Don't pass strings directly to errdetail() and errhint() - use

%s to unescape them. Fixes a potential security issue (in as yet unreleased code)

Don't pass strings directly to errdetail() and errhint() - use
%s to unescape them. Fixes a potential security issue (in as yet unreleased code)
6c3690d8 · Magnus Hagander · 284491ee · 6c3690d8
Commit 6c3690d8 authored Nov 20, 2008 by Magnus Hagander
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 3 deletions

src/pl/plpgsql/src/pl_exec.c src/pl/plpgsql/src/pl_exec.c +3 -3

No files found.
--- a/src/pl/plpgsql/src/pl_exec.c
+++ b/src/pl/plpgsql/src/pl_exec.c
@@ -8,7 +8,7 @@
 *
 *
 * IDENTIFICATION
- *	  $PostgreSQL: pgsql/src/pl/plpgsql/src/pl_exec.c,v 1.224 2008/11/05 00:07:54 tgl Exp $
+ *	  $PostgreSQL: pgsql/src/pl/plpgsql/src/pl_exec.c,v 1.225 2008/11/20 15:36:22 mha Exp $
 *
 *-------------------------------------------------------------------------
 */
@@ -2538,8 +2538,8 @@ exec_stmt_raise(PLpgSQL_execstate *estate, PLpgSQL_stmt_raise *stmt)
 	ereport(stmt->elog_level,
 			(err_code ? errcode(err_code) : 0,
 			 errmsg_internal("%s", err_message),
-			 (err_detail != NULL) ? errdetail(err_detail) : 0,
-			 (err_hint != NULL) ? errhint(err_hint) : 0));
+			 (err_detail != NULL) ? errdetail("%s", err_detail) : 0,
+			 (err_hint != NULL) ? errhint("%s", err_hint) : 0));

 	estate->err_text = NULL;	/* un-suppress... */