The situation seems to be a bug that this patch would address. It seems to
me that when a username is considered unsafe due to containing double
quotes, the double quotes should be escaped (and the backslashes)!
Does this look alright?
Chris
Index: src/backend/utils/adt/acl.c
===================================================================
RCS file: /projects/cvsroot/pgsql-server/src/backend/utils/adt/acl.c,v
retrieving revision 1.94
diff -c -r1.94 acl.c
*** src/backend/utils/adt/acl.c 4 Aug 2003 02:40:04 -0000 1.94
--- src/backend/utils/adt/acl.c 8 Aug 2003 09:03:19 -0000
***************
*** 124,131 ****
}
if (!safe)
*p++ = '"';
! for (src = s; *src; src++)
*p++ = *src;
if (!safe)
*p++ = '"';
*p = '\0';
--- 124,134 ----
}
if (!safe)
*p++ = '"';
! for (src = s; *src; src++) {
! if (!safe && (*src == '"' || *src == '\\'))
! *p++ = '\\';
*p++ = *src;
+ }
if (!safe)
*p++ = '"';
*p = '\0';
---------------------------(end of broadcast)---------------------------
TIP 6: Have you searched our list archives?
http://archives.postgresql.org
