From f5b30f22098153165012e60828a9365a6106ec80 Mon Sep 17 00:00:00 2001 From: Laurence Isla Date: Mon, 2 Oct 2023 19:10:10 -0500 Subject: [PATCH 1/2] fix: regression that rejects URI connection strings with certain unescaped characters in the password --- src/PostgREST/Config.hs | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/src/PostgREST/Config.hs b/src/PostgREST/Config.hs index 47f4e99abe..73f2848145 100644 --- a/src/PostgREST/Config.hs +++ b/src/PostgREST/Config.hs @@ -485,26 +485,26 @@ readPGRSTEnvironment = -- >>> addFallbackAppName ver "postgres:///postgres?host=server&port=5432" -- "postgres:///postgres?host=server&port=5432&fallback_application_name=PostgREST%2011.1.0%20%285a04ec7%29" -- --- >>> addFallbackAppName ver "host=localhost port=5432 dbname=postgres" --- "host=localhost port=5432 dbname=postgres fallback_application_name='PostgREST 11.1.0 (5a04ec7)'" --- -- >>> addFallbackAppName ver "postgresql://" -- "postgresql://?fallback_application_name=PostgREST%2011.1.0%20%285a04ec7%29" -- --- >>> addFallbackAppName strangeVer "host=localhost port=5432 dbname=postgres" --- "host=localhost port=5432 dbname=postgres fallback_application_name='PostgREST 11\\'1&0@#$%,.:\"[]{}?+^()=asdfqwer'" --- -- >>> addFallbackAppName strangeVer "postgres:///postgres?host=server&port=5432" -- "postgres:///postgres?host=server&port=5432&fallback_application_name=PostgREST%2011%271%260%40%23%24%25%2C.%3A%22%5B%5D%7B%7D%3F%2B%5E%28%29%3Dasdfqwer" +-- +-- >>> addFallbackAppName ver "postgres://user:invalid_chars[]#@host:5432/postgres" +-- "postgres://user:invalid_chars[]#@host:5432/postgres" +-- +-- >>> addFallbackAppName ver "invalid_uri1=val1 invalid_uri2=val2" +-- "invalid_uri1=val1 invalid_uri2=val2" addFallbackAppName :: ByteString -> Text -> Text addFallbackAppName version dbUri = dbUri <> case uriQuery <$> parseURI (toS dbUri) of - Nothing -> " " <> keyValFmt -- Assume key/value connection string if the uri is not valid + -- Does not add the application name to key=val connection strings or invalid URIs + Nothing -> mempty Just "" -> "?" <> uriFmt Just "?" -> uriFmt _ -> "&" <> uriFmt where uriFmt = pKeyWord <> toS (escapeURIString isUnescapedInURIComponent $ toS pgrstVer) - keyValFmt = pKeyWord <> "'" <> T.replace "'" "\\'" pgrstVer <> "'" pKeyWord = "fallback_application_name=" pgrstVer = "PostgREST " <> T.decodeUtf8 version From 94e5dac06abf2d5dfe0522f320ddb200923c2f3f Mon Sep 17 00:00:00 2001 From: Laurence Isla Date: Tue, 3 Oct 2023 10:30:42 -0500 Subject: [PATCH 2/2] Add changelog --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 60b9e7aaea..af48a43330 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -26,6 +26,7 @@ This project adheres to [Semantic Versioning](http://semver.org/). - #2959, Fix setting `default_transaction_isolation` unnecessarily - @steve-chavez - #2929, Fix arrow filtering on RPC returning dynamic TABLE with composite type - @steve-chavez - #2963, Fix RPCs not embedding correctly when using overloaded functions for computed relationships - @laurenceisla + - #2970, Fix regression that rejects URI connection strings with certain unescaped characters in the password - @laurenceisla, @steve-chavez ## [11.2.0] - 2023-08-10