Use @extschema:name@ notation in contrib transform modules. Harden hstore_plperl, hstore_plpython, and ltree_plpython against search-path-based attacks by using @extschema:name@ notation to refer to the underlying hstore or ltree data type.
This allows removal of the previous documentation warning suggesting that they must be installed in the same schema as the underlying data type. In passing, also improve a para in extend.sgml to suggest using @extschema:name@ for such purposes. Discussion: https://postgr.es/m/692480.1736021...@sss.pgh.pa.us Branch ------ master Details ------- https://git.postgresql.org/pg/commitdiff/bebe9040388bb2292585eab712fe4d29a71843fb Modified Files -------------- contrib/hstore_plperl/hstore_plperl--1.0.sql | 4 ++-- contrib/hstore_plperl/hstore_plperlu--1.0.sql | 4 ++-- contrib/hstore_plpython/hstore_plpython3u--1.0.sql | 6 +++--- contrib/ltree_plpython/ltree_plpython3u--1.0.sql | 2 +- doc/src/sgml/extend.sgml | 14 +++++--------- doc/src/sgml/hstore.sgml | 9 --------- doc/src/sgml/ltree.sgml | 9 --------- 7 files changed, 13 insertions(+), 35 deletions(-)
