Opened 11 years ago

Last modified 11 years ago

#2383 closed defect

[raster]: Create extension with backslash_quote off — at Version 5

Reported by: sbranchaw Owned by: Bborie Park
Priority: blocker Milestone: PostGIS 2.0.4
Component: raster Version: 2.0.x
Keywords: history Cc:

Description (last modified by Bborie Park)

Problem: backslash_quote has to be on in order to create the PostGIS extension.

This is an inconvenience because I have a nightly backup job that restores a compressed dump file to a database where backslash_quote is turned off for security reasons.

To reproduce:

  1. createdb postgis_testdb
  1. psql postgis_testdb
  1. SET backslash_quote = off;
  1. CREATE EXTENSION postgis;

Receive the error:

postgis_testdb=# CREATE EXTENSION postgis;
ERROR:  unsafe use of \' in a string literal
LINE 29:                 RAISE WARNING E'Format \'%\' is not recogniz...
                                       ^
HINT:  Use '' to write quotes in strings. \' is insecure in client-only encodings.
QUERY:  
    DECLARE
        params text[];
        rastout raster;
    BEGIN
        IF rast IS NULL THEN
            RAISE WARNING 'Cannot set georeferencing on a null raster in st_setgeoreference.';
            RETURN rastout;
        END IF;

        SELECT regexp_matches(georef,
            E'(-?\\d+(?:\\.\\d+)?)\\s(-?\\d+(?:\\.\\d+)?)\\s(-?\\d+(?:\\.\\d+)?)\\s' ||
            E'(-?\\d+(?:\\.\\d+)?)\\s(-?\\d+(?:\\.\\d+)?)\\s(-?\\d+(?:\\.\\d+)?)') INTO params;

        IF NOT FOUND THEN
            RAISE EXCEPTION 'st_setgeoreference requires a string with 6 floating point values.';
        END IF;

        IF format = 'ESRI' THEN
            -- params array is now:
            -- {scalex, skewy, skewx, scaley, upperleftx, upperlefty}
            rastout := st_setscale(rast, params[1]::float8, params[4]::float8);
            rastout := st_setskew(rastout, params[3]::float8, params[2]::float8);
            rastout := st_setupperleft(rastout,
                                   params[5]::float8 - (params[1]::float8 * 0.5),
                                   params[6]::float8 - (params[4]::float8 * 0.5));
        ELSE
            IF format != 'GDAL' THEN
                RAISE WARNING E'Format \'%\' is not recognized, defaulting to GDAL format.', format;
            END IF;
            -- params array is now:
            -- {scalex, skewy, skewx, scaley, upperleftx, upperlefty}

            rastout := st_setscale(rast, params[1]::float8, params[4]::float8);
            rastout := st_setskew( rastout, params[3]::float8, params[2]::float8);
            rastout := st_setupperleft(rastout, params[5]::float8, params[6]::float8);
        END IF;
        RETURN rastout;
    END;

Change History (5)

comment:1 by robe, 11 years ago

Component: postgisraster
Owner: changed from pramsey to Bborie Park

This looks like raster code. I'm surprised though since I thought the default from 9.1+ was to have backslah_off and I thought I was running with mostly default config on all my databases. Will have to test this out.

comment:2 by robe, 11 years ago

Summary: Create extension with backslash_quote off[raster]: Create extension with backslash_quote off

Okay confirmed if I turne backslah_off on my database and try to install postgis I get the same error. So I guess its not turned off by default as I had thought.

Same issue exists in 2.1.0 and guessing 2.2.0 code as well.

comment:3 by robe, 11 years ago

Priority: mediumblocker

comment:4 by Bborie Park, 11 years ago

Status: newassigned

comment:5 by Bborie Park, 11 years ago

Description: modified (diff)
Note: See TracTickets for help on using tickets.