upstream/postgresql
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2026-02-28 12:20:43 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
postgresql/src
History
Tomas Vondra dbf5a83d46 Schema-qualify unnest() in ALTER DATABASE ... RESET 
Commit 9df8727c50 failed to schema-quality the unnest() call in the
query used to list the variables in ALTER DATABASE ... RESET. If there's
another unnest() function in the search_path, this could cause either
failures, or even security issues (when the tab-completion gets used by
privileged accounts).

Report and fix by Dagfinn Ilmari Mannsåker. Backpatch to 18, same as
9df8727c50.

Author: Dagfinn Ilmari Mannsåker <ilmari@ilmari.org>
Reviewed-by: jian he <jian.universality@gmail.com>
Discussion: https://postgr.es/m/87qzyghw2x.fsf%40wibble.ilmari.org
Discussion: https://postgr.es/m/87tt4lumqz.fsf%40wibble.ilmari.org
Backpatch-through: 18
2025-07-31 16:04:06 +02:00
..
backend Rename CachedPlanType to PlannedStmtOrigin for PlannedStmt 2025-07-31 10:06:34 +09:00
bin Schema-qualify unnest() in ALTER DATABASE ... RESET 2025-07-31 16:04:06 +02:00
common Don't put library-supplied -L/-I switches before user-supplied ones. 2025-07-29 15:17:40 -04:00
fe_utils Fix bug in archive streamer with LZ4 decompression 2025-07-02 13:48:36 +09:00
include Rename CachedPlanType to PlannedStmtOrigin for PlannedStmt 2025-07-31 10:06:34 +09:00
interfaces Don't put library-supplied -L/-I switches before user-supplied ones. 2025-07-29 15:17:40 -04:00
makefiles meson: Increase minimum version to 0.57.2 2025-07-02 11:14:53 +02:00
pl Don't put library-supplied -L/-I switches before user-supplied ones. 2025-07-29 15:17:40 -04:00
port Use strchr instead of strstr for single-char lookups 2025-07-23 12:02:55 +12:00
template thread-safety: gmtime_r(), localtime_r() 2024-08-23 07:43:04 +02:00
test Sort dump objects independent of OIDs, for the 7 holdout object types. 2025-07-31 06:37:56 -07:00
timezone Update time zone data files to tzdata release 2025b. 2025-04-30 11:13:49 -04:00
tools Rename CachedPlanType to PlannedStmtOrigin for PlannedStmt 2025-07-31 10:06:34 +09:00
tutorial Doc: simplify the tutorial's window-function examples. 2025-01-21 14:43:21 -05:00
.gitignore
DEVELOPERS
Makefile Remove distprep 2023-11-06 15:18:04 +01:00
Makefile.global.in Don't put library-supplied -L/-I switches before user-supplied ones. 2025-07-29 15:17:40 -04:00
Makefile.shlib Use exported symbols list on macOS for loadable modules as well 2025-06-10 07:04:43 +02:00
meson.build Update copyright for 2025 2025-01-01 11:21:55 -05:00
nls-global.mk Remove distprep 2023-11-06 15:18:04 +01:00