Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to content

Commit 6c3690d

Browse files
mhagandermhagander
committed
Don't pass strings directly to errdetail() and errhint() - use
%s to unescape them. Fixes a potential security issue (in as yet unreleased code)
1 parent 284491e commit 6c3690d

File tree

1 file changed

+3
-3
lines changed

1 file changed

+3
-3
lines changed

src/pl/plpgsql/src/pl_exec.c

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@
88
*
99
*
1010
* IDENTIFICATION
11-
* $PostgreSQL: pgsql/src/pl/plpgsql/src/pl_exec.c,v 1.224 2008/11/05 00:07:54 tgl Exp $
11+
* $PostgreSQL: pgsql/src/pl/plpgsql/src/pl_exec.c,v 1.225 2008/11/20 15:36:22 mha Exp $
1212
*
1313
*-------------------------------------------------------------------------
1414
*/
@@ -2538,8 +2538,8 @@ exec_stmt_raise(PLpgSQL_execstate *estate, PLpgSQL_stmt_raise *stmt)
25382538
ereport(stmt->elog_level,
25392539
(err_code ? errcode(err_code) : 0,
25402540
errmsg_internal("%s", err_message),
2541-
(err_detail != NULL) ? errdetail(err_detail) : 0,
2542-
(err_hint != NULL) ? errhint(err_hint) : 0));
2541+
(err_detail != NULL) ? errdetail("%s", err_detail) : 0,
2542+
(err_hint != NULL) ? errhint("%s", err_hint) : 0));
25432543

25442544
estate->err_text = NULL; /* un-suppress... */
25452545

0 commit comments

Comments
 (0)