mirror of
https://github.com/ClickHouse/ClickHouse.git
synced 2024-11-22 23:52:03 +00:00
Fix potential (safe) SQL-injection
This commit is contained in:
parent
31593e2000
commit
45380d45c8
@ -99,6 +99,13 @@ std::unordered_set<std::string> DatabasePostgreSQL::fetchTablesList() const
|
||||
|
||||
bool DatabasePostgreSQL::checkPostgresTable(const String & table_name) const
|
||||
{
|
||||
if (table_name.find('\'') != std::string::npos
|
||||
|| table_name.find('\\') != std::string::npos)
|
||||
{
|
||||
throw Exception(ErrorCodes::BAD_ARGUMENTS,
|
||||
"PostgreSQL table name cannot contain single quote or backslash characters, passed {}", table_name);
|
||||
}
|
||||
|
||||
pqxx::nontransaction tx(*connection->conn());
|
||||
|
||||
try
|
||||
|
Loading…
Reference in New Issue
Block a user