1 files changed, 34 insertions, 0 deletions

diff --git a/src/common/string.c b/src/common/string.c
index 3260d37a84e..499e81811a6 100644
--- a/src/common/string.c
+++ b/src/common/string.c
@@ -56,3 +56,37 @@ strtoint(const char *pg_restrict str, char **pg_restrict endptr, int base)
 		errno = ERANGE;
 	return (int) val;
 }
+
+
+/*
+ * pg_clean_ascii -- Replace any non-ASCII chars with a '?' char
+ *
+ * Modifies the string passed in which must be '\0'-terminated.
+ *
+ * This function exists specifically to deal with filtering out
+ * non-ASCII characters in a few places where the client can provide an almost
+ * arbitrary string (and it isn't checked to ensure it's a valid username or
+ * database name or similar) and we don't want to have control characters or other
+ * things ending up in the log file where server admins might end up with a
+ * messed up terminal when looking at them.
+ *
+ * In general, this function should NOT be used- instead, consider how to handle
+ * the string without needing to filter out the non-ASCII characters.
+ *
+ * Ultimately, we'd like to improve the situation to not require stripping out
+ * all non-ASCII but perform more intelligent filtering which would allow UTF or
+ * similar, but it's unclear exactly what we should allow, so stick to ASCII only
+ * for now.
+ */
+void
+pg_clean_ascii(char *str)
+{
+	/* Only allow clean ASCII chars in the string */
+	char	   *p;
+
+	for (p = str; *p != '\0'; p++)
+	{
+		if (*p < 32 || *p > 126)
+			*p = '?';
+	}
+}