Don't pass strings directly to errdetail() and errhint() - use

%s to unescape them. Fixes a potential security issue (in as yet unreleased code)
2025-02-05 19:09:58 +08:00 · 2008-11-20 15:36:22 +00:00 · 2008-11-20 15:36:22 +00:00 · 6c3690d835
commit 6c3690d835
parent 284491ee71
1 changed files with 3 additions and 3 deletions
--- a/src/pl/plpgsql/src/pl_exec.c
+++ b/src/pl/plpgsql/src/pl_exec.c
@ -8,7 +8,7 @@
 *
 *
 * IDENTIFICATION
- *	  $PostgreSQL: pgsql/src/pl/plpgsql/src/pl_exec.c,v 1.224 2008/11/05 00:07:54 tgl Exp $
+ *	  $PostgreSQL: pgsql/src/pl/plpgsql/src/pl_exec.c,v 1.225 2008/11/20 15:36:22 mha Exp $
 *
 *-------------------------------------------------------------------------
 */
@ -2538,8 +2538,8 @@ exec_stmt_raise(PLpgSQL_execstate *estate, PLpgSQL_stmt_raise *stmt)
 	ereport(stmt->elog_level,
 			(err_code ? errcode(err_code) : 0,
 			 errmsg_internal("%s", err_message),
-			 (err_detail != NULL) ? errdetail(err_detail) : 0,
-			 (err_hint != NULL) ? errhint(err_hint) : 0));
+			 (err_detail != NULL) ? errdetail("%s", err_detail) : 0,
+			 (err_hint != NULL) ? errhint("%s", err_hint) : 0));

 	estate->err_text = NULL;	/* un-suppress... */