-
snprintf(repltok,sizeof(repltok),"lc_numeric = '%s'",lc_numeric);
1233+
snprintf(repltok,sizeof(repltok),"lc_numeric ='%s'",
1234+
escape_quotes(lc_numeric));
12351235
conflines=replace_token(conflines,"#lc_numeric = 'C'",repltok);
12361236

1237-
lc_time=escape_quotes(lc_time);
1238-
snprintf(repltok,sizeof(repltok),"lc_time = '%s'",lc_time);
1237+
snprintf(repltok,sizeof(repltok),"lc_time ='%s'",
1238+
escape_quotes(lc_time));
12391239
conflines=replace_token(conflines,"#lc_time = 'C'",repltok);
12401240

12411241
switch (locale_date_order(lc_time)) {
@@ -1541,8 +1541,8 @@ get_set_pwd(void)
15411541

15421542
PG_CMD_OPEN;
15431543

1544-
PG_CMD_PRINTF2("ALTER USER \"%s\" WITH PASSWORD '%s';\n",
1545-
username,pwd1);
1544+
PG_CMD_PRINTF2("ALTER USER \"%s\" WITH PASSWORDE'%s';\n",
1545+
username,escape_quotes(pwd1));
15461546

15471547
PG_CMD_CLOSE;
15481548

@@ -1740,8 +1740,8 @@ setup_description(void)
17401740
"objsubid int4, "
17411741
"description text) WITHOUT OIDS;\n");
17421742

1743-
PG_CMD_PRINTF1("COPY tmp_pg_description FROM '%s';\n",
1744-
desc_file);
1743+
PG_CMD_PRINTF1("COPY tmp_pg_description FROME'%s';\n",
1744+
escape_quotes(desc_file));
17451745

17461746
PG_CMD_PUTS("INSERT INTO pg_description "
17471747
" SELECT t.objoid, c.oid, t.objsubid, t.description "
@@ -1753,8 +1753,8 @@ setup_description(void)
17531753
" classname name, "
17541754
" description text) WITHOUT OIDS;\n");
17551755

1756-
PG_CMD_PRINTF1("COPY tmp_pg_shdescription FROM '%s';\n",
1757-
shdesc_file);
1756+
PG_CMD_PRINTF1("COPY tmp_pg_shdescription FROME'%s';\n",
1757+
escape_quotes(shdesc_file));
17581758

17591759
PG_CMD_PUTS("INSERT INTO pg_shdescription "
17601760
" SELECT t.objoid, c.oid, t.description "
@@ -1925,8 +1925,8 @@ setup_schema(void)
19251925
PG_CMD_PRINTF1("COPY information_schema.sql_features "
19261926
" (feature_id, feature_name, sub_feature_id, "
19271927
" sub_feature_name, is_supported, comments) "
1928-
" FROM '%s';\n",
1929-
features_file);
1928+
" FROME'%s';\n",
1929+
escape_quotes(features_file));
19301930

19311931
PG_CMD_CLOSE;
19321932

@@ -2103,8 +2103,15 @@ check_ok(void)
21032103
}
21042104

21052105
/*
2106-
* Escape any single quotes or backslashes in given string;
2107-
* postgresql.conf always enables backslash escapes
2106+
* Escape (by doubling) any single quotes or backslashes in given string
2107+
*
2108+
* Note: this is used to process both postgresql.conf entries and SQL
2109+
* string literals. Since postgresql.conf strings are defined to treat
2110+
* backslashes as escapes, we have to double backslashes here. Hence,
2111+
* when using this for a SQL string literal, use E'' syntax.
2112+
*
2113+
* We do not need to worry about encoding considerations because all
2114+
* valid backend encodings are ASCII-safe.
21082115
*/
21092116
staticchar*
21102117
escape_quotes(constchar*src)

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp