mirror of
https://github.com/postgres/postgres.git
synced 2026-04-15 22:10:45 -04:00
b3eb4ea5d8
parser will allow "\'" to be used to represent a literal quote mark. The "\'" representation has been deprecated for some time in favor of the SQL-standard representation "''" (two single quote marks), but it has been used often enough that just disallowing it immediately won't do. Hence backslash_quote allows the settings "on", "off", and "safe_encoding", the last meaning to allow "\'" only if client_encoding is a valid server encoding. That is now the default, and the reason is that in encodings such as SJIS that allow 0x5c (ASCII backslash) to be the last byte of a multibyte character, accepting "\'" allows SQL-injection attacks as per CVE-2006-2314 (further details will be published after release). The "on" setting is available for backward compatibility, but it must not be used with clients that are exposed to untrusted input. Thanks to Akio Ishida and Yasuo Ohgaki for identifying this security issue. |
||
|---|---|---|
| .. | ||
| .cvsignore | ||
| analyze.c | ||
| gram.y | ||
| keywords.c | ||
| Makefile | ||
| parse_agg.c | ||
| parse_clause.c | ||
| parse_coerce.c | ||
| parse_expr.c | ||
| parse_func.c | ||
| parse_node.c | ||
| parse_oper.c | ||
| parse_relation.c | ||
| parse_target.c | ||
| parse_type.c | ||
| parser.c | ||
| README | ||
| scan.l | ||
| scansup.c | ||
This directory does more than tokenize and parse SQL queries. It also creates Query structures for the various complex queries that is passed to the optimizer and then executor. parser.c things start here scan.l break query into tokens scansup.c handle escapes in input keywords.c turn keywords into specific tokens gram.y parse the tokens and fill query-type-specific structures analyze.c handle post-parse processing for each query type parse_clause.c handle clauses like WHERE, ORDER BY, GROUP BY, ... parse_coerce.c used for coercing expressions of different types parse_expr.c handle expressions like col, col + 3, x = 3 or x = 4 parse_oper.c handle operations in expressions parse_agg.c handle aggregates, like SUM(col1), AVG(col2), ... parse_func.c handle functions, table.column and column identifiers parse_node.c create nodes for various structures parse_target.c handle the result list of the query parse_relation.c support routines for tables and column handling parse_type.c support routines for type handling