https://bz.apache.org/bugzilla/show_bug.cgi?id=60378
Bug ID: 60378
Summary: Rivet 2.3.2 dio_Postgresql.tcl module improperly
quotes strings containing single quote characters
Product: Rivet
Version: unspecified
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: DIO
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: ---
Created attachment 34452
--> https://bz.apache.org/bugzilla/attachment.cgi?id=34452&action=edit
Patch against 2.3.2 to fix the reported issue.
The dio_Postgresql.tcl module in Rivet 2.3.2 does not implement a Postgresql
specific 'quote' proc, instead relying on the generic 'quote' proc provided by
DIO which quotes single quote (ASCII 0x27) characters by prefixing them with a
backslash. However, by default Postgresql supports the SQL standard "doubling"
quoting method for single quotes (see section 4.1.2.1 in the Posgresql docs
here https://www.postgresql.org/docs/9.6/static/sql-syntax-lexical.html).
Backslash quoted single quotes cause an SQL syntax error unless the Postgresql
specific symtax described in section 4.1.2.2 of the URL above is used.
Since dio_Postgresql.tcl uses the default backslash quoting, this means that
attempting to insert a string containing a single quote (') via DIO results in
an SQL syntax error.
The fix is simple. dio_Postgresql.tcl uses the Pgtcl interface module. Pgtcl
provides a 'pg_quote' proc for use in properly quoting strings to be inserted
into SQL statements for use with Postgresql. So modifying dio_Postgresql.tcl
to use pg_quote instead of the default 'quote' method fixes the issue. Small
patch attached against 2.3.2, however the identical issue exists with Rivet
2.2.4 and the fix is identical there.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
