fixed security problem

This commit is contained in:
javi 2015-02-12 10:57:12 +01:00
parent ee8a031ea0
commit 0223d00a54
3 changed files with 6 additions and 5 deletions

View File

@ -16,11 +16,6 @@ BEGIN
FOR rec IN SELECT CDB_QueryStatements(query) q LOOP FOR rec IN SELECT CDB_QueryStatements(query) q LOOP
IF NOT ( rec.q ilike 'select %' or rec.q ilike 'with %' ) THEN
--RAISE WARNING 'Skipping %', rec.q;
CONTINUE;
END IF;
BEGIN BEGIN
EXECUTE 'EXPLAIN (FORMAT XML, VERBOSE) ' || rec.q INTO STRICT exp; EXECUTE 'EXPLAIN (FORMAT XML, VERBOSE) ' || rec.q INTO STRICT exp;
EXCEPTION WHEN others THEN EXCEPTION WHEN others THEN

View File

@ -31,3 +31,7 @@ create table sc.test (a int);
insert into sc.test values (1); insert into sc.test values (1);
WITH inp AS ( select 'select * from sc.test'::text as q ) WITH inp AS ( select 'select * from sc.test'::text as q )
SELECT q, CDB_QueryTables(q) from inp; SELECT q, CDB_QueryTables(q) from inp;
WITH inp AS ( select 'SELECT
* FROM geometry_columns'::text as q )
SELECT q, CDB_QueryTables(q) from inp;

View File

@ -13,3 +13,5 @@ CREATE SCHEMA
CREATE TABLE CREATE TABLE
INSERT 0 1 INSERT 0 1
select * from sc.test|{sc.test} select * from sc.test|{sc.test}
SELECT
* FROM geometry_columns|{pg_catalog.pg_attribute,pg_catalog.pg_class,pg_catalog.pg_namespace,pg_catalog.pg_type}