Tom Lane wrote:
> Bruce Momjian <pgman@candle.pha.pa.us> writes:
> > Tom Lane wrote:
> >> ... it's part of the API contract of canonicalize_path() that it
> >> will not return something with trailing "." or "..".
>
> > OK, new patch which I think handles all cases.
>
> > + if (pending_strips > 0)
> > + {
> > + for (; pending_strips > 0; pending_strips--)
> > + strcat(path, "../");
> > + trim_trailing_separator(path);
> > + }
>
> Uh, that hardly meets the API contract that I mentioned. I think
> we really have to throw an error if the path tries to ".." above
> the starting point. (Remember again that most of the uses of
> this thing are dealing with absolute paths anyway, so this isn't
> that big a deal.)
OK, so how do you want to error out? exit()? There are no ereport
calls in that file. We can add them (using a *_srv.c file) or let it
return a boolean and check it at each call site.
--
Bruce Momjian | http://candle.pha.pa.us
pgman@candle.pha.pa.us | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup. | Newtown Square, Pennsylvania 19073