Fix pgsql VACUUM ANALYZE syntax error #504
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Unfortunately, using a bound parameter for a table name (as opposed to a value) is not supported by PostgreSQL, so "VACUUM ANALYZE :table" is a syntax error. We have to dynamically create this query. See this thread for details: http://www.postgresql.org/message-id/CAFj8pRD1Y4tpAzXeQR511+q8qJ9a5n4CpF=64HrudQtWRraZiw@mail.gmail.com Since the parameter in this query is a table name in the database, any attacker would have to have create table privileges, so I don't consider this a SQL injection risk.
SSilence
added a commit
that referenced
this pull request
Apr 10, 2014
Fix pgsql VACUUM ANALYZE syntax error
|
Hi @snowyote. Previously, it was not clear if selfoss was licensed under GPL 3 only, or also any later version. Could you clarify whether you are fine with licensing your contributions under Thanks again and sorry for the confusion. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Hi there - first off, thanks for SelfOSS! Still getting used to it but it's really nice to have a self-hosted RSS solution.
I noticed an error every five minutes or so in my postgres logs that I tracked down to daos/pgsql/Database.php. It's a syntax error in the VACUUM ANALYZE statement:
It turns out that pgsql doesn't let you use bound parameters to represent table names - the commit message explains it in greater detail.
An alternative implementation might be to just execute a list of VACUUM ANALYZE statements for the known set of tables (items, sources, version, tags); but I wasn't sure if you were dynamically getting the list of tables to help with maintenance. Another simpler alternative would be an unqualified VACUUM ANALYZE, which would just vacuum all the tables the db user has access to.
I'm not a Postgres expert so I opted for the solution that fixed the error while changing behavior as little as possible - if you'd like me to investigate any of the alternatives, let me know and I'll give it a shot.
Thanks!
-Ben