From: Arran Cudbard-Bell <a.cudbardb@freeradius.org>
Date: Wed, 13 May 2026 03:47:36 +0000 (-0600)
Subject: Pin standard_conforming_strings on the PostgreSQL CI test database
X-Git-Url: http://git.ipfire.org/gitweb/index.cgi?a=commitdiff_plain;h=df13dfd054;p=thirdparty%2Ffreeradius-server.git

Pin standard_conforming_strings on the PostgreSQL CI test database

PQescapeStringConn doubles backslashes when the connection's
std_strings flag is false, which trips the backslash assertion in
src/tests/modules/sql_postgresql/escape.unlang on test servers where
the parameter isn't being reported as on. Pin it at the database
level in postgresql-setup.sh so every connection inherits it, and
restore the backslash assertion in the test.
---

diff --git a/scripts/ci/postgresql-setup.sh b/scripts/ci/postgresql-setup.sh
index 1e1abfbe67a..6f62b2e1936 100755
--- a/scripts/ci/postgresql-setup.sh
+++ b/scripts/ci/postgresql-setup.sh
@@ -16,6 +16,14 @@ psql -h "${SQL_POSTGRESQL_TEST_SERVER}" -c 'drop user radius;' -U postgres || tr
 echo "PostgreSQL - Creating database"
 psql -h "${SQL_POSTGRESQL_TEST_SERVER}" -c 'create database radius;' -U postgres || true
 
+#
+#  Pin standard_conforming_strings = on for new connections to this DB.
+#  Modern PostgreSQL defaults to on (since 9.1), but pinning it here makes
+#  the escape tests' expected output deterministic across server configs.
+#
+echo "PostgreSQL - Pinning standard_conforming_strings"
+psql -h "${SQL_POSTGRESQL_TEST_SERVER}" -c 'ALTER DATABASE radius SET standard_conforming_strings = on;' -U postgres
+
 echo "PostgreSQL - Execute schema.sql"
 psql -h "${SQL_POSTGRESQL_TEST_SERVER}" -U postgres radius < raddb/mods-config/sql/main/postgresql/schema.sql
 
diff --git a/src/tests/modules/sql_postgresql/escape.unlang b/src/tests/modules/sql_postgresql/escape.unlang
index fa9862f7283..e307ab2836a 100644
--- a/src/tests/modules/sql_postgresql/escape.unlang
+++ b/src/tests/modules/sql_postgresql/escape.unlang
@@ -1,10 +1,10 @@
 #
 #  PostgreSQL escape function (via PQescapeStringConn).
 #
-#  With standard_conforming_strings = on (the default since 9.1)
-#  PQescapeStringConn only doubles single quotes.  Backslashes and
-#  other byte values pass through unchanged - the SQL string literal
-#  grammar treats them as literal characters.
+#  Assumes standard_conforming_strings = on on the test server.  Under that
+#  mode PQescapeStringConn only doubles single quotes - backslashes and
+#  other byte values pass through unchanged.  The CI postgres setup script
+#  pins this on the test database.
 #
 #  String literals in unlang are marked "safe for any escape" so we wrap
 #  each input in %taint(...) to force the escape to actually run.
@@ -29,8 +29,7 @@ if (%sql.escape(%taint("''")) != "''''") {
 }
 
 #
-#  Backslash passes through (assumes standard_conforming_strings = on
-#  on the test server, which is the default in modern PostgreSQL).
+#  Backslash passes through unchanged.
 #
 if (%sql.escape(%taint("back\\slash")) != "back\\slash") {
 	test_fail