Commit Graph

15733 Commits

Author SHA1 Message Date
Barry Lind
acf09c64b0 Sometimes the third time is the charm. Third try to fix the sql injection
vulnerability.  This fix completely removes the ability (hack) of being able
to bind a list of values in an in clause.  It was demonstrated that by allowing
that functionality you open up the possibility for certain types of
sql injection attacks.  The previous fix attempts all focused on preventing
the insertion of additional sql statements (the semi-colon problem:
xxx; any new sql statement here).  But that still left the ability to
change the where clause on the current statement or perform a subselect
which can circumvent applicaiton security logic and/or allow you to call
any stored function.

 Modified Files:
 	jdbc/org/postgresql/jdbc1/AbstractJdbc1Statement.java
2003-08-07 04:03:13 +00:00
Bruce Momjian
f0f137599a Update release items from Tom. 2003-08-07 03:59:25 +00:00
Barry Lind
1d1df53f82 Applied doc patch for the jdbc docs submitted by Nic Ferrier for functionality
he supplied a few months ago, but didn't get around to docing until now.  And
he also added some doc for calling stored functions in general from jdbc that was missing.

 Modified Files:
 	sgml/jdbc.sgml
2003-08-06 23:50:19 +00:00
Bruce Momjian
3efb2af4b6 Add:
> 	o Add ALTER DATABASE ... OWNER TO newowner
2003-08-06 23:36:02 +00:00
Tom Lane
338aa57be0 Rename fields of DestReceiver to avoid collisions with (ill-considered)
macros in some platforms' sys/socket.h.
2003-08-06 17:46:46 +00:00
Tom Lane
d5f7d2c682 Adopt a random backoff algorithm for sleep delays when waiting for a
spinlock.  Per recent pghackers discussion.
2003-08-06 16:43:43 +00:00
Tom Lane
a6672880e1 Fix compiler-detected problem for Alphas: it seems strlen returns
something wider than int on that platform.  Also, remove bogus
assumption that sizeof("INT_MAX") has something to do with the maximum
number of digits in an int.
2003-08-06 15:54:06 +00:00
Teodor Sigaev
8753157739 OpenFTS vs Tsearch2 comment 2003-08-06 14:53:01 +00:00
Teodor Sigaev
d702313f0d Add documentation about ts_debug 2003-08-06 09:41:13 +00:00
Teodor Sigaev
dd2870f76f Add ts_debug function for debugging configurations 2003-08-06 09:19:21 +00:00
Barry Lind
11e9dcc549 Applied patch from kho@redhat.com to fix a problem with trying to use a fetch
when a cursor wasn't being used.

 Modified Files:
 	jdbc/org/postgresql/jdbc1/AbstractJdbc1ResultSet.java
2003-08-06 05:53:13 +00:00
Bruce Momjian
149f01c4d4 Add ecpg thread testing file. 2003-08-06 02:19:51 +00:00
Tom Lane
630684d3a1 Improve documentation of ParseDateTime(). Reorder tests to prevent
writing one more value into return arrays than will fit.  This is
potentially a stack smash, though I do not think it is a problem in
current uses of the routine, since a failure return causes elog anyway.
2003-08-05 18:30:21 +00:00
Tom Lane
9d41073f04 Fix several places where fractional-second inputs were misprocessed
in HAVE_INT64_TIMESTAMP cases, including two potential stack smashes
when more than six fractional digits were supplied.  Per bug report
from Philipp Reisner.
2003-08-05 17:39:19 +00:00
Bruce Momjian
b6f31f08dd Modify:
Prevent interval from supressing ':00' seconds display
2003-08-05 15:31:33 +00:00
Bruce Momjian
0b532c944b Remove Tom mention on array items. 2003-08-05 15:04:16 +00:00
Bruce Momjian
ad2068c2cb Add mention of :00 seconds. 2003-08-05 14:37:49 +00:00
Bruce Momjian
8bf7fffeea Update thread wording. 2003-08-05 14:35:12 +00:00
Bruce Momjian
abb69fbf49 Modify tsearch2 to be Oleg,Teodor 2003-08-05 14:33:30 +00:00
Bruce Momjian
e7e73980e2 Add tsearch2 mention. 2003-08-05 05:07:50 +00:00
Bruce Momjian
1875eb38f4 Add Philip Yarra to threads item, remove my name. 2003-08-05 05:04:50 +00:00
Bruce Momjian
c6a27e0e7c Update release items from Joe Conway. 2003-08-05 05:01:50 +00:00
PostgreSQL Daemon
5b1b5f072d can't mix and match .gz and .bz2 in here ... won't build 2003-08-05 04:55:58 +00:00
PostgreSQL Daemon
1544c8215a seeing if building bz2 distributions actually works ... 2003-08-05 04:40:29 +00:00
PostgreSQL Daemon
56a84dc143 remove src/data from target list 2003-08-05 04:18:51 +00:00
Bruce Momjian
bb31c715be Remove MOVE ALL item. 2003-08-05 03:30:35 +00:00
Tom Lane
2f9c859ea1 Fix some copyright notices that weren't updated. Improve copyright tool
so it won't miss 'em again.
2003-08-04 23:59:41 +00:00
PostgreSQL Daemon
d10146c067 change tag to 7.4beta1 and update the Copyright to 2003
Guess what folks?  We are now in Beta!!
2003-08-04 22:30:30 +00:00
Tom Lane
77489f4523 Update vacuumlo to be properly schema-aware. Improve documentation. 2003-08-04 22:03:39 +00:00
Bruce Momjian
98bf004421 Re-add USE_THREADS, used by ecpg. 2003-08-04 21:26:26 +00:00
Tom Lane
c45b851e37 Fix erroneous direct reference to postgres.tar.gz, per bug report
from Garrick Staples.
2003-08-04 20:52:48 +00:00
Tom Lane
3b29525a79 Sub-Makefiles need to explicitly add CFLAGS_SL to CFLAGS, else their
object files do not get built with -fpic.
2003-08-04 20:34:26 +00:00
Tom Lane
f237a80d8a Fix to build correctly outside source tree. 2003-08-04 19:52:37 +00:00
Tom Lane
17d6721e0b Must print server's failure message before trying reconnect, not after. 2003-08-04 19:10:40 +00:00
Tom Lane
e627dd2db9 Fix pltcl and plpython to support STATEMENT triggers.
Joe Conway
2003-08-04 18:40:50 +00:00
Tom Lane
e8e1d4553c SSL_read/SSL_write do not approximate the return conventions of recv()
and send() very well at all; and in any case we can't use retval==0
for EOF due to race conditions.  Make the same fixes in the backend as
are required in libpq.
2003-08-04 17:58:14 +00:00
Tom Lane
39a9496d51 Fix some more problems with testing error returns from SSL. 2003-08-04 17:25:14 +00:00
Bruce Momjian
5c15cb4752 Fix thread handling in configure. 2003-08-04 16:48:03 +00:00
Tom Lane
963c1fa9d3 Minor cleanups in S_LOCK_TEST code. 2003-08-04 15:28:33 +00:00
Tom Lane
5f6401e2a2 HPUX's horology behavior is OS-dependent, not hardware-dependent. 2003-08-04 15:06:45 +00:00
Teodor Sigaev
d6f0f44b55 make sub-Makefiles in the sub-directories 2003-08-04 14:54:47 +00:00
Teodor Sigaev
8405e505c4 Docs fixes 2003-08-04 14:11:08 +00:00
Peter Eisentraut
fb19e2f41d Translation updates 2003-08-04 14:01:37 +00:00
Peter Eisentraut
3766e99c41 Add a note that AND and OR are commutative. Apparently, they are not in
certain other products.
2003-08-04 14:00:14 +00:00
Tom Lane
4c3c8c048d Remove --enable-recode feature, since it's been broken by IPv6 changes,
and seems to have too few users to justify maintaining.
2003-08-04 04:03:10 +00:00
Bruce Momjian
f3c3deb7d0 Update copyrights to 2003. 2003-08-04 02:40:20 +00:00
Bruce Momjian
19f7ca78cc Fix for 2003 again. 2003-08-04 02:27:25 +00:00
Bruce Momjian
eb20aa9edb Update copyright script for 2003. 2003-08-04 02:22:37 +00:00
Tom Lane
010c6504cb Put back braces removed by pgindent (not really pgindent's fault). 2003-08-04 01:57:58 +00:00
Bruce Momjian
089003fb46 pgindent run. 2003-08-04 00:43:34 +00:00