Quoting issues with createdb

Previous Topic Next Topic
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

Quoting issues with createdb

Michael Paquier-2
Hi all,

createdb has a couple of issues with its quoting.  For example take
that, which can be confusing:
$ createdb --lc-ctype="en_US.UTF-8';create table aa();select '1" popo
createdb: error: database creation failed: ERROR:  CREATE DATABASE
cannot run inside a transaction block

The root of the issue is that any values added by the command caller
with --lc-collate, --lc-ctype or --encoding are not quoted properly,
and in all three cases it means that the quoting needs to be
encoding-sensitive (Tom mentioned me directly that part).  This proper
quoting can be achieved using appendStringLiteralConn() from
string_utils.c, at the condition of taking the connection to the
server before building the CREATE DATABASE query.

Note that for --encoding, this is less of a problem as there is some
extra validation with pg_char_to_encoding(), but it seems better to me
to be consistent.

So this gives the patch attached, where the error becomes:
ERROR:  invalid locale name: "en_US.UTF-8';create table aa();select '1"

Any opinions?

createdb-quotes-v1.patch (1K) Download Attachment
signature.asc (849 bytes) Download Attachment