Barry Lind
acf09c64b0
Sometimes the third time is the charm. Third try to fix the sql injection
...
vulnerability. This fix completely removes the ability (hack) of being able
to bind a list of values in an in clause. It was demonstrated that by allowing
that functionality you open up the possibility for certain types of
sql injection attacks. The previous fix attempts all focused on preventing
the insertion of additional sql statements (the semi-colon problem:
xxx; any new sql statement here). But that still left the ability to
change the where clause on the current statement or perform a subselect
which can circumvent applicaiton security logic and/or allow you to call
any stored function.
Modified Files:
jdbc/org/postgresql/jdbc1/AbstractJdbc1Statement.java
2003-08-07 04:03:13 +00:00
Bruce Momjian
f0f137599a
Update release items from Tom.
2003-08-07 03:59:25 +00:00
Barry Lind
1d1df53f82
Applied doc patch for the jdbc docs submitted by Nic Ferrier for functionality
...
he supplied a few months ago, but didn't get around to docing until now. And
he also added some doc for calling stored functions in general from jdbc that was missing.
Modified Files:
sgml/jdbc.sgml
2003-08-06 23:50:19 +00:00
Bruce Momjian
3efb2af4b6
Add:
...
> o Add ALTER DATABASE ... OWNER TO newowner
2003-08-06 23:36:02 +00:00
Tom Lane
338aa57be0
Rename fields of DestReceiver to avoid collisions with (ill-considered)
...
macros in some platforms' sys/socket.h.
2003-08-06 17:46:46 +00:00
Tom Lane
d5f7d2c682
Adopt a random backoff algorithm for sleep delays when waiting for a
...
spinlock. Per recent pghackers discussion.
2003-08-06 16:43:43 +00:00
Tom Lane
a6672880e1
Fix compiler-detected problem for Alphas: it seems strlen returns
...
something wider than int on that platform. Also, remove bogus
assumption that sizeof("INT_MAX") has something to do with the maximum
number of digits in an int.
2003-08-06 15:54:06 +00:00
Teodor Sigaev
8753157739
OpenFTS vs Tsearch2 comment
2003-08-06 14:53:01 +00:00
Teodor Sigaev
d702313f0d
Add documentation about ts_debug
2003-08-06 09:41:13 +00:00
Teodor Sigaev
dd2870f76f
Add ts_debug function for debugging configurations
2003-08-06 09:19:21 +00:00
Barry Lind
11e9dcc549
Applied patch from kho@redhat.com to fix a problem with trying to use a fetch
...
when a cursor wasn't being used.
Modified Files:
jdbc/org/postgresql/jdbc1/AbstractJdbc1ResultSet.java
2003-08-06 05:53:13 +00:00
Bruce Momjian
149f01c4d4
Add ecpg thread testing file.
2003-08-06 02:19:51 +00:00
Tom Lane
630684d3a1
Improve documentation of ParseDateTime(). Reorder tests to prevent
...
writing one more value into return arrays than will fit. This is
potentially a stack smash, though I do not think it is a problem in
current uses of the routine, since a failure return causes elog anyway.
2003-08-05 18:30:21 +00:00
Tom Lane
9d41073f04
Fix several places where fractional-second inputs were misprocessed
...
in HAVE_INT64_TIMESTAMP cases, including two potential stack smashes
when more than six fractional digits were supplied. Per bug report
from Philipp Reisner.
2003-08-05 17:39:19 +00:00
Bruce Momjian
b6f31f08dd
Modify:
...
Prevent interval from supressing ':00' seconds display
2003-08-05 15:31:33 +00:00
Bruce Momjian
0b532c944b
Remove Tom mention on array items.
2003-08-05 15:04:16 +00:00
Bruce Momjian
ad2068c2cb
Add mention of :00 seconds.
2003-08-05 14:37:49 +00:00
Bruce Momjian
8bf7fffeea
Update thread wording.
2003-08-05 14:35:12 +00:00
Bruce Momjian
abb69fbf49
Modify tsearch2 to be Oleg,Teodor
2003-08-05 14:33:30 +00:00
Bruce Momjian
e7e73980e2
Add tsearch2 mention.
2003-08-05 05:07:50 +00:00
Bruce Momjian
1875eb38f4
Add Philip Yarra to threads item, remove my name.
2003-08-05 05:04:50 +00:00
Bruce Momjian
c6a27e0e7c
Update release items from Joe Conway.
2003-08-05 05:01:50 +00:00
PostgreSQL Daemon
5b1b5f072d
can't mix and match .gz and .bz2 in here ... won't build
2003-08-05 04:55:58 +00:00
PostgreSQL Daemon
1544c8215a
seeing if building bz2 distributions actually works ...
2003-08-05 04:40:29 +00:00
PostgreSQL Daemon
56a84dc143
remove src/data from target list
2003-08-05 04:18:51 +00:00
Bruce Momjian
bb31c715be
Remove MOVE ALL item.
2003-08-05 03:30:35 +00:00
Tom Lane
2f9c859ea1
Fix some copyright notices that weren't updated. Improve copyright tool
...
so it won't miss 'em again.
2003-08-04 23:59:41 +00:00
PostgreSQL Daemon
d10146c067
change tag to 7.4beta1 and update the Copyright to 2003
...
Guess what folks? We are now in Beta!!
2003-08-04 22:30:30 +00:00
Tom Lane
77489f4523
Update vacuumlo to be properly schema-aware. Improve documentation.
2003-08-04 22:03:39 +00:00
Bruce Momjian
98bf004421
Re-add USE_THREADS, used by ecpg.
2003-08-04 21:26:26 +00:00
Tom Lane
c45b851e37
Fix erroneous direct reference to postgres.tar.gz, per bug report
...
from Garrick Staples.
2003-08-04 20:52:48 +00:00
Tom Lane
3b29525a79
Sub-Makefiles need to explicitly add CFLAGS_SL to CFLAGS, else their
...
object files do not get built with -fpic.
2003-08-04 20:34:26 +00:00
Tom Lane
f237a80d8a
Fix to build correctly outside source tree.
2003-08-04 19:52:37 +00:00
Tom Lane
17d6721e0b
Must print server's failure message before trying reconnect, not after.
2003-08-04 19:10:40 +00:00
Tom Lane
e627dd2db9
Fix pltcl and plpython to support STATEMENT triggers.
...
Joe Conway
2003-08-04 18:40:50 +00:00
Tom Lane
e8e1d4553c
SSL_read/SSL_write do not approximate the return conventions of recv()
...
and send() very well at all; and in any case we can't use retval==0
for EOF due to race conditions. Make the same fixes in the backend as
are required in libpq.
2003-08-04 17:58:14 +00:00
Tom Lane
39a9496d51
Fix some more problems with testing error returns from SSL.
2003-08-04 17:25:14 +00:00
Bruce Momjian
5c15cb4752
Fix thread handling in configure.
2003-08-04 16:48:03 +00:00
Tom Lane
963c1fa9d3
Minor cleanups in S_LOCK_TEST code.
2003-08-04 15:28:33 +00:00
Tom Lane
5f6401e2a2
HPUX's horology behavior is OS-dependent, not hardware-dependent.
2003-08-04 15:06:45 +00:00
Teodor Sigaev
d6f0f44b55
make sub-Makefiles in the sub-directories
2003-08-04 14:54:47 +00:00
Teodor Sigaev
8405e505c4
Docs fixes
2003-08-04 14:11:08 +00:00
Peter Eisentraut
fb19e2f41d
Translation updates
2003-08-04 14:01:37 +00:00
Peter Eisentraut
3766e99c41
Add a note that AND and OR are commutative. Apparently, they are not in
...
certain other products.
2003-08-04 14:00:14 +00:00
Tom Lane
4c3c8c048d
Remove --enable-recode feature, since it's been broken by IPv6 changes,
...
and seems to have too few users to justify maintaining.
2003-08-04 04:03:10 +00:00
Bruce Momjian
f3c3deb7d0
Update copyrights to 2003.
2003-08-04 02:40:20 +00:00
Bruce Momjian
19f7ca78cc
Fix for 2003 again.
2003-08-04 02:27:25 +00:00
Bruce Momjian
eb20aa9edb
Update copyright script for 2003.
2003-08-04 02:22:37 +00:00
Tom Lane
010c6504cb
Put back braces removed by pgindent (not really pgindent's fault).
2003-08-04 01:57:58 +00:00
Bruce Momjian
089003fb46
pgindent run.
2003-08-04 00:43:34 +00:00