From a7aa0b818970579238e1424a81363eeb3c0b358c Mon Sep 17 00:00:00 2001 From: Bruce Momjian <bruce@momjian.us> Date: Thu, 6 Jul 2006 01:57:25 +0000 Subject: [PATCH] Backpatch dbmirror fix for escape handling. > Upstream confirmed my reply in the last mail in [1]: the complete > escaping logic in DBMirror.pl is seriously screwew. > > [1] http://archives.postgresql.org/pgsql-bugs/2006-06/msg00065.php I finally found some time to debug this, and I think I found a better patch than the one you proposed. Mine is still hackish and is still a workaround around a proper quoting solution, but at least it repairs the parsing without introducing the \' quoting again. I consider this a band-aid patch to fix the recent security update. PostgreSQL gurus, would you consider applying this until a better solution is found for DBMirror.pl? Olivier, can you please confirm that the patch works for you, too? Backpatched to 8.0.X. Martin Pitt --- contrib/dbmirror/DBMirror.pl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/contrib/dbmirror/DBMirror.pl b/contrib/dbmirror/DBMirror.pl index 11a4b29554..c46a3597ff 100755 --- a/contrib/dbmirror/DBMirror.pl +++ b/contrib/dbmirror/DBMirror.pl @@ -33,7 +33,7 @@ # # ############################################################################## -# $PostgreSQL: pgsql/contrib/dbmirror/DBMirror.pl,v 1.11 2006/05/19 02:38:47 momjian Exp $ +# $PostgreSQL: pgsql/contrib/dbmirror/DBMirror.pl,v 1.12 2006/07/06 01:57:25 momjian Exp $ # ############################################################################## @@ -907,7 +907,7 @@ sub extractData($$) { $matchString = $1; $value .= substr $matchString,0,length($matchString)-1; - if($matchString =~ m/(\'$)/s) { + if($matchString =~ m/(\'$)/s and (substr $dataField,length($matchString),1) ne "'") { # $1 runs to the end of the field value. $dataField = substr $dataField,length($matchString)+1; last; -- 2.24.1