Skip to content
Snippets Groups Projects
Select Git revision
  • benchmark-tools
  • postgres-lambda
  • master default
  • REL9_4_25
  • REL9_5_20
  • REL9_6_16
  • REL_10_11
  • REL_11_6
  • REL_12_1
  • REL_12_0
  • REL_12_RC1
  • REL_12_BETA4
  • REL9_4_24
  • REL9_5_19
  • REL9_6_15
  • REL_10_10
  • REL_11_5
  • REL_12_BETA3
  • REL9_4_23
  • REL9_5_18
  • REL9_6_14
  • REL_10_9
  • REL_11_4
23 results

test

  • Clone with SSH
  • Clone with HTTPS
  • user avatar
    Tom Lane authored
    Since the code underlying pg_get_expr() is not secure against malformed
    input, and can't practically be made so, we need to prevent miscreants
    from feeding arbitrary data to it.  We can do this securely by declaring
    pg_get_expr() to take a new datatype "pg_node_tree" and declaring the
    system catalog columns that hold nodeToString output to be of that type.
    There is no way at SQL level to create a non-null value of type pg_node_tree.
    Since the backend-internal operations that fill those catalog columns
    operate below the SQL level, they are oblivious to the datatype relabeling
    and don't need any changes.
    303696c3
    History
    Name Last commit Last update
    ..