Commit f2b4651f authored by Mark Cave-Ayland's avatar Mark Cave-Ayland

Fix #572: Password whitespace for Shape File to PostGIS Importer not...

Fix #572: Password whitespace for Shape File to PostGIS Importer not supported. Fixed by adding a new function especially designed for escaping arguments for PQconnectdb strings, and plugging it into the GUI.

Note this commit is different from the 1.5 branch version, since the escaping function is moved into a new common library as I can see it being required for the new pgsql2shp CLI in the not too distant future.


git-svn-id: http://svn.osgeo.org/postgis/[email protected] b70326c6-7e19-0410-871a-916f4a2858ee
parent 8d55875a
......@@ -81,10 +81,10 @@ pgsql2shp-core.o: pgsql2shp-core.c
pgsql2shp-cli.o: pgsql2shp-cli.c
$(CC) $(CFLAGS) $(ICONV_CFLAGS) $(PGSQL_FE_CPPFLAGS) -c $<
$(PGSQL2SHP-CLI): shpopen.o dbfopen.o getopt.o pgsql2shp-core.o pgsql2shp-cli.o safileio.o $(LIBLWGEOM)
$(PGSQL2SHP-CLI): shpopen.o dbfopen.o getopt.o pgsql2shp-core.o shpcommon.o pgsql2shp-cli.o safileio.o $(LIBLWGEOM)
$(CC) $(CFLAGS) $^ $(PGSQL_FE_CPPFLAGS) $(ICONV_LDFLAGS) $(PGSQL_FE_LDFLAGS) -lm -o [email protected]
$(SHP2PGSQL-CLI): shpopen.o dbfopen.o getopt.o shp2pgsql-core.o shp2pgsql-cli.o safileio.o $(LIBLWGEOM)
$(SHP2PGSQL-CLI): shpopen.o dbfopen.o getopt.o shp2pgsql-core.o shpcommon.o shp2pgsql-cli.o safileio.o $(LIBLWGEOM)
$(CC) $(CFLAGS) $^ -o [email protected] $(ICONV_LDFLAGS) -lm
structure.o: structure.c
......@@ -93,7 +93,7 @@ structure.o: structure.c
shp2pgsql-gui.o: shp2pgsql-gui.c
$(CC) $(CFLAGS) $(PGSQL_FE_CPPFLAGS) $(GTK_CFLAGS) -o [email protected] -c shp2pgsql-gui.c
$(SHP2PGSQL-GUI): shpopen.o dbfopen.o shp2pgsql-core.o shp2pgsql-gui.o getopt.o structure.o safileio.o $(LIBLWGEOM) $(GTK_WIN32_RES)
$(SHP2PGSQL-GUI): shpopen.o dbfopen.o shp2pgsql-core.o shpcommon.o shp2pgsql-gui.o getopt.o structure.o safileio.o $(LIBLWGEOM) $(GTK_WIN32_RES)
$(CC) $(CFLAGS) $(GTK_WIN32_FLAGS) $^ -o [email protected] $(GTK_LIBS) $(ICONV_LDFLAGS) $(PGSQL_FE_LDFLAGS) -lm
installdir:
......
......@@ -1470,6 +1470,7 @@ pgui_read_connection(void)
const char *pg_pass = gtk_entry_get_text(GTK_ENTRY(entry_pg_pass));
const char *pg_db = gtk_entry_get_text(GTK_ENTRY(entry_pg_db));
char *connection_string = NULL;
char *escape_pg_pass = NULL;
if ( ! pg_host || strlen(pg_host) == 0 )
{
......@@ -1496,10 +1497,19 @@ pgui_read_connection(void)
pgui_seterr("Server port must be a number.");
return NULL;
}
if ( ! lw_asprintf(&connection_string, "user=%s password=%s port=%s host=%s dbname=%s", pg_user, pg_pass, pg_port, pg_host, pg_db) )
/* Escape the password in case it contains any special characters */
escape_pg_pass = escape_connection_string((char *)pg_pass);
if ( ! lw_asprintf(&connection_string, "user=%s password='%s' port=%s host=%s dbname=%s", pg_user, escape_pg_pass, pg_port, pg_host, pg_db) )
{
return NULL;
}
/* Free the escaped version */
if (escape_pg_pass != pg_pass)
free(escape_pg_pass);
if ( connection_string )
{
return connection_string;
......@@ -1522,11 +1532,14 @@ pgui_sanitize_connection_string(char *connection_string)
char *ptr = strstr(connection_string, "password");
if ( ptr )
{
ptr += 9;
while ( *ptr != ' ' && *ptr != '\0' )
ptr += 10;
while ( *ptr != '\'' && *ptr != '\0' )
{
*ptr = '*';
ptr++;
/* If we find a \, hide both it and the next character */
if ( *ptr == '\\' )
*ptr++ = '*';
*ptr++ = '*';
}
}
return;
......
/**********************************************************************
* $Id: shpcommon.c 5646 2010-05-27 13:19:12Z pramsey $
*
* PostGIS - Spatial Types for PostgreSQL
* http://postgis.refractions.net
* Copyright 2010 Mark Cave-Ayland <[email protected]>
*
* This is free software; you can redistribute and/or modify it under
* the terms of the GNU General Public Licence. See the COPYING file.
*
**********************************************************************/
/* This file contains functions that are shared between the loader and dumper */
#include <stdlib.h>
#include "shpcommon.h"
/**
* Escape strings that are to be used as part of a PostgreSQL connection string. If no
* characters require escaping, simply return the input pointer. Otherwise return a
* new allocated string.
*/
char *
escape_connection_string(char *str)
{
/*
* Escape apostrophes and backslashes:
* ' -> \'
* \ -> \\
*
* 1. find # of characters
* 2. make new string
*/
char *result;
char *ptr, *optr;
int toescape = 0;
size_t size;
ptr = str;
/* Count how many characters we need to escape so we know the size of the string we need to return */
while (*ptr)
{
if (*ptr == '\'' || *ptr == '\\')
toescape++;
ptr++;
}
/* If we don't have to escape anything, simply return the input pointer */
if (toescape == 0)
return str;
size = ptr - str + toescape + 1;
result = calloc(1, size);
optr = result;
ptr = str;
while (*ptr)
{
if (*ptr == '\'' || *ptr == '\\')
*optr++ = '\\';
*optr++ = *ptr++;
}
*optr = '\0';
return result;
}
......@@ -28,3 +28,6 @@ typedef struct shp_connection_state
char *host;
} SHPCONNECTIONCONFIG;
/* External shared functions */
char *escape_connection_string(char *str);
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment