On 2022-Aug-09, Lukas Fittl wrote: > But I wonder, why do we have an explicit pretty printing flag on these > functions, and PRETTYFLAG_SCHEMA in the code to represent this behavior. > If we don't want pretty printing to affect schema qualification, why > does that flag exist?
Because of CVE-2018-1058. See commit 815172ba8068. I imagine that that commit only touched the minimum necessary to solve the immediate security problem, but that further work is needed to make PRETTYFLAG_SCHEMA become a fully functional gadget; but that would require that the whole of ruleutils.c (and everything downstream from it) behaves sanely. In other words, I think your patch is too small. -- Álvaro Herrera Breisgau, Deutschland — https://www.EnterpriseDB.com/
