Participants
Arjen Nienhuis
Arjen Nienhuis
Bruce Momjian
Bruce Momjian
Attachments
Show all attachments
Thread Outline
#1Arjen NienhuisArjen Nienhuis
Apr 21, 2009
#2Bruce MomjianBruce Momjianto Arjen Nienhuis (#1)
Feb 25, 2010

BUG #4769: xmlconcat produces invalid xml values -> data corruption

Started by Arjen Nienhuisabout 17 years ago2 messagesbugs
Jump to latest
#1Arjen Nienhuis
Arjen Nienhuis
a.g.nienhuis@gmail.com

The following bug has been logged online:

Bug reference: 4769
Logged by: Arjen Nienhuis
Email address: a.g.nienhuis@gmail.com
PostgreSQL version: 8.3.7
Operating system: Ubuntu 8.10 and 9.04
Description: xmlconcat produces invalid xml values -> data corruption
Details:

'<!DOCTYPE html><html/>' is a valid xml document but not a valid xml
fragment. xmlconcat does not check for this:

SELECT xmlconcat('foo', xmlparse(DOCUMENT '<!DOCTYPE html><html/>'));
xmlconcat
---------------------------
foo<!DOCTYPE html><html/>

The result is an invalid xml value that can end up in a table.

==============================================

=> SELECT version();
version

----------------------------------------------------------------------------
-------------------------
PostgreSQL 8.3.7 on x86_64-pc-linux-gnu, compiled by GCC gcc-4.3.real
(Ubuntu 4.3.3-5ubuntu4) 4.3.3
(1 row)

libxml2 version is 2.6.32.dfsg-5ubuntu4

=============================================

I tried to test this with 8.4 but the ubuntu ppa has depency problems.

#2Bruce Momjian
Bruce Momjian
bruce@momjian.us
In reply to: Arjen Nienhuis (#1)
Re: BUG #4769: xmlconcat produces invalid xml values -> data corruption

Where are we on this? The 9.0 behavior is the same.

---------------------------------------------------------------------------

Arjen Nienhuis wrote:

The following bug has been logged online:

Bug reference: 4769
Logged by: Arjen Nienhuis
Email address: a.g.nienhuis@gmail.com
PostgreSQL version: 8.3.7
Operating system: Ubuntu 8.10 and 9.04
Description: xmlconcat produces invalid xml values -> data corruption
Details:

'<!DOCTYPE html><html/>' is a valid xml document but not a valid xml
fragment. xmlconcat does not check for this:

SELECT xmlconcat('foo', xmlparse(DOCUMENT '<!DOCTYPE html><html/>'));
xmlconcat
---------------------------
foo<!DOCTYPE html><html/>

The result is an invalid xml value that can end up in a table.

==============================================

=> SELECT version();
version

----------------------------------------------------------------------------
-------------------------
PostgreSQL 8.3.7 on x86_64-pc-linux-gnu, compiled by GCC gcc-4.3.real
(Ubuntu 4.3.3-5ubuntu4) 4.3.3
(1 row)

libxml2 version is 2.6.32.dfsg-5ubuntu4

=============================================

I tried to test this with 8.4 but the ubuntu ppa has depency problems.

--
Sent via pgsql-bugs mailing list (pgsql-bugs@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-bugs

-- 
  Bruce Momjian  <bruce@momjian.us>        http://momjian.us
  EnterpriseDB                             http://enterprisedb.com
  PG East:  http://www.enterprisedb.com/community/nav-pg-east-2010.do
  + If your life is a hard drive, Christ can be your backup. +
← Back to Topics