Michael Meskes <[EMAIL PROTECTED]> wrote: > > I found bug in ecpg concerning processing of the multi-byte character-code. > > I reported as bug#2956 before. > > I'm just committing the changes to CVS but only to HEAD because I cannot > check if my changes broke something. The sources work fine on my system > and the regression tests pass without a problem. But then I do not have > a setup similar to yours. Could you please test this?
Advertising
I tested the change and it worked fine, but I found that this fix should be backported -- it might cause SQL injections depending on the server configurations. The attached patches are backports for the past releases. I hope you will apply them. Thanks. [TEST] 1. initdb --no-locale --encoding=UTF8 2. SET client_encoding = sjis in postgresql.conf 3. ecpg test.pgc 4. gcc test.c 5. test < src.sjis.txt [RESULTS] The first charactor is a Japanese kanji. (0x95+0x5c) -- 8.3dev 表'; SELECT 9999;-- -- 8.2.3 : backslash_quote = safe_encoding sql error 'unsafe use of \' in a string literal' in line 21. -- 8.2.3 : backslash_quote = on (SQL injection!) 9999 -- 8.2.3 with patch : backslash_quote = safe_encoding 表'; SELECT 9999;-- Regards, --- ITAGAKI Takahiro NTT Open Source Software Center
test.pgc
Description: Binary data
src.sjis.txt
Description: Binary data
ecpg-quote_8.0.11-7.4.10.diff
Description: Binary data
ecpg-quote_8.1.7.diff
Description: Binary data
ecpg-quote_8.2.3.diff
Description: Binary data
---------------------------(end of broadcast)--------------------------- TIP 6: explain analyze is your friend
