char *c_sql = read_extension_script_file(control, filename);
Datum t_sql;
+ /*
+ * We filter each substitution through quote_identifier(). When the
+ * arg contains one of the following characters, no one collection of
+ * quoting can work inside $$dollar-quoted string literals$$,
+ * 'single-quoted string literals', and outside of any literal. To
+ * avoid a security snare for extension authors, error on substitution
+ * for arguments containing these.
+ */
+ const char *quoting_relevant_chars = "\"$'\\";
+
/* We use various functions that want to operate on text datums */
t_sql = CStringGetTextDatum(c_sql);
t_sql,
CStringGetTextDatum("@extowner@"),
CStringGetTextDatum(qUserName));
+ if (strpbrk(userName, quoting_relevant_chars))
+ ereport(ERROR,
+ (errcode(ERRCODE_INVALID_TEXT_REPRESENTATION),
+ errmsg("invalid character in extension owner: must not contain any of \"%s\"",
+ quoting_relevant_chars)));
}
/*
*/
if (!control->relocatable)
{
+ Datum old = t_sql;
const char *qSchemaName = quote_identifier(schemaName);
t_sql = DirectFunctionCall3Coll(replace_text,
t_sql,
CStringGetTextDatum("@extschema@"),
CStringGetTextDatum(qSchemaName));
+ if (t_sql != old && strpbrk(schemaName, quoting_relevant_chars))
+ ereport(ERROR,
+ (errcode(ERRCODE_INVALID_TEXT_REPRESENTATION),
+ errmsg("invalid character in extension \"%s\" schema: must not contain any of \"%s\"",
+ control->name, quoting_relevant_chars)));
}
/*
Assert(list_length(control->requires) == list_length(requiredSchemas));
forboth(lc, control->requires, lc2, requiredSchemas)
{
+ Datum old = t_sql;
char *reqextname = (char *) lfirst(lc);
Oid reqschema = lfirst_oid(lc2);
char *schemaName = get_namespace_name(reqschema);
t_sql,
CStringGetTextDatum(repltoken),
CStringGetTextDatum(qSchemaName));
+ if (t_sql != old && strpbrk(schemaName, quoting_relevant_chars))
+ ereport(ERROR,
+ (errcode(ERRCODE_INVALID_TEXT_REPRESENTATION),
+ errmsg("invalid character in extension \"%s\" schema: must not contain any of \"%s\"",
+ reqextname, quoting_relevant_chars)));
}
/*
EXTENSION = test_ext1 test_ext2 test_ext3 test_ext4 test_ext5 test_ext6 \
test_ext7 test_ext8 test_ext_cine test_ext_cor \
test_ext_cyclic1 test_ext_cyclic2 \
+ test_ext_extschema \
test_ext_evttrig \
test_ext_req_schema1 test_ext_req_schema2 test_ext_req_schema3
test_ext_cine--1.0.sql test_ext_cine--1.0--1.1.sql \
test_ext_cor--1.0.sql \
test_ext_cyclic1--1.0.sql test_ext_cyclic2--1.0.sql \
+ test_ext_extschema--1.0.sql \
test_ext_evttrig--1.0.sql test_ext_evttrig--1.0--2.0.sql \
test_ext_req_schema1--1.0.sql \
test_ext_req_schema2--1.0.sql \
+CREATE SCHEMA has$dollar;
-- test some errors
CREATE EXTENSION test_ext1;
ERROR: required extension "test_ext2" is not installed
ERROR: schema "test_ext1" does not exist
CREATE EXTENSION test_ext1 SCHEMA test_ext;
ERROR: schema "test_ext" does not exist
-CREATE SCHEMA test_ext;
-CREATE EXTENSION test_ext1 SCHEMA test_ext;
+CREATE EXTENSION test_ext1 SCHEMA has$dollar;
ERROR: extension "test_ext1" must be installed in schema "test_ext1"
-- finally success
-CREATE EXTENSION test_ext1 SCHEMA test_ext CASCADE;
+CREATE EXTENSION test_ext1 SCHEMA has$dollar CASCADE;
NOTICE: installing required extension "test_ext2"
NOTICE: installing required extension "test_ext3"
NOTICE: installing required extension "test_ext5"
NOTICE: installing required extension "test_ext4"
SELECT extname, nspname, extversion, extrelocatable FROM pg_extension e, pg_namespace n WHERE extname LIKE 'test_ext%' AND e.extnamespace = n.oid ORDER BY 1;
- extname | nspname | extversion | extrelocatable
------------+-----------+------------+----------------
- test_ext1 | test_ext1 | 1.0 | f
- test_ext2 | test_ext | 1.0 | t
- test_ext3 | test_ext | 1.0 | t
- test_ext4 | test_ext | 1.0 | t
- test_ext5 | test_ext | 1.0 | t
+ extname | nspname | extversion | extrelocatable
+-----------+------------+------------+----------------
+ test_ext1 | test_ext1 | 1.0 | f
+ test_ext2 | has$dollar | 1.0 | t
+ test_ext3 | has$dollar | 1.0 | t
+ test_ext4 | has$dollar | 1.0 | t
+ test_ext5 | has$dollar | 1.0 | t
(5 rows)
CREATE EXTENSION test_ext_cyclic1 CASCADE;
NOTICE: installing required extension "test_ext_cyclic2"
ERROR: cyclic dependency detected between extensions "test_ext_cyclic1" and "test_ext_cyclic2"
-DROP SCHEMA test_ext CASCADE;
+DROP SCHEMA has$dollar CASCADE;
NOTICE: drop cascades to 5 other objects
DETAIL: drop cascades to extension test_ext3
drop cascades to extension test_ext5
drop cascades to extension test_ext2
drop cascades to extension test_ext4
drop cascades to extension test_ext1
+CREATE SCHEMA has$dollar;
CREATE EXTENSION test_ext6;
DROP EXTENSION test_ext6;
CREATE EXTENSION test_ext6;
table ext_cine_tab3
(9 rows)
+--
+-- Test @extschema@ syntax.
+--
+CREATE SCHEMA "has space";
+CREATE EXTENSION test_ext_extschema SCHEMA has$dollar;
+ERROR: invalid character in extension "test_ext_extschema" schema: must not contain any of ""$'\"
+CREATE EXTENSION test_ext_extschema SCHEMA "has space";
--
-- Test extension with objects outside the extension's schema.
--
--
-- Test @extschema:extname@ syntax and no_relocate option
--
+CREATE EXTENSION test_ext_req_schema1 SCHEMA has$dollar;
+CREATE EXTENSION test_ext_req_schema3 CASCADE;
+NOTICE: installing required extension "test_ext_req_schema2"
+ERROR: invalid character in extension "test_ext_req_schema1" schema: must not contain any of ""$'\"
+DROP EXTENSION test_ext_req_schema1;
CREATE SCHEMA test_s_dep;
CREATE EXTENSION test_ext_req_schema1 SCHEMA test_s_dep;
CREATE EXTENSION test_ext_req_schema3 CASCADE;
'test_ext_cyclic1.control',
'test_ext_cyclic2--1.0.sql',
'test_ext_cyclic2.control',
+ 'test_ext_extschema--1.0.sql',
+ 'test_ext_extschema.control',
'test_ext_evttrig--1.0--2.0.sql',
'test_ext_evttrig--1.0.sql',
'test_ext_evttrig.control',
+CREATE SCHEMA has$dollar;
+
-- test some errors
CREATE EXTENSION test_ext1;
CREATE EXTENSION test_ext1 SCHEMA test_ext1;
CREATE EXTENSION test_ext1 SCHEMA test_ext;
-CREATE SCHEMA test_ext;
-CREATE EXTENSION test_ext1 SCHEMA test_ext;
+CREATE EXTENSION test_ext1 SCHEMA has$dollar;
-- finally success
-CREATE EXTENSION test_ext1 SCHEMA test_ext CASCADE;
+CREATE EXTENSION test_ext1 SCHEMA has$dollar CASCADE;
SELECT extname, nspname, extversion, extrelocatable FROM pg_extension e, pg_namespace n WHERE extname LIKE 'test_ext%' AND e.extnamespace = n.oid ORDER BY 1;
CREATE EXTENSION test_ext_cyclic1 CASCADE;
-DROP SCHEMA test_ext CASCADE;
+DROP SCHEMA has$dollar CASCADE;
+CREATE SCHEMA has$dollar;
CREATE EXTENSION test_ext6;
DROP EXTENSION test_ext6;
\dx+ test_ext_cine
+--
+-- Test @extschema@ syntax.
+--
+CREATE SCHEMA "has space";
+CREATE EXTENSION test_ext_extschema SCHEMA has$dollar;
+CREATE EXTENSION test_ext_extschema SCHEMA "has space";
+
--
-- Test extension with objects outside the extension's schema.
--
--
-- Test @extschema:extname@ syntax and no_relocate option
--
+CREATE EXTENSION test_ext_req_schema1 SCHEMA has$dollar;
+CREATE EXTENSION test_ext_req_schema3 CASCADE;
+DROP EXTENSION test_ext_req_schema1;
CREATE SCHEMA test_s_dep;
CREATE EXTENSION test_ext_req_schema1 SCHEMA test_s_dep;
CREATE EXTENSION test_ext_req_schema3 CASCADE;
--- /dev/null
+/* src/test/modules/test_extensions/test_ext_extschema--1.0.sql */
+-- complain if script is sourced in psql, rather than via CREATE EXTENSION
+\echo Use "CREATE EXTENSION test_ext_extschema" to load this file. \quit
+
+SELECT 1 AS @extschema@;
--- /dev/null
+comment = 'test @extschema@'
+default_version = '1.0'
+relocatable = false