summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeremy Harris <jgh146exb@wizmail.org>2015-10-30 14:54:17 +0000
committerJeremy Harris <jgh146exb@wizmail.org>2015-10-30 15:42:20 +0000
commit376d2ec0874144ee64e21ca79362793f116a381c (patch)
tree7fb03f1f3f1304ac42b6f742419384588e23e51a
parent92e6a3d97120ddd68e26d4f5dbdd2ea127a5ff4f (diff)
Lookups: Do not escape percent or underbar in the ${quote_pgsql: } operator. Bug 1706
-rw-r--r--doc/doc-docbook/spec.xfpt7
-rw-r--r--doc/doc-txt/ChangeLog3
-rw-r--r--src/src/lookups/pgsql.c10
3 files changed, 8 insertions, 12 deletions
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index da4b7ec84..5254fb8a2 100644
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -7537,13 +7537,12 @@ a query is successfully processed. The result of a query may be that no data is
found, but that is still a successful query. In other words, the list of
servers provides a backup facility, not a list of different places to look.
+.new
The &%quote_mysql%&, &%quote_pgsql%&, and &%quote_oracle%& expansion operators
convert newline, tab, carriage return, and backspace to \n, \t, \r, and \b
respectively, and the characters single-quote, double-quote, and backslash
-itself are escaped with backslashes. The &%quote_pgsql%& expansion operator, in
-addition, escapes the percent and underscore characters. This cannot be done
-for MySQL because these escapes are not recognized in contexts where these
-characters are not special.
+itself are escaped with backslashes.
+.wen
.section "Specifying the server in the query" "SECTspeserque"
For MySQL and PostgreSQL lookups (but not currently for Oracle and InterBase),
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index beedb59f4..8780780c0 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -63,6 +63,9 @@ JH/10 Bug 840: fix log_defer_output option of pipe transport
JH/11 Bug 830: use same host for all RCPTS of a message, even under
hosts_randomize. This matters a lot when combined with mua_wrapper.
+JH/12 Bug 1706: percent and underbar characters are no longer excaped by the
+ ${quote_pgsql:<string>} operator.
+
Exim version 4.86
-----------------
diff --git a/src/src/lookups/pgsql.c b/src/src/lookups/pgsql.c
index 4be3d98f1..01c5375bc 100644
--- a/src/src/lookups/pgsql.c
+++ b/src/src/lookups/pgsql.c
@@ -413,12 +413,6 @@ return lf_sqlperform(US"PostgreSQL", US"pgsql_servers", pgsql_servers, query,
/* The characters that always need to be quoted (with backslash) are newline,
tab, carriage return, backspace, backslash itself, and the quote characters.
-Percent and underscore are only special in contexts where they can be wild
-cards, and this isn't usually the case for data inserted from messages, since
-that isn't likely to be treated as a pattern of any kind. However, pgsql seems
-to allow escaping "on spec". If you use something like "where id="ab\%cd" it
-does treat the string as "ab%cd". So we can safely quote percent and
-underscore. [This is different to MySQL, where you can't do this.]
The original code quoted single quotes as \' which is documented as valid in
the O'Reilly book "Practical PostgreSQL" (first edition) as an alternative to
@@ -448,7 +442,7 @@ uschar *quoted;
if (opt != NULL) return NULL; /* No options recognized */
while ((c = *t++) != 0)
- if (Ustrchr("\n\t\r\b\'\"\\%_", c) != NULL) count++;
+ if (Ustrchr("\n\t\r\b\'\"\\", c) != NULL) count++;
if (count == 0) return s;
t = quoted = store_get(Ustrlen(s) + count + 1);
@@ -460,7 +454,7 @@ while ((c = *s++) != 0)
*t++ = '\'';
*t++ = '\'';
}
- else if (Ustrchr("\n\t\r\b\"\\%_", c) != NULL)
+ else if (Ustrchr("\n\t\r\b\"\\", c) != NULL)
{
*t++ = '\\';
switch(c)