On Tue, Jul 13, 2010 at 4:48 PM, Thom Brown <thombrown@gmail.com> wrote:
> On 13 July 2010 16:44, Thom Brown <thombrown@gmail.com> wrote:
>> On 13 July 2010 16:31, Dave Page <dpage@pgadmin.org> wrote:
>>> We had a report of the above error from a pgAdmin user testing
>>> 1.12.0b3 with PG 9.0b3. The (highly simplified) query below works fine
>>> as a superuser:
>>>
>>> SELECT pg_get_expr(proargdefaults, 'pg_catalog.pg_class'::regclass)
>>> FROM pg_proc pr
>>> LEFT OUTER JOIN pg_description des ON des.objoid=pr.oid
>>>
>>> Run as a regular user though, we get the error. If I remove the join,
>>> it works fine as the normal user. This is in a database owned by the
>>> regular user.
>>>
>>> Am I missing something obvious, or is there a bug here? pg_get_expr is
>>> used pretty extensively in pgAdmin, so we're obviously keen to ensure
>>> it works :-)
>>>
>>
>> I tested this on both beta2 and beta3 and can confirm that it works on
>> beta2 but produces the following error in beta3:
>>
>> ********** Error **********
>>
>> ERROR: argument to pg_get_expr() must come from system catalogs
>> SQL state: 42501
>>
>> Thom
>>
>
> And here's why:
> http://archives.postgresql.org/pgsql-committers/2010-06/msg00259.php
>
> "stringToNode() and deparse_expression_pretty() crash on invalid input,
> but we have nevertheless exposed them to users via pg_get_expr(). It would
> be too much maintenance effort to rigorously check the input, so put a hack
> in place instead to restrict pg_get_expr() so that the argument must come
> from one of the system catalog columns known to contain valid expressions."
Yeah, I recall that - but... the argument *is* coming from the system
catalogs, and why is the error only thrown for a non-superuser, when
the query includes the join?
--
Dave Page
EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise Postgres Company