77 *
88 *
99 * IDENTIFICATION
10- * $PostgreSQL: pgsql/src/backend/tsearch/ts_utils.c,v 1.3 2007/08/25 00:03:59 tgl Exp $
10+ * $PostgreSQL: pgsql/src/backend/tsearch/ts_utils.c,v 1.4 2007/09/04 02:16:56 tgl Exp $
1111 *
1212 *-------------------------------------------------------------------------
1313 */
@@ -38,22 +38,22 @@ get_tsearch_config_filename(const char *basename,
3838{
3939 char sharepath [MAXPGPATH ];
4040 char * result ;
41- const char * p ;
4241
4342 /*
44- * We enforce that the basename is all alpha characters . This may be
45- * overly restrictive, but we don't want to allow access to anything
43+ * We limit the basename to contain a-z, 0-9, and underscores . This may
44+ * be overly restrictive, but we don't want to allow access to anything
4645 * outside the tsearch_data directory, so for instance '/' *must* be
47- * rejected. This is the same test used for timezonesets names.
46+ * rejected, and on some platforms '\' and ':' are risky as well.
47+ * Allowing uppercase might result in incompatible behavior between
48+ * case-sensitive and case-insensitive filesystems, and non-ASCII
49+ * characters create other interesting risks, so on the whole a tight
50+ * policy seems best.
4851 */
49- for (p = basename ; * p ; p ++ )
50- {
51- if (!isalpha ((unsigned char ) * p ))
52- ereport (ERROR ,
53- (errcode (ERRCODE_INVALID_PARAMETER_VALUE ),
54- errmsg ("invalid text search configuration file name \"%s\"" ,
55- basename )));
56- }
52+ if (strspn (basename , "abcdefghijklmnopqrstuvwxyz0123456789_" ) != strlen (basename ))
53+ ereport (ERROR ,
54+ (errcode (ERRCODE_INVALID_PARAMETER_VALUE ),
55+ errmsg ("invalid text search configuration file name \"%s\"" ,
56+ basename )));
5757
5858 get_share_path (my_exec_path , sharepath );
5959 result = palloc (MAXPGPATH );
0 commit comments