From 6c3690d835e3bb7fc86b4f08335cb7a8fd22f4e2 Mon Sep 17 00:00:00 2001
From: Magnus Hagander <magnus@hagander.net>
Date: Thu, 20 Nov 2008 15:36:22 +0000
Subject: [PATCH] Don't pass strings directly to errdetail() and errhint() -
 use %s to unescape them. Fixes a potential security issue (in as yet
 unreleased code)

---
 src/pl/plpgsql/src/pl_exec.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/pl/plpgsql/src/pl_exec.c b/src/pl/plpgsql/src/pl_exec.c
index 1393fb265d1..35cd6cbaff5 100644
--- a/src/pl/plpgsql/src/pl_exec.c
+++ b/src/pl/plpgsql/src/pl_exec.c
@@ -8,7 +8,7 @@
  *
  *
  * IDENTIFICATION
- *	  $PostgreSQL: pgsql/src/pl/plpgsql/src/pl_exec.c,v 1.224 2008/11/05 00:07:54 tgl Exp $
+ *	  $PostgreSQL: pgsql/src/pl/plpgsql/src/pl_exec.c,v 1.225 2008/11/20 15:36:22 mha Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -2538,8 +2538,8 @@ exec_stmt_raise(PLpgSQL_execstate *estate, PLpgSQL_stmt_raise *stmt)
 	ereport(stmt->elog_level,
 			(err_code ? errcode(err_code) : 0,
 			 errmsg_internal("%s", err_message),
-			 (err_detail != NULL) ? errdetail(err_detail) : 0,
-			 (err_hint != NULL) ? errhint(err_hint) : 0));
+			 (err_detail != NULL) ? errdetail("%s", err_detail) : 0,
+			 (err_hint != NULL) ? errhint("%s", err_hint) : 0));
 
 	estate->err_text = NULL;	/* un-suppress... */
 
-- 
GitLab