> > Oops. How about: > > > > foo'; DROP TABLE t1; -- foo > > > > The last ' gets removed, leaving -- (81a2). > > > > So you get: > > select ... '(0x81a2)'; DROP TABLE t1; -- (0x81a2) > > This surely works:-< Ok, you gave me an enough example that shows even > 7.1.x and 7.0.x are not safe. > > Included are patches for 7.1.3. Patches for 7.0.3 and 6.5.3 will be > posted soon.
Included are patches for 7.0.3 and 6.5.3 I promised. BTW, >I hope you won't make this standard practice. Because there are quite >significant differences that make upgrading from 7.1.x to 7.2 troublesome. >I can't name them offhand but they've appeared on the list from time to time. I tend to agree above but am not sure making backport patches are core's job. I have been providing patches for PostgreSQL for years in Japan, and people there seem to be welcome such kind of services. However, supporting previous versions is not a trivial job and I don't want core members to spend their valuable time for that kind of job, since making backport patches could be done by anyone who are familiar with PostgreSQL. -- Tatsuo Ishii
*** postgresql-7.0.3/src/backend/utils/mb/conv.c.orig Sat May 20 22:12:26 2000 --- postgresql-7.0.3/src/backend/utils/mb/conv.c Wed May 1 20:41:45 2002 *************** *** 1162,1169 **** else { /* should be ASCII */ *p++ = c1; } - mic++; } *p = '\0'; } --- 1162,1169 ---- else { /* should be ASCII */ *p++ = c1; + mic++; } } *p = '\0'; }
*** postgresql-6.5.3/src/backend/utils/mb/conv.c.orig Mon Jul 12 07:47:20 1999 --- postgresql-6.5.3/src/backend/utils/mb/conv.c Wed May 1 20:39:34 2002 *************** *** 605,612 **** else { /* should be ASCII */ *p++ = c1; } - mic++; } *p = '\0'; } --- 605,612 ---- else { /* should be ASCII */ *p++ = c1; + mic++; } } *p = '\0'; }
---------------------------(end of broadcast)--------------------------- TIP 1: subscribe and unsubscribe commands go to [EMAIL PROTECTED]