use escaping routines

Author: jeff-davis

tokio-postgres/src/replication_client.rs

@@ -7,6 +7,7 @@ use bytes::Bytes;
 use fallible_iterator::FallibleIterator;
 use futures::{ready, Stream};
 use pin_project_lite::pin_project;
+use postgres_protocol::escape::{escape_identifier, escape_literal};
 use postgres_protocol::message::backend::{Message, ReplicationMessage};
 use std::io;
 use std::marker::PhantomPinned;
@@ -103,7 +104,7 @@ impl ReplicationClient {
     /// show the value of the given setting
     pub async fn show(&self, name: &str) -> Result<String, Error> {
         let iclient = self.0.inner();
-        let command = format!("SHOW \"{}\"", name);
+        let command = format!("SHOW {}", escape_identifier(name));
         let buf = simple_query::encode(iclient, &command)?;
         let mut responses = iclient.send(RequestMessages::Single(FrontendMessage::Raw(buf)))?;
 
@@ -151,7 +152,7 @@ impl ReplicationClient {
     ) -> Result<ReplicationStream, Error> {
         let iclient = self.0.inner();
         let slot = match slot_name {
-            Some(name) => format!(" SLOT \"{}\"", name),
+            Some(name) => format!(" SLOT {}", escape_identifier(name)),
             None => String::from(""),
         };
         let timeline = match timeline_id {
@@ -184,13 +185,13 @@ impl ReplicationClient {
         options: &[(&str, &str)],
     ) -> Result<ReplicationStream, Error> {
         let iclient = self.0.inner();
-        let slot = format!(" SLOT \"{}\"", slot_name);
+        let slot = format!(" SLOT {}", escape_identifier(slot_name));
         let options_string = if !options.is_empty() {
             format!(
                 " ({})",
                 options
                     .iter()
-                    .map(|pair| format!("\"{}\" '{}'", pair.0, pair.1))
+                    .map(|pair| format!("{} {}", escape_identifier(pair.0), escape_literal(pair.1)))
                     .collect::<Vec<String>>()
                     .as_slice()
                     .join(", ")