Bruce Momjian <> writes:
> Here is an updated patch I have just applied (catalog version updated).

Actually, you forgot the catversion bump.

I read over this and fixed most of the problems I could see, but there
is still one left:

     *    Prevent reference to the parent directory.
     *    "..a.." is a valid file name though.
     * XXX this is BROKEN because it fails to prevent "C:.." on Windows.
     * Need access to "skip_drive" functionality to do it right.  (There
     * is no actual security hole because we'll prepend the DataDir below,
     * resulting in a just-plain-broken path, but we should give the right
     * error message instead.)

I'm not sure whether to export skip_drive from path.c or just duplicate
it.  If we do export it, a different name would probably be a good idea,
as it seems too generic for a global symbol.

                        regards, tom lane

---------------------------(end of broadcast)---------------------------
TIP 6: explain analyze is your friend

Reply via email to