Merge pull request #6462 from JimMoen/fix-authz-pgsql

fix(authz): placeholder regular expression escape

apps/emqx_authz/src/emqx_authz_postgresql.erl

@@ -57,13 +57,15 @@ parse_query(undefined) ->
     undefined;
 parse_query(Sql) ->
     case re:run(Sql, ?RE_PLACEHOLDER, [global, {capture, all, list}]) of
-        {match, Variables} ->
+        {match, Capured} ->
-            Params = [Var || [Var] <- Variables],
+            PlaceHolders = [PlaceHolder || [PlaceHolder] <- Capured],
-            Vars = ["$" ++ integer_to_list(I) || I <- lists:seq(1, length(Params))],
+            Replacements = ["$" ++ integer_to_list(I) || I <- lists:seq(1, length(PlaceHolders))],
-            NSql = lists:foldl(fun({Param, Var}, S) ->
+            NSql = lists:foldl(
-                       re:replace(S, Param, Var, [{return, list}])
+                     fun({PlaceHolder, Replacement}, S) ->
-                   end, Sql, lists:zip(Params, Vars)),
+                             re:replace(
-            {NSql, Params};
+                               S, emqx_authz:ph_to_re(PlaceHolder), Replacement, [{return, list}])
+                     end, Sql, lists:zip(PlaceHolders, Replacements)),
+            {NSql, PlaceHolders};
         nomatch ->
             {Sql, []}
     end.