[PostGIS] #5697: fix or document id escaping for ST_EstimatedExtent params

[PostGIS]

#5697: fix or document id escaping for ST_EstimatedExtent params
---------------------+---------------------------
 Reporter:  nyurik   |      Owner:  pramsey
     Type:  defect   |     Status:  new
 Priority:  medium   |  Milestone:  PostGIS 3.4.3
Component:  postgis  |    Version:  3.4.x
 Keywords:           |
---------------------+---------------------------
 Function ST_EstimatedExtent -
 https://postgis.net/docs/ST_EstimatedExtent.html has an usual param
 pattern - it requires schema, table, and geometry columns to be strings in
 some uncertain escaping - later it gets used directly without quotes in an
 internal schema/table identity lookup. (uncertain)

 As the result, it is not clear what escaping is needed in "complex" cases.
 Moreover, I suspect there might be a security bug here too, but not
 certain.

 I could not get this function to run for this (convoluted) case.


 {{{
 CREATE SCHEMA """Quotes' and Space.Dot.";

 CREATE TABLE """Quotes' and Space.Dot.".". Points"" 'quote"
 (
     "' id '"      SERIAL PRIMARY KEY,
     ".namE "      TEXT,
     ". '""Geom""" GEOMETRY(POINT, 4326)
 );

 INSERT INTO """Quotes' and Space.Dot.".". Points"" 'quote"
 values (1, '02daedc70702ec68753fde38351f5d9d',
 '0101000020E610000050C4D38CE9DA61401EFC0EC7C3DA2740'),
        (2, '7418427ba8a960c3661235f47cc13d46',
 '0101000020E6100000CC2F4170E9DA6140DEDB02B581DA2740');

 CREATE INDEX ON """Quotes' and Space.Dot.".". Points"" 'quote" USING GIST
 (". '""Geom""");

 SELECT ST_EstimatedExtent(?, ?, ?) as bounds;

 }}}
-- 
Ticket URL: <https://trac.osgeo.org/postgis/ticket/5697>
PostGIS <http://trac.osgeo.org/postgis/>
The PostGIS Trac is used for bug, enhancement & task tracking, a user and developer wiki, and a view into the subversion code repository of PostGIS project.