mirrors/postgres
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix reverse 'if' test in path_is_relative_and_below_cwd(), per Tom.

Browse Source
This commit is contained in:
Bruce Momjian 2011-02-13 00:14:08 -05:00
parent 6c2e734f0a
commit 8e7af60872
3 changed files with 21 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
doc/src/sgml/libpq.sgml
View File

@ -3385,15 +3385,17 @@ size_t PQescapeStringConn(PGconn *conn,
<listitem> <listitem>
<para> <para>
<function>PQescapeString</> is an older, deprecated version of
<function>PQescapeStringConn</>.
<synopsis> <synopsis>
size_t PQescapeString (char *to, const char *from, size_t length); size_t PQescapeString (char *to, const char *from, size_t length);
</synopsis> </synopsis>
</para> </para>
<para> <para>
<function>PQescapeString</> is an older, deprecated version of The only difference from <function>PQescapeStringConn</> is that
<function>PQescapeStringConn</>; the difference is that it does <function>PQescapeString</> does not take <structname>PGconn</>
not take <parameter>conn</> or <parameter>error</> parameters. or <parameter>error</> parameters.
Because of this, it cannot adjust its behavior depending on the Because of this, it cannot adjust its behavior depending on the
connection properties (such as character encoding) and therefore connection properties (such as character encoding) and therefore
<emphasis>it might give the wrong results</>. Also, it has no way <emphasis>it might give the wrong results</>. Also, it has no way
@ -3401,7 +3403,7 @@ size_t PQescapeString (char *to, const char *from, size_t length);
</para> </para>
<para> <para>
<function>PQescapeString</> can be used safely in single-threaded <function>PQescapeString</> can be used safely in
client programs that work with only one <productname>PostgreSQL</> client programs that work with only one <productname>PostgreSQL</>
connection at a time (in this case it can find out what it needs to connection at a time (in this case it can find out what it needs to
know <quote>behind the scenes</>). In other contexts it is a security know <quote>behind the scenes</>). In other contexts it is a security
@ -3433,16 +3435,11 @@ unsigned char *PQescapeByteaConn(PGconn *conn,
</para> </para>
<para> <para>
Certain byte values <emphasis>must</emphasis> be escaped (but all Certain byte values must be escaped when used as part of a
byte values <emphasis>can</emphasis> be escaped) when used as part <type>bytea</type> literal in an <acronym>SQL</acronym> statement.
of a <type>bytea</type> literal in an <acronym>SQL</acronym> <function>PQescapeByteaConn</function> escapes bytes using
statement. In general, to escape a byte, it is converted into the either hex encoding or backslash escaping. See <xref
three digit octal number equal to the octet value, and preceded by linkend="datatype-binary"> for more information.
usually two backslashes. The single quote (<literal>'</>) and backslash
(<literal>\</>) characters have special alternative escape
sequences. See <xref linkend="datatype-binary"> for more
information. <function>PQescapeByteaConn</function> performs this
operation, escaping only the minimally required bytes.
</para> </para>
<para> <para>
@ -3499,20 +3496,13 @@ unsigned char *PQescapeBytea(const unsigned char *from,
<para> <para>
The only difference from <function>PQescapeByteaConn</> is that The only difference from <function>PQescapeByteaConn</> is that
<function>PQescapeBytea</> does not take a <structname>PGconn</> <function>PQescapeBytea</> does not take a <structname>PGconn</>
parameter. Because of this, it cannot adjust its behavior parameter. Because of this, <function>PQescapeBytea</> can
depending on the connection properties (in particular, whether only be used safely in client programs that use a single
standard-conforming strings are enabled) and therefore <productname>PostgreSQL</> connection at a time (in this case
<emphasis>it might give the wrong results</>. Also, it has no it can find out what it needs to know <quote>behind the
way to return an error message on failure. scenes</>). It <emphasis>might give the wrong results</> if
</para> used in programs that use multiple database connections (use
<function>PQescapeByteaConn</> in such cases).
<para>
<function>PQescapeBytea</> can be used safely in single-threaded
client programs that work with only one <productname>PostgreSQL</>
connection at a time (in this case it can find out what it needs
to know <quote>behind the scenes</>). In other contexts it is
a security hazard and should be avoided in favor of
<function>PQescapeByteaConn</>.
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>

3
doc/src/sgml/release-9.0.sgml
View File

@ -2342,7 +2342,8 @@
whether hex or traditional format is used for <type>bytea</> whether hex or traditional format is used for <type>bytea</>
output. Libpq's <function>PQescapeByteaConn()</> function automatically output. Libpq's <function>PQescapeByteaConn()</> function automatically
uses the hex format when connected to <productname>PostgreSQL</> 9.0 uses the hex format when connected to <productname>PostgreSQL</> 9.0
or newer servers. or newer servers. However, pre-9.0 libpq versions will not
correctly process hex format from newer servers.
</para> </para>
<para> <para>

2
src/port/path.c
View File

@ -368,7 +368,7 @@ path_contains_parent_reference(const char *path)
bool bool
path_is_relative_and_below_cwd(const char *path) path_is_relative_and_below_cwd(const char *path)
{ {
if (!is_absolute_path(path)) if (is_absolute_path(path))
return false; return false;
/* don't allow anything above the cwd */ /* don't allow anything above the cwd */
else if (path_contains_parent_reference(path)) else if (path_contains_parent_reference(path))