From: Heikki Linnakangas on
On 13/07/10 21:36, Tom Lane wrote:
> Dave Page<dpage(a)pgadmin.org> writes:
>> We had a report of the above error from a pgAdmin user testing
>> 1.12.0b3 with PG 9.0b3. The (highly simplified) query below works fine
>> as a superuser:
>
>> SELECT pg_get_expr(proargdefaults, 'pg_catalog.pg_class'::regclass)
>> FROM pg_proc pr
>> LEFT OUTER JOIN pg_description des ON des.objoid=pr.oid
>
>> Run as a regular user though, we get the error. If I remove the join,
>> it works fine as the normal user. This is in a database owned by the
>> regular user.
>
>> Am I missing something obvious, or is there a bug here?
>
> Yeah, it's a bug. The code Heikki added in parse_expr.c isn't allowing
> for the possibility of join alias Vars.

Hmm, shouldn't be too hard to fix..

> (There's another problem with
> it too, which is you can trivially circumvent the check, just by
> creating an operator based on pg_get_expr ...)

Yeah, good catch. That should be fixable too..

> I wasn't terribly happy with that approach to begin with. I think we
> need to rethink.

Do you want to go ahead with your plan of changing what's passed in
FuncInfo? I won't object if you want to do it, but I wouldn't feel
comfortable with backporting such big changes myself.

If we continue with the approach I took, we should implement the
suggestion to create a new data type for this in 9.1. That would be more
waterproof than the changes I made, if we introduce new ways to call
functions in the future.

--
Heikki Linnakangas
EnterpriseDB http://www.enterprisedb.com

--
Sent via pgsql-hackers mailing list (pgsql-hackers(a)postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers