Re: syntax error causes crafted data to be executed in shell

Tom Lane wrote:
> I wrote:
> > Still, it looks like it would be relatively easy to suppress evaluation
> > of backticked arguments once we recognize that the backslash command has
> > failed, and I would say that that's a reasonable change to make on the
> > principle of least surprise.
>
> On looking at this further, I wonder if it wouldn't be a good idea for
> a failed backslash command to cause the rest of the input line to be
> discarded.  In the existing coding, if we find another backslash we'll
> try to execute another backslash command, but that seems rather
> considerably likely to be the Wrong Thing instead of the Right Thing.

Tom, would you show an example of the change in behavior? I didn't
understand the details.

--
  Bruce Momjian                        |  http://candle.pha.pa.us
  pgman@candle.pha.pa.us               |  (610) 359-1001
  +  If your life is a hard drive,     |  13 Roberts Road
  +  Christ can be your backup.        |  Newtown Square, Pennsylvania 19073