Opened 2 years ago

Last modified 2 years ago

#5150 closed defect

postgis_extension_AddToSearchPath should take input as text instead of varchar — at Initial Version

Reported by: robe Owned by: robe
Priority: medium Milestone: PostGIS 2.5.7
Component: build Version: master
Keywords: Cc:

Description

This is a security change.

It is possible for a user to create a function postgis_extension_AddToSearchPath(text) in the same schema as the

postgis_extension_AddToSearchPath(varchar) we defined.

This could allow a rogue user to have their version of function run during extension create/updates instead of the one we ship.

Change History (0)

Note: See TracTickets for help on using tickets.