Comment 6 for bug 1098377

I'm mostly on the same page as Dan. As a possible step short of copying in part of fs-exec.c, I've posted a fix to the lp1098377_savepoint_name_sql_injection branch in the security repo that adds a routine to sanitize supplied savepoint names. This is perhaps justifiable only for the sake of getting an immediate fix out; fortunately, since savepoint names are both arbitrary and transitory, restricting callers to names that match /^[a-zA-Z0-9_]*$/ isn't an undue burden.