This project is archived and is in readonly mode.
PostgreSQL: name in CREATE DATABASE is not properly escaped
Reported by Roel van der Hoorn | June 20th, 2008 @ 09:06 AM | in 2.1.1
The name of the new database is not properly escaped on line 509 of the postgresql_adapter.rb. This gives problems when for example your database name contains dots. Changing the line to the following fixes the problem (single quotes do not fix the problem):
execute "CREATE DATABASE \"#{name}\"#{option_string}"
Comments and changes to this ticket
-
Jeremy Kemper June 20th, 2008 @ 09:43 AM
- Milestone set to “2.1.1”
- State changed from “new” to “incomplete”
Please extract to quote_database_name and add a test case.
-
Roel van der Hoorn June 20th, 2008 @ 10:13 AM
I'm unable to find existing tests relating to this functionality, but the following should test it I guess.
def test_should_create_database_with_dot assert_nothing_raised do create_database("r.vanderhoorn") end end -
Irene August 20th, 2008 @ 06:14 PM
- Tag set to “2.1, postgresql, quoting”
Same with the drop database:
def drop_database(name) #:nodoc: execute "DROP DATABASE IF EXISTS #{name}" endShould be:
def drop_database(name) #:nodoc: execute "DROP DATABASE IF EXISTS \"#{name}\"" end -
-
Jeremy Kemper September 11th, 2008 @ 04:52 PM
- State changed from “incomplete” to “duplicate”
Create your profile
Help contribute to this project by taking a few moments to create your personal profile. Create your profile »
<h2 style="font-size: 14px">Tickets have moved to Github</h2>
The new ticket tracker is available at <a href="https://github.com/rails/rails/issues">https://github.com/rails/rails/issues</a>
Irene
Jeremy Kemper
Olafski