[COMMITTERS] pgsql: Don't pass strings directly to errdetail() and errhint() - use %s

Thu, 20 Nov 2008 07:36:38 -0800 

Log Message:
-----------
Don't pass strings directly to errdetail() and errhint() - use
%s to unescape them. Fixes a potential security issue (in as yet
unreleased code)

Modified Files:
--------------
    pgsql/src/pl/plpgsql/src:
        pl_exec.c (r1.224 -> r1.225)
        
(http://anoncvs.postgresql.org/cvsweb.cgi/pgsql/src/pl/plpgsql/src/pl_exec.c?r1=1.224&r2=1.225)

-- 
Sent via pgsql-committers mailing list ([email protected])
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-committers

Reply via email to