Fix busted tab completion of extension versions.

In 02b8048ba I (tgl) got rid of the need for most tab-completion queries
to return pre-quoted identifiers.  But I over-hastily removed the
quote_ident call from Query_for_list_of_available_extension_versions*
too; those still need it, because what is returned isn't an identifier
at all and will (almost?) always need quoting.

Arguably we should use quote_literal here instead.  But quote_ident
works too and people may be used to that behavior, so stick with it.

In passing, fix inconsistent omission of schema-qualification in
Query_for_list_of_encodings.  That's not a security issue per our
current guidelines, but it ought to be like the rest.

Jeff Janes

Discussion: https://postgr.es/m/CAMkU=1yV+egSYrzWvbDY8VZ6bKEMrKbzxr-HTuiHi+wDgSUMgA@mail.gmail.com

diff --git a/src/bin/psql/tab-complete.c b/src/bin/psql/tab-complete.c
index e1cc753489921bdd6549ebfdeb8ab7ba336e205b..7f0ab5acb96cbd4aa1580965401c0f54d6585f75 100644 (file)
--- a/src/bin/psql/tab-complete.c
+++ b/src/bin/psql/tab-complete.c
@@ -238,6 +238,11 @@ static bool completion_force_quote; /* true to force-quote filenames */
  *   QUERY_PLUS forms combine such literal lists with a query result.
  * 4) The list of attributes of the given table (possibly schema-qualified).
  * 5) The list of arguments to the given function (possibly schema-qualified).
+ *
+ * The query is generally expected to return raw SQL identifiers; quoting
+ * is handled by the matching machinery.  If what is returned is not SQL
+ * identifiers, use one of the VERBATIM forms (and then, if quoting is
+ * needed, do it inside the query).
  */
 #define COMPLETE_WITH_QUERY(query) \
    COMPLETE_WITH_QUERY_LIST(query, NULL)
@@ -992,7 +997,7 @@ static const SchemaQuery Query_for_trigger_of_table = {
 #define Query_for_list_of_encodings \
 " SELECT DISTINCT pg_catalog.pg_encoding_to_char(conforencoding) "\
 "   FROM pg_catalog.pg_conversion "\
-"  WHERE pg_catalog.pg_encoding_to_char(conforencoding) LIKE UPPER('%s')"
+"  WHERE pg_catalog.pg_encoding_to_char(conforencoding) LIKE pg_catalog.upper('%s')"
 
 #define Query_for_list_of_languages \
 "SELECT lanname "\
@@ -1076,18 +1081,18 @@ static const SchemaQuery Query_for_trigger_of_table = {
 "   FROM pg_catalog.pg_available_extensions "\
 "  WHERE name LIKE '%s' AND installed_version IS NULL"
 
-/* the result of this query is not an identifier, so use VERBATIM */
+/* the result of this query is not a raw identifier, so use VERBATIM */
 #define Query_for_list_of_available_extension_versions \
-" SELECT version "\
+" SELECT pg_catalog.quote_ident(version) "\
 "   FROM pg_catalog.pg_available_extension_versions "\
-"  WHERE version LIKE '%s'"\
+"  WHERE pg_catalog.quote_ident(version) LIKE '%s'"\
 "    AND name='%s'"
 
-/* the result of this query is not an identifier, so use VERBATIM */
+/* the result of this query is not a raw identifier, so use VERBATIM */
 #define Query_for_list_of_available_extension_versions_with_TO \
-" SELECT 'TO ' || version "\
+" SELECT 'TO ' || pg_catalog.quote_ident(version) "\
 "   FROM pg_catalog.pg_available_extension_versions "\
-"  WHERE ('TO ' || version) LIKE '%s'"\
+"  WHERE ('TO ' || pg_catalog.quote_ident(version)) LIKE '%s'"\
 "    AND name='%s'"
 
 #define Query_for_list_of_prepared_statements \