> On 14 Feb 2020, at 05:10, Michael Paquier <michael@paquier.xyz> wrote:
> createdb has a couple of issues with its quoting. For example take
> that, which can be confusing:
> $ createdb --lc-ctype="en_US.UTF-8';create table aa();select '1" popo
> createdb: error: database creation failed: ERROR: CREATE DATABASE
> cannot run inside a transaction block
Nice catch!
> The root of the issue is that any values added by the command caller
> with --lc-collate, --lc-ctype or --encoding are not quoted properly,
> and in all three cases it means that the quoting needs to be
> encoding-sensitive (Tom mentioned me directly that part). This proper
> quoting can be achieved using appendStringLiteralConn() from
> string_utils.c, at the condition of taking the connection to the
> server before building the CREATE DATABASE query.
Makes sense, it aligns it with other utils and passes all the tests. +1 on the
fix.
> Any opinions?
I would've liked a negative test basically along the lines of your example
above. If we left a hole the size of this, it would be nice to catch it from
accidentally happening again.
diff --git a/src/bin/scripts/t/020_createdb.pl b/src/bin/scripts/t/020_createdb.pl
index c0f6067a92..afd128deba 100644
--- a/src/bin/scripts/t/020_createdb.pl
+++ b/src/bin/scripts/t/020_createdb.pl
@@ -3,7 +3,7 @@ use warnings;
use PostgresNode;
use TestLib;
-use Test::More tests => 13;
+use Test::More tests => 14;
program_help_ok('createdb');
program_version_ok('createdb');
@@ -24,3 +24,6 @@ $node->issues_sql_like(
$node->command_fails([ 'createdb', 'foobar1' ],
'fails if database already exists');
+
+$node->command_fails(['createdb', '-l', 'C\';SELECT 1;' ],
+ 'fails on incorrect locale');
cheers ./daniel
