doc: Expand on proper use of refint. The security team has received a couple of reports about potential SQL injection via refint's trigger arguments. We discussed this while preparing CVE-2026-6637 and concluded that forcibly quoting these arguments is more likely to break working code than to prevent exploits. Unlike data values, the table/column names come from trigger arguments, and there is little reason for a trigger author to put hostile inputs into those arguments. So, let's document it accordingly.
Reported-by: Nikolay Samokhvalov <[email protected]> Reported-by: Alex Young <[email protected]> Reported-by: Satyanarayana Narlapuram <[email protected]> Suggested-by: Noah Misch <[email protected]> Reviewed-by: Noah Misch <[email protected]> Reviewed-by: Fujii Masao <[email protected]> Reviewed-by: Christoph Berg <[email protected]> Reviewed-by: Satyanarayana Narlapuram <[email protected]> Discussion: https://postgr.es/m/ahXP7z7nsfGPOZ3T%40nathan Backpatch-through: 14 Branch ------ REL_17_STABLE Details ------- https://git.postgresql.org/pg/commitdiff/c0392783c541dac9e1148c5131882612fefaf9dc Modified Files -------------- doc/src/sgml/contrib-spi.sgml | 58 ++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 57 insertions(+), 1 deletion(-)
