Re: getting "shell command argument contains a newline or carriage return:" error with pg_dumpall when db name have new line in double quote - Mailing list pgsql-hackers
From
Srinath Reddy
Subject
Re: getting "shell command argument contains a newline or carriage return:" error with pg_dumpall when db name have new line in double quote
+ /* Report error if dbname have newline or carriage return in name. */ + if (strpbrk(dbname, "\n\r")) + ereport(ERROR, + (errcode(ERRCODE_INVALID_PARAMETER_VALUE)), + errmsg("database name contains a newline or carriage return character"), + errhint("newline or carriage return character is not allowed in database name"));
I think it would be better to move this to a helper function instead of duplicating this code in several places.
agreed,we can do something like this
static void validate_name(const char *name, const char *object_type) { if (strpbrk(name, "\n\r")) ereport(ERROR, (errcode(ERRCODE_INVALID_PARAMETER_VALUE)), errmsg("%s name contains a newline or carriage return character", object_type), errhint("Newline or carriage return character is not allowed in %s name", object_type)); }
where object_type is database or role/user name ,is src/backend/commands/define.c best to define this function?
Taking a step back, are we sure that 1) this is the right place to do these checks and 2) we shouldn't apply the same restrictions to all names? I'm wondering if it would be better to add these checks to the grammar instead of trying to patch up all the various places they are used in the tree.
