fix nasty bug in escaping pg_ in internal queries

diff --git a/HISTORY b/HISTORY
index b98f3cc60e2d50f93a0e1f3f69f045f6f730bd54..507a0256a3e0bf7ae5bc0e9d3bc28f1fb78c965b 100644 (file)
--- a/HISTORY
+++ b/HISTORY
@@ -43,6 +43,7 @@ Bugs
   in PostgreSQL 7.0.x
 * Resetting sequence on 7.1+ now restarts at 1, not 2
 * Remove deprecated column default 'now' from SQL script
+* Properly escape pg_ in internal queries
 
 Translations
 * Afrikaans from Petri Jooste

diff --git a/classes/database/Postgres.php b/classes/database/Postgres.php
index 3badcf104c91a4643306a85f845fd3a17618d7f9..74ebe2d42426ccbc9778934b7f0a6013ba1850a4 100755 (executable)
--- a/classes/database/Postgres.php
+++ b/classes/database/Postgres.php
@@ -4,7 +4,7 @@
  * A class that implements the DB interface for Postgres
  * Note: This class uses ADODB and returns RecordSets.
  *
- * $Id: Postgres.php,v 1.163 2003/11/15 10:40:25 chriskl Exp $
+ * $Id: Postgres.php,v 1.164 2003/11/19 02:12:47 chriskl Exp $
  */
 
 // @@@ THOUGHT: What about inherits? ie. use of ONLY???
@@ -988,7 +988,7 @@ class Postgres extends BaseDB {
         */
        function &getTables($all = false) {
                global $conf;
-               if (!$conf['show_system'] || $all) $where = "WHERE tablename NOT LIKE 'pg_%' ";
+               if (!$conf['show_system'] || $all) $where = "WHERE tablename NOT LIKE 'pg\\\\_%' ";
                else $where = '';
                $sql = "SELECT NULL AS schemaname, tablename, tableowner FROM pg_tables {$where}ORDER BY tablename";
                return $this->selectSet($sql);
@@ -1995,7 +1995,7 @@ class Postgres extends BaseDB {
        function &getViews() {
                global $conf;
                if (!$conf['show_system'])
-                       $where = "WHERE viewname NOT LIKE 'pg_%'";
+                       $where = "WHERE viewname NOT LIKE 'pg\\\\_%'";
                else $where  = '';
                
                $sql = "SELECT viewname, viewowner FROM pg_views {$where} ORDER BY viewname";
@@ -2102,7 +2102,7 @@ class Postgres extends BaseDB {
                        SELECT CASE WHEN relkind='r' THEN 'TABLE'::VARCHAR WHEN relkind='v' THEN 'VIEW'::VARCHAR WHEN relkind='S' THEN 'SEQUENCE'::VARCHAR END AS type, 
                                pc.oid, NULL::VARCHAR AS schemaname, NULL::VARCHAR AS relname, pc.relname AS name FROM pg_class pc
                                WHERE relkind IN ('r', 'v', 'S') AND relname ~* '.*{$term}.*'";
-               if (!$conf['show_system']) $sql .= " AND pc.relname NOT LIKE 'pg_%'";                           
+               if (!$conf['show_system']) $sql .= " AND pc.relname NOT LIKE 'pg\\\\_%'";                               
 
                // Columns
                $sql .= "                               
@@ -2110,7 +2110,7 @@ class Postgres extends BaseDB {
                        SELECT 'COLUMN', NULL, NULL, pc.relname, pa.attname FROM pg_class pc,
                                pg_attribute pa WHERE pc.oid=pa.attrelid 
                                AND pa.attname ~* '.*{$term}.*' AND pa.attnum > 0 AND pc.relkind IN ('r', 'v')";
-               if (!$conf['show_system']) $sql .= " AND pc.relname NOT LIKE 'pg_%'";                           
+               if (!$conf['show_system']) $sql .= " AND pc.relname NOT LIKE 'pg\\\\_%'";                               
 
                // Functions
                $sql .= "
@@ -2126,7 +2126,7 @@ class Postgres extends BaseDB {
                                pg_index pi, pg_class pc2 WHERE pc.oid=pi.indrelid 
                                AND pi.indexrelid=pc2.oid
                                AND pc2.relname ~* '.*{$term}.*' AND NOT pi.indisprimary AND NOT pi.indisunique";
-               if (!$conf['show_system']) $sql .= " AND pc2.relname NOT LIKE 'pg_%'";                          
+               if (!$conf['show_system']) $sql .= " AND pc2.relname NOT LIKE 'pg\\\\_%'";                              
 
                // Check Constraints
                $sql .= "
@@ -2134,7 +2134,7 @@ class Postgres extends BaseDB {
                        SELECT 'CONSTRAINT', NULL, NULL, pc.relname, pr.rcname FROM pg_class pc,
                                pg_relcheck pr WHERE pc.oid=pr.rcrelid
                                AND pr.rcname ~* '.*{$term}.*'";
-               if (!$conf['show_system']) $sql .= " AND pc.relname NOT LIKE 'pg_%'";                           
+               if (!$conf['show_system']) $sql .= " AND pc.relname NOT LIKE 'pg\\\\_%'";                               
                // Unique and Primary Key Constraints
                $sql .= "
                        UNION ALL
@@ -2142,7 +2142,7 @@ class Postgres extends BaseDB {
                                pg_index pi, pg_class pc2 WHERE pc.oid=pi.indrelid 
                                AND pi.indexrelid=pc2.oid
                                AND pc2.relname ~* '.*{$term}.*' AND (pi.indisprimary OR pi.indisunique)";
-               if (!$conf['show_system']) $sql .= " AND pc2.relname NOT LIKE 'pg_%'";                          
+               if (!$conf['show_system']) $sql .= " AND pc2.relname NOT LIKE 'pg\\\\_%'";                              
 
                // Triggers
                $sql .= "
@@ -2150,14 +2150,14 @@ class Postgres extends BaseDB {
                        SELECT 'TRIGGER', NULL, NULL, pc.relname, pt.tgname FROM pg_class pc,
                                pg_trigger pt WHERE pc.oid=pt.tgrelid
                                AND pt.tgname ~* '.*{$term}.*'";
-               if (!$conf['show_system']) $sql .= " AND pc.relname NOT LIKE 'pg_%'";                           
+               if (!$conf['show_system']) $sql .= " AND pc.relname NOT LIKE 'pg\\\\_%'";                               
 
                // Rules
                $sql .= "
                        UNION ALL
                        SELECT 'RULE', NULL, NULL, tablename, rulename FROM pg_rules
                                WHERE rulename ~* '.*{$term}.*'";
-               if (!$conf['show_system']) $sql .= " AND tablename NOT LIKE 'pg_%'";                            
+               if (!$conf['show_system']) $sql .= " AND tablename NOT LIKE 'pg\\\\_%'";                                
 
                // Advanced Objects
                if ($conf['show_advanced']) {

diff --git a/classes/database/Postgres73.php b/classes/database/Postgres73.php
index 04cfcb000cb7b6bda73699e9140f638ac7d837c9..0e541cee9a006e4a4d2b72e5d60e3483ebc2ed49 100644 (file)
--- a/classes/database/Postgres73.php
+++ b/classes/database/Postgres73.php
@@ -4,7 +4,7 @@
  * A class that implements the DB interface for Postgres
  * Note: This class uses ADODB and returns RecordSets.
  *
- * $Id: Postgres73.php,v 1.78 2003/11/08 10:33:57 chriskl Exp $
+ * $Id: Postgres73.php,v 1.79 2003/11/19 02:12:48 chriskl Exp $
  */
 
 // @@@ THOUGHT: What about inherits? ie. use of ONLY???
@@ -99,8 +99,8 @@ class Postgres73 extends Postgres72 {
         */
        function &getSchemas() {
                global $conf;
-               
-               if (!$conf['show_system']) $and = "AND nspname NOT LIKE 'pg_%'";
+
+               if (!$conf['show_system']) $and = "AND nspname NOT LIKE 'pg\\\\_%'";
                else $and = '';
                $sql = "SELECT pn.nspname, pu.usename AS nspowner FROM pg_catalog.pg_namespace pn, pg_catalog.pg_user pu
                        WHERE pn.nspowner = pu.usesysid
@@ -1152,9 +1152,9 @@ class Postgres73 extends Postgres72 {
 
                // Exclude system relations if necessary
                if (!$conf['show_system']) {
-                       $where = " AND pn.nspname NOT LIKE 'pg_%'";
+                       $where = " AND pn.nspname NOT LIKE 'pg\\\\_%'";
                        $lan_where = "AND pl.lanispl";
-                       $rule_where = " AND schemaname NOT LIKE 'pg_%'";
+                       $rule_where = " AND schemaname NOT LIKE 'pg\\\\_%'";
                }
                else {
                        $where = '';
@@ -1304,9 +1304,9 @@ class Postgres73 extends Postgres72 {
                        $where = '';
                else
                        $where = "
-                               AND n1.nspname NOT LIKE 'pg_%'
-                               AND n2.nspname NOT LIKE 'pg_%'
-                               AND n3.nspname NOT LIKE 'pg_%'
+                               AND n1.nspname NOT LIKE 'pg\\\\_%'
+                               AND n2.nspname NOT LIKE 'pg\\\\_%'
+                               AND n3.nspname NOT LIKE 'pg\\\\_%'
                        ";
 
                $sql = "

diff --git a/classes/database/Postgres74.php b/classes/database/Postgres74.php
index 9b876ce7fb27aa01ee42c6da74023aa0e53ebae0..b87b6d37cb3225d9263f0b54fa241f5db9eb865d 100644 (file)
--- a/classes/database/Postgres74.php
+++ b/classes/database/Postgres74.php
@@ -4,7 +4,7 @@
  * A class that implements the DB interface for Postgres
  * Note: This class uses ADODB and returns RecordSets.
  *
- * $Id: Postgres74.php,v 1.18 2003/10/12 05:46:32 chriskl Exp $
+ * $Id: Postgres74.php,v 1.19 2003/11/19 02:12:48 chriskl Exp $
  */
 
 include_once('classes/database/Postgres73.php');
@@ -122,7 +122,7 @@ class Postgres74 extends Postgres73 {
        function &getSchemas() {
                global $conf;
                
-               if (!$conf['show_system']) $and = "AND nspname NOT LIKE 'pg_%' AND nspname != 'information_schema'";
+               if (!$conf['show_system']) $and = "AND nspname NOT LIKE 'pg\\\\_%' AND nspname != 'information_schema'";
                else $and = '';
                $sql = "SELECT pn.nspname, pu.usename AS nspowner FROM pg_catalog.pg_namespace pn, pg_catalog.pg_user pu
                        WHERE pn.nspowner = pu.usesysid