Hi PostgreSQL gurus, hi Olivier, Martin Pitt [2006-06-16 0:15 +0200]: > Upstream confirmed my reply in the last mail in [1]: the complete > escaping logic in DBMirror.pl is seriously screwew. > > [1] http://archives.postgresql.org/pgsql-bugs/2006-06/msg00065.php
I finally found some time to debug this, and I think I found a better patch than the one you proposed. Mine is still hackish and is still a workaround around a proper quoting solution, but at least it repairs the parsing without introducing the \' quoting again. I consider this a band-aid patch to fix the recent security update. PostgreSQL gurus, would you consider applying this until a better solution is found for DBMirror.pl? Olivier, can you please confirm that the patch works for you, too? Thank you, Martin -- Martin Pitt http://www.piware.de Ubuntu Developer http://www.ubuntu.com Debian Developer http://www.debian.org In a world without walls and fences, who needs Windows and Gates?
--- /usr/lib/postgresql/bin/DBMirror.pl 2006-06-27 20:39:34.000000000 +0200
+++ DBMirror.pl 2006-06-27 22:21:05.000000000 +0200
@@ -852,7 +852,7 @@
$matchString = $1;
$value .= substr $matchString,0,length($matchString)-1;
- if($matchString =~ m/(\'$)/s) {
+ if($matchString =~ m/(\'$)/s and (substr
$dataField,length($matchString),1) ne "'") {
# $1 runs to the end of the field value.
$dataField = substr $dataField,length($matchString)+1;
last;
signature.asc
Description: Digital signature
