Re: syntax error causes crafted data to be executed in shell
| От | Tom Lane |
|---|---|
| Тема | Re: syntax error causes crafted data to be executed in shell |
| Дата | |
| Msg-id | 24835.1103323066@sss.pgh.pa.us обсуждение исходный текст |
| Ответ на | Re: syntax error causes crafted data to be executed in shell (Tom Lane <tgl@sss.pgh.pa.us>) |
| Ответы |
Re: syntax error causes crafted data to be executed in shell
Re: syntax error causes crafted data to be executed in shell |
| Список | pgsql-bugs |
I wrote:
> Still, it looks like it would be relatively easy to suppress evaluation
> of backticked arguments once we recognize that the backslash command has
> failed, and I would say that that's a reasonable change to make on the
> principle of least surprise.
On looking at this further, I wonder if it wouldn't be a good idea for
a failed backslash command to cause the rest of the input line to be
discarded. In the existing coding, if we find another backslash we'll
try to execute another backslash command, but that seems rather
considerably likely to be the Wrong Thing instead of the Right Thing.
Thoughts?
regards, tom lane
В списке pgsql-bugs по дате отправления: