> > Oops. How about:
> >
> > foo'; DROP TABLE t1; -- foo
> >
> > The last ' gets removed, leaving -- (81a2).
> >
> > So you get:
> > select ... '(0x81a2)'; DROP TABLE t1; -- (0x81a2)
>
> This surely works:-< Ok, you gave me an enough example that shows even
> 7.1.x and 7.0.x are not safe.
>
> Included are patches for 7.1.3. Patches for 7.0.3 and 6.5.3 will be
> posted soon.
Included are patches for 7.0.3 and 6.5.3 I promised.
BTW,
>I hope you won't make this standard practice. Because there are quite
>significant differences that make upgrading from 7.1.x to 7.2 troublesome.
>I can't name them offhand but they've appeared on the list from time to time.
I tend to agree above but am not sure making backport patches are
core's job. I have been providing patches for PostgreSQL for years in
Japan, and people there seem to be welcome such kind of
services. However, supporting previous versions is not a trivial job
and I don't want core members to spend their valuable time for that
kind of job, since making backport patches could be done by anyone who
are familiar with PostgreSQL.
--
Tatsuo Ishii
*** postgresql-7.0.3/src/backend/utils/mb/conv.c.orig Sat May 20 22:12:26 2000
--- postgresql-7.0.3/src/backend/utils/mb/conv.c Wed May 1 20:41:45 2002
***************
*** 1162,1169 ****
else
{ /* should be ASCII */
*p++ = c1;
}
- mic++;
}
*p = '\0';
}
--- 1162,1169 ----
else
{ /* should be ASCII */
*p++ = c1;
+ mic++;
}
}
*p = '\0';
}
*** postgresql-6.5.3/src/backend/utils/mb/conv.c.orig Mon Jul 12 07:47:20 1999
--- postgresql-6.5.3/src/backend/utils/mb/conv.c Wed May 1 20:39:34 2002
***************
*** 605,612 ****
else
{ /* should be ASCII */
*p++ = c1;
}
- mic++;
}
*p = '\0';
}
--- 605,612 ----
else
{ /* should be ASCII */
*p++ = c1;
+ mic++;
}
}
*p = '\0';
}
---------------------------(end of broadcast)---------------------------
TIP 1: subscribe and unsubscribe commands go to [EMAIL PROTECTED]
