Bruce Momjian <pgman@candle.pha.pa.us> writes:
> Here is an updated patch I have just applied (catalog version updated).
Actually, you forgot the catversion bump.
I read over this and fixed most of the problems I could see, but there
is still one left:
/*
* Prevent reference to the parent directory.
* "..a.." is a valid file name though.
*
* XXX this is BROKEN because it fails to prevent "C:.." on Windows.
* Need access to "skip_drive" functionality to do it right. (There
* is no actual security hole because we'll prepend the DataDir below,
* resulting in a just-plain-broken path, but we should give the right
* error message instead.)
*/
I'm not sure whether to export skip_drive from path.c or just duplicate
it. If we do export it, a different name would probably be a good idea,
as it seems too generic for a global symbol.
regards, tom lane
---------------------------(end of broadcast)---------------------------
TIP 6: explain analyze is your friend
