174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
|
"plink",
"event",
"tag",
"tagxref",
};
int i;
for(i=0; i<sizeof(azAllowed)/sizeof(azAllowed[0]); i++){
if( strcasecmp(zArg1, azAllowed[i])==0 ) break;
}
if( i>=sizeof(azAllowed)/sizeof(azAllowed[0]) ){
*(char**)pError = mprintf("access to table \"%s\" is restricted",zArg1);
rc = SQLITE_DENY;
}else if( !g.okRdAddr && strncmp(zArg2, "private_", 8)==0 ){
rc = SQLITE_IGNORE;
}
|
|
|
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
|
"plink",
"event",
"tag",
"tagxref",
};
int i;
for(i=0; i<sizeof(azAllowed)/sizeof(azAllowed[0]); i++){
if( fossil_stricmp(zArg1, azAllowed[i])==0 ) break;
}
if( i>=sizeof(azAllowed)/sizeof(azAllowed[0]) ){
*(char**)pError = mprintf("access to table \"%s\" is restricted",zArg1);
rc = SQLITE_DENY;
}else if( !g.okRdAddr && strncmp(zArg2, "private_", 8)==0 ){
rc = SQLITE_IGNORE;
}
|
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
|
sqlite3_stmt *pStmt;
int rc;
/* First make sure the SQL is a single query command by verifying that
** the first token is "SELECT" and that there are no unquoted semicolons.
*/
for(i=0; fossil_isspace(zSql[i]); i++){}
if( strncasecmp(&zSql[i],"select",6)!=0 ){
return mprintf("The SQL must be a SELECT statement");
}
for(i=0; zSql[i]; i++){
if( zSql[i]==';' ){
int bad;
int c = zSql[i+1];
zSql[i+1] = 0;
|
|
|
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
|
sqlite3_stmt *pStmt;
int rc;
/* First make sure the SQL is a single query command by verifying that
** the first token is "SELECT" and that there are no unquoted semicolons.
*/
for(i=0; fossil_isspace(zSql[i]); i++){}
if( fossil_strnicmp(&zSql[i],"select",6)!=0 ){
return mprintf("The SQL must be a SELECT statement");
}
for(i=0; zSql[i]; i++){
if( zSql[i]==';' ){
int bad;
int c = zSql[i+1];
zSql[i+1] = 0;
|