static int enforce_pcrud = 0; // Boolean
static char* modulename = NULL;
-static char* _sanitize_savepoint_name( const char* sp );
-
/**
@brief Connect to the database.
@return A database connection if successful, or NULL if not.
// Get the savepoint name from the method params
const char* spName = jsonObjectGetString( jsonObjectGetIndex(ctx->params, spNamePos) );
- if (!spName) {
- osrfLogWarning(OSRF_LOG_MARK, "savepoint.set called with no name");
- return -1;
- }
-
- char *safeSpName = _sanitize_savepoint_name( spName );
-
- dbi_result result = dbi_conn_queryf( writehandle, "SAVEPOINT \"%s\";", safeSpName );
- free( safeSpName );
+ dbi_result result = dbi_conn_queryf( writehandle, "SAVEPOINT \"%s\";", spName );
if( !result ) {
const char* msg;
int errnum = dbi_conn_error( writehandle, &msg );
// Get the savepoint name from the method params
const char* spName = jsonObjectGetString( jsonObjectGetIndex(ctx->params, spNamePos) );
- if (!spName) {
- osrfLogWarning(OSRF_LOG_MARK, "savepoint.release called with no name");
- return -1;
- }
-
- char *safeSpName = _sanitize_savepoint_name( spName );
-
- dbi_result result = dbi_conn_queryf( writehandle, "RELEASE SAVEPOINT \"%s\";", safeSpName );
- free( safeSpName );
+ dbi_result result = dbi_conn_queryf( writehandle, "RELEASE SAVEPOINT \"%s\";", spName );
if( !result ) {
const char* msg;
int errnum = dbi_conn_error( writehandle, &msg );
// Get the savepoint name from the method params
const char* spName = jsonObjectGetString( jsonObjectGetIndex(ctx->params, spNamePos) );
- if (!spName) {
- osrfLogWarning(OSRF_LOG_MARK, "savepoint.rollback called with no name");
- return -1;
- }
-
- char *safeSpName = _sanitize_savepoint_name( spName );
-
- dbi_result result = dbi_conn_queryf( writehandle, "ROLLBACK TO SAVEPOINT \"%s\";", safeSpName );
- free( safeSpName );
+ dbi_result result = dbi_conn_queryf( writehandle, "ROLLBACK TO SAVEPOINT \"%s\";", spName );
if( !result ) {
const char* msg;
int errnum = dbi_conn_error( writehandle, &msg );
pop_query_frame();
}
-/**
- @brief Remove all but safe character from savepoint name
- @param sp User-supplied savepoint name
- @return sanitized savepoint name, or NULL
-
- The caller is expected to free the returned string. Note that
- this function exists only because we can't use PQescapeLiteral
- without either forking libdbi or abandoning it.
-*/
-static char* _sanitize_savepoint_name( const char* sp ) {
-
- const char* safe_chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ012345789_";
-
- // PostgreSQL uses NAMEDATALEN-1 as a max length for identifiers,
- // and the default value of NAMEDATALEN is 64; that should be long enough
- // for our purposes, and it's unlikely that anyone is going to recompile
- // PostgreSQL to have a smaller value, so cap the identifier name
- // accordingly to avoid the remote chance that someone manages to pass in a
- // 12GB savepoint name
- const int MAX_LITERAL_NAMELEN = 63;
- int len = 0;
- len = strlen( sp );
- if (len > MAX_LITERAL_NAMELEN) {
- len = MAX_LITERAL_NAMELEN;
- }
-
- char* safeSpName = safe_malloc( len + 1 );
- int i = 0;
- int j;
- char* found;
- for (j = 0; j < len; j++) {
- found = strchr(safe_chars, sp[j]);
- if (found) {
- safeSpName[ i++ ] = found[0];
- }
- }
- safeSpName[ i ] = '\0';
- return safeSpName;
-}
-
/*@}*/
projects / Evergreen.git / commitdiff