Lookups: Do not escape percent or underbar in the ${quote_pgsql: } operator. Bug...

diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index da4b7ec84138047591c04b3152841d81a4681269..5254fb8a26efd1fe54d191b32b81ec8d2a3dd085 100644 (file)
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -7537,13 +7537,12 @@ a query is successfully processed. The result of a query may be that no data is
 found, but that is still a successful query. In other words, the list of
 servers provides a backup facility, not a list of different places to look.
 
 found, but that is still a successful query. In other words, the list of
 servers provides a backup facility, not a list of different places to look.
 

+.new

 The &%quote_mysql%&, &%quote_pgsql%&, and &%quote_oracle%& expansion operators
 convert newline, tab, carriage return, and backspace to \n, \t, \r, and \b
 respectively, and the characters single-quote, double-quote, and backslash
 The &%quote_mysql%&, &%quote_pgsql%&, and &%quote_oracle%& expansion operators
 convert newline, tab, carriage return, and backspace to \n, \t, \r, and \b
 respectively, and the characters single-quote, double-quote, and backslash

-itself are escaped with backslashes. The &%quote_pgsql%& expansion operator, in
-addition, escapes the percent and underscore characters. This cannot be done
-for MySQL because these escapes are not recognized in contexts where these
-characters are not special.
+itself are escaped with backslashes.
+.wen

 
 .section "Specifying the server in the query" "SECTspeserque"
 For MySQL and PostgreSQL lookups (but not currently for Oracle and InterBase),
 
 .section "Specifying the server in the query" "SECTspeserque"
 For MySQL and PostgreSQL lookups (but not currently for Oracle and InterBase),

diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index beedb59f468745cdf3d15aa1db85f53738d0d4e6..8780780c0fa3e35ae41d46bcfffcaf6a0bd521a4 100644 (file)
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -63,6 +63,9 @@ JH/10 Bug 840: fix log_defer_output option of pipe transport
 JH/11 Bug 830: use same host for all RCPTS of a message, even under
       hosts_randomize.  This matters a lot when combined with mua_wrapper.
 
 JH/11 Bug 830: use same host for all RCPTS of a message, even under
       hosts_randomize.  This matters a lot when combined with mua_wrapper.
 

+JH/12 Bug 1706: percent and underbar characters are no longer excaped by the
+      ${quote_pgsql:<string>} operator.
+

 
 Exim version 4.86
 -----------------
 
 Exim version 4.86
 -----------------

diff --git a/src/src/lookups/pgsql.c b/src/src/lookups/pgsql.c
index 4be3d98f1546159154f4d74f2f1a605adead9767..01c5375bc15ee5e1b7aa985f7332f79c05c7057f 100644 (file)
--- a/src/src/lookups/pgsql.c
+++ b/src/src/lookups/pgsql.c
@@ -413,12 +413,6 @@ return lf_sqlperform(US"PostgreSQL", US"pgsql_servers", pgsql_servers, query,
 
 /* The characters that always need to be quoted (with backslash) are newline,
 tab, carriage return, backspace, backslash itself, and the quote characters.
 
 /* The characters that always need to be quoted (with backslash) are newline,
 tab, carriage return, backspace, backslash itself, and the quote characters.

-Percent and underscore are only special in contexts where they can be wild
-cards, and this isn't usually the case for data inserted from messages, since
-that isn't likely to be treated as a pattern of any kind. However, pgsql seems
-to allow escaping "on spec". If you use something like "where id="ab\%cd" it
-does treat the string as "ab%cd". So we can safely quote percent and
-underscore. [This is different to MySQL, where you can't do this.]

 
 The original code quoted single quotes as \' which is documented as valid in
 the O'Reilly book "Practical PostgreSQL" (first edition) as an alternative to
 
 The original code quoted single quotes as \' which is documented as valid in
 the O'Reilly book "Practical PostgreSQL" (first edition) as an alternative to


@@ -448,7 +442,7 @@ uschar *quoted;
 if (opt != NULL) return NULL;     /* No options recognized */
 
 while ((c = *t++) != 0)
 if (opt != NULL) return NULL;     /* No options recognized */
 
 while ((c = *t++) != 0)

-  if (Ustrchr("\n\t\r\b\'\"\\%_", c) != NULL) count++;
+  if (Ustrchr("\n\t\r\b\'\"\\", c) != NULL) count++;

 
 if (count == 0) return s;
 t = quoted = store_get(Ustrlen(s) + count + 1);
 
 if (count == 0) return s;
 t = quoted = store_get(Ustrlen(s) + count + 1);


@@ -460,7 +454,7 @@ while ((c = *s++) != 0)
     *t++ = '\'';
     *t++ = '\'';
     }
     *t++ = '\'';
     *t++ = '\'';
     }

-  else if (Ustrchr("\n\t\r\b\"\\%_", c) != NULL)
+  else if (Ustrchr("\n\t\r\b\"\\", c) != NULL)

     {
     *t++ = '\\';
     switch(c)
     {
     *t++ = '\\';
     switch(c)