database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-06-16 06:01:02 +03:00
Code Activity

Ensure that xpath() escapes special characters in string values.

Browse Source 
Without this it's possible for the output to not be legal XML, as
illustrated by the added regression test cases.

NB: this change will need to be called out as an incompatibility in the
9.2 release notes, since it's possible somebody was relying on the old
behavior, even though it's clearly wrong.

Florian Pflug, reviewed by Radoslaw Smogura
This commit is contained in:
Tom Lane
2011-07-20 18:44:09 -04:00
parent 17a16eeb7c
commit aaf15e5c1c
4 changed files with 31 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/backend/utils/adt/xml.c
View File

@ -3537,7 +3537,11 @@ xml_xmlnodetoxmltype(xmlNodePtr cur)
str = xmlXPathCastNodeToString(cur);
PG_TRY();
{
result = (xmltype *) cstring_to_text((char *) str);
/* Here we rely on XML having the same representation as TEXT */
char *escaped = escape_xml((char *) str);
result = (xmltype *) cstring_to_text(escaped);
pfree(escaped);
}
PG_CATCH();
{