diff options
| author | Tom Lane <tgl@sss.pgh.pa.us> | 2022-06-18 19:45:38 -0400 |
|---|---|---|
| committer | Tom Lane <tgl@sss.pgh.pa.us> | 2022-06-18 19:45:38 -0400 |
| commit | 9cd43f6cbd8b6fbac6837bcdba5e12f0ecbafefb (patch) | |
| tree | 83bcfe25521d671dad3b3300134e4d3e64c8d0e4 /src/bin/psql/tab-complete.c | |
| parent | 7bd4a9e9901966fb35acd509af0d468881aa5d22 (diff) | |
| download | postgresql-9cd43f6cbd8b6fbac6837bcdba5e12f0ecbafefb.tar.gz postgresql-9cd43f6cbd8b6fbac6837bcdba5e12f0ecbafefb.zip | |
Fix busted tab completion of extension versions.
In 02b8048ba I (tgl) got rid of the need for most tab-completion queries
to return pre-quoted identifiers. But I over-hastily removed the
quote_ident call from Query_for_list_of_available_extension_versions*
too; those still need it, because what is returned isn't an identifier
at all and will (almost?) always need quoting.
Arguably we should use quote_literal here instead. But quote_ident
works too and people may be used to that behavior, so stick with it.
In passing, fix inconsistent omission of schema-qualification in
Query_for_list_of_encodings. That's not a security issue per our
current guidelines, but it ought to be like the rest.
Jeff Janes
Discussion: https://postgr.es/m/CAMkU=1yV+egSYrzWvbDY8VZ6bKEMrKbzxr-HTuiHi+wDgSUMgA@mail.gmail.com
Diffstat (limited to 'src/bin/psql/tab-complete.c')
| -rw-r--r-- | src/bin/psql/tab-complete.c | 19 |
1 files changed, 12 insertions, 7 deletions
diff --git a/src/bin/psql/tab-complete.c b/src/bin/psql/tab-complete.c index e1cc7534899..7f0ab5acb96 100644 --- a/src/bin/psql/tab-complete.c +++ b/src/bin/psql/tab-complete.c @@ -238,6 +238,11 @@ static bool completion_force_quote; /* true to force-quote filenames */ * QUERY_PLUS forms combine such literal lists with a query result. * 4) The list of attributes of the given table (possibly schema-qualified). * 5) The list of arguments to the given function (possibly schema-qualified). + * + * The query is generally expected to return raw SQL identifiers; quoting + * is handled by the matching machinery. If what is returned is not SQL + * identifiers, use one of the VERBATIM forms (and then, if quoting is + * needed, do it inside the query). */ #define COMPLETE_WITH_QUERY(query) \ COMPLETE_WITH_QUERY_LIST(query, NULL) @@ -992,7 +997,7 @@ static const SchemaQuery Query_for_trigger_of_table = { #define Query_for_list_of_encodings \ " SELECT DISTINCT pg_catalog.pg_encoding_to_char(conforencoding) "\ " FROM pg_catalog.pg_conversion "\ -" WHERE pg_catalog.pg_encoding_to_char(conforencoding) LIKE UPPER('%s')" +" WHERE pg_catalog.pg_encoding_to_char(conforencoding) LIKE pg_catalog.upper('%s')" #define Query_for_list_of_languages \ "SELECT lanname "\ @@ -1076,18 +1081,18 @@ static const SchemaQuery Query_for_trigger_of_table = { " FROM pg_catalog.pg_available_extensions "\ " WHERE name LIKE '%s' AND installed_version IS NULL" -/* the result of this query is not an identifier, so use VERBATIM */ +/* the result of this query is not a raw identifier, so use VERBATIM */ #define Query_for_list_of_available_extension_versions \ -" SELECT version "\ +" SELECT pg_catalog.quote_ident(version) "\ " FROM pg_catalog.pg_available_extension_versions "\ -" WHERE version LIKE '%s'"\ +" WHERE pg_catalog.quote_ident(version) LIKE '%s'"\ " AND name='%s'" -/* the result of this query is not an identifier, so use VERBATIM */ +/* the result of this query is not a raw identifier, so use VERBATIM */ #define Query_for_list_of_available_extension_versions_with_TO \ -" SELECT 'TO ' || version "\ +" SELECT 'TO ' || pg_catalog.quote_ident(version) "\ " FROM pg_catalog.pg_available_extension_versions "\ -" WHERE ('TO ' || version) LIKE '%s'"\ +" WHERE ('TO ' || pg_catalog.quote_ident(version)) LIKE '%s'"\ " AND name='%s'" #define Query_for_list_of_prepared_statements \ |