Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit9b7304b

Browse files
committed
Fix xmlattribute escaping XML special characters twice (bug #4822).
Author: Itagaki Takahiro <itagaki.takahiro@oss.ntt.co.jp>
1 parente343eaa commit9b7304b

File tree

6 files changed

+32
-12
lines changed

6 files changed

+32
-12
lines changed

‎src/backend/executor/execQual.c

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@
88
*
99
*
1010
* IDENTIFICATION
11-
* $PostgreSQL: pgsql/src/backend/executor/execQual.c,v 1.247 2009/06/04 18:33:07 tgl Exp $
11+
* $PostgreSQL: pgsql/src/backend/executor/execQual.c,v 1.248 2009/06/09 22:00:57 petere Exp $
1212
*
1313
*-------------------------------------------------------------------------
1414
*/
@@ -3243,7 +3243,7 @@ ExecEvalXml(XmlExprState *xmlExpr, ExprContext *econtext,
32433243
{
32443244
appendStringInfo(&buf,"<%s>%s</%s>",
32453245
argname,
3246-
map_sql_value_to_xml_value(value,exprType((Node*)e->expr)),
3246+
map_sql_value_to_xml_value(value,exprType((Node*)e->expr), true),
32473247
argname);
32483248
*isNull= false;
32493249
}

‎src/backend/utils/adt/xml.c

Lines changed: 17 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@
77
* Portions Copyright (c) 1996-2009, PostgreSQL Global Development Group
88
* Portions Copyright (c) 1994, Regents of the University of California
99
*
10-
* $PostgreSQL: pgsql/src/backend/utils/adt/xml.c,v 1.89 2009/06/08 21:32:33 petere Exp $
10+
* $PostgreSQL: pgsql/src/backend/utils/adt/xml.c,v 1.90 2009/06/09 22:00:57 petere Exp $
1111
*
1212
*-------------------------------------------------------------------------
1313
*/
@@ -569,7 +569,7 @@ xmlelement(XmlExprState *xmlExpr, ExprContext *econtext)
569569
if (isnull)
570570
str=NULL;
571571
else
572-
str=map_sql_value_to_xml_value(value,exprType((Node*)e->expr));
572+
str=map_sql_value_to_xml_value(value,exprType((Node*)e->expr), false);
573573
named_arg_strings=lappend(named_arg_strings,str);
574574
i++;
575575
}
@@ -587,7 +587,7 @@ xmlelement(XmlExprState *xmlExpr, ExprContext *econtext)
587587
if (!isnull)
588588
{
589589
str=map_sql_value_to_xml_value(value,
590-
exprType((Node*)e->expr));
590+
exprType((Node*)e->expr), true);
591591
arg_strings=lappend(arg_strings,str);
592592
}
593593
}
@@ -1580,9 +1580,18 @@ map_xml_name_to_sql_identifier(char *name)
15801580

15811581
/*
15821582
* Map SQL value to XML value; see SQL/XML:2003 section 9.16.
1583+
*
1584+
* When xml_escape_strings is true, then certain characters in string
1585+
* values are replaced by entity references (&lt; etc.), as specified
1586+
* in SQL/XML:2003 section 9.16 GR 8) ii). This is normally what is
1587+
* wanted. The false case is mainly useful when the resulting value
1588+
* is used with xmlTextWriterWriteAttribute() to write out an
1589+
* attribute, because that function does the escaping itself. The SQL
1590+
* standard of 2003 is somewhat buggy in this regard, so we do our
1591+
* best to make sense.
15831592
*/
15841593
char*
1585-
map_sql_value_to_xml_value(Datumvalue,Oidtype)
1594+
map_sql_value_to_xml_value(Datumvalue,Oidtype,boolxml_escape_strings)
15861595
{
15871596
StringInfoDatabuf;
15881597

@@ -1616,7 +1625,7 @@ map_sql_value_to_xml_value(Datum value, Oid type)
16161625
appendStringInfoString(&buf,"<element>");
16171626
appendStringInfoString(&buf,
16181627
map_sql_value_to_xml_value(elem_values[i],
1619-
elmtype));
1628+
elmtype, true));
16201629
appendStringInfoString(&buf,"</element>");
16211630
}
16221631

@@ -1774,8 +1783,8 @@ map_sql_value_to_xml_value(Datum value, Oid type)
17741783
getTypeOutputInfo(type,&typeOut,&isvarlena);
17751784
str=OidOutputFunctionCall(typeOut,value);
17761785

1777-
/* ... exactly as-is for XML */
1778-
if (type==XMLOID)
1786+
/* ... exactly as-is for XML, and when escaping is not wanted */
1787+
if (type==XMLOID|| !xml_escape_strings)
17791788
returnstr;
17801789

17811790
/* otherwise, translate special characters as needed */
@@ -3183,7 +3192,7 @@ SPI_sql_row_to_xmlelement(int rownum, StringInfo result, char *tablename,
31833192
appendStringInfo(result," <%s>%s</%s>\n",
31843193
colname,
31853194
map_sql_value_to_xml_value(colval,
3186-
SPI_gettypeid(SPI_tuptable->tupdesc,i)),
3195+
SPI_gettypeid(SPI_tuptable->tupdesc,i), true),
31873196
colname);
31883197
}
31893198

‎src/include/utils/xml.h

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@
77
* Portions Copyright (c) 1996-2009, PostgreSQL Global Development Group
88
* Portions Copyright (c) 1994, Regents of the University of California
99
*
10-
* $PostgreSQL: pgsql/src/include/utils/xml.h,v 1.26 2009/05/13 20:27:17 tgl Exp $
10+
* $PostgreSQL: pgsql/src/include/utils/xml.h,v 1.27 2009/06/09 22:00:57 petere Exp $
1111
*
1212
*-------------------------------------------------------------------------
1313
*/
@@ -73,7 +73,7 @@ extern text *xmltotext_with_xmloption(xmltype *data, XmlOptionType xmloption_arg
7373

7474
externchar*map_sql_identifier_to_xml_name(char*ident,boolfully_escaped,boolescape_period);
7575
externchar*map_xml_name_to_sql_identifier(char*name);
76-
externchar*map_sql_value_to_xml_value(Datumvalue,Oidtype);
76+
externchar*map_sql_value_to_xml_value(Datumvalue,Oidtype,boolxml_escape_strings);
7777

7878
typedefenum
7979
{

‎src/test/regress/expected/xml.out

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -188,6 +188,12 @@ SELECT xmlelement(name foo, xmlattributes('2009-04-09 00:24:37'::timestamp as ba
188188
SELECT xmlelement(name foo, xmlattributes('infinity'::timestamp as bar));
189189
ERROR: timestamp out of range
190190
DETAIL: XML does not support infinite timestamp values.
191+
SELECT xmlelement(name foo, xmlattributes('<>&"''' as funny, xml 'b<a/>r' as funnier));
192+
xmlelement
193+
------------------------------------------------------------
194+
<foo funny="&lt;&gt;&amp;&quot;'" funnier="b&lt;a/&gt;r"/>
195+
(1 row)
196+
191197
SELECT xmlparse(content 'abc');
192198
xmlparse
193199
----------

‎src/test/regress/expected/xml_1.out

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -160,6 +160,10 @@ SELECT xmlelement(name foo, xmlattributes('infinity'::timestamp as bar));
160160
ERROR: unsupported XML feature
161161
DETAIL: This functionality requires the server to be built with libxml support.
162162
HINT: You need to rebuild PostgreSQL using --with-libxml.
163+
SELECT xmlelement(name foo, xmlattributes('<>&"''' as funny, xml 'b<a/>r' as funnier));
164+
ERROR: unsupported XML feature
165+
DETAIL: This functionality requires the server to be built with libxml support.
166+
HINT: You need to rebuild PostgreSQL using --with-libxml.
163167
SELECT xmlparse(content 'abc');
164168
ERROR: unsupported XML feature
165169
DETAIL: This functionality requires the server to be built with libxml support.

‎src/test/regress/sql/xml.sql

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -57,6 +57,7 @@ SELECT xmlelement(name foo, bytea 'bar');
5757
SELECT xmlelement(name foo, xmlattributes(trueas bar));
5858
SELECT xmlelement(name foo, xmlattributes('2009-04-09 00:24:37'::timestampas bar));
5959
SELECT xmlelement(name foo, xmlattributes('infinity'::timestampas bar));
60+
SELECT xmlelement(name foo, xmlattributes('<>&"'''as funny, xml'b<a/>r'as funnier));
6061

6162

6263
SELECT xmlparse(content'abc');

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp