Fossil

Diff
Login
Home Timeline Docs Forum Download
Annotate Patch Unified Diff

Differences From Artifact [854283abf6]:

To Artifact [6adedae127]:

181
182
183
184
185
186
187
188
189
190

191


192
193
194
195
196


197
198
199


200
201
202
203
204
205
206
207


208





209
210
211
212
213
214
215
216
217
218
219
220
221

    case SQLITE_SELECT:
    case SQLITE_RECURSIVE:
    case SQLITE_FUNCTION: {
      break;
    }
    case SQLITE_READ: {
      static const char *const azAllowed[] = {
         "ticket",
         "ticketchng",
         "blob",

         "filename",


         "mlink",
         "plink",
         "event",
         "tag",
         "tagxref",


         "unversioned",
         "backlink",
      };


      int i;
      if( zArg1==0 ){
        /* Some legacy versions of SQLite will sometimes send spurious
        ** READ authorizations that have no table name.  These can be
        ** ignored. */
        rc = SQLITE_IGNORE;
        break;
      }


      if( fossil_strncmp(zArg1, "fx_", 3)==0 ){





        break;
      }
      for(i=0; i<count(azAllowed); i++){
        if( fossil_stricmp(zArg1, azAllowed[i])==0 ) break;
      }
      if( i>=count(azAllowed) ){
        *(char**)pError = mprintf("access to table \"%s\" is restricted",zArg1);
        rc = SQLITE_DENY;
      }else if( !g.perm.RdAddr && strncmp(zArg2, "private_", 8)==0 ){
        rc = SQLITE_IGNORE;
      }
      break;
    }








|
<

>

>
>


<


>
>

<

>
>
|







>
>
|
>
>
>
>
>
|
|
<
<

|








181
182
183
184
185
186
187
188

189
190
191
192
193
194
195

196
197
198
199
200

201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221


222
223
224
225
226
227
228
229
230

    case SQLITE_SELECT:
    case SQLITE_RECURSIVE:
    case SQLITE_FUNCTION: {
      break;
    }
    case SQLITE_READ: {
      static const char *const azAllowed[] = {
         "backlink",

         "blob",
         "event",
         "filename",
         "json_each",
         "json_tree",
         "mlink",
         "plink",

         "tag",
         "tagxref",
         "ticket",
         "ticketchng",
         "unversioned",

      };
      int lwr = 0;
      int upr = count(azAllowed) - 1;
      int rc = 0;
      if( zArg1==0 ){
        /* Some legacy versions of SQLite will sometimes send spurious
        ** READ authorizations that have no table name.  These can be
        ** ignored. */
        rc = SQLITE_IGNORE;
        break;
      }
      while( lwr<upr ){
        int i = (lwr+upr)/2;
        int rc = fossil_stricmp(zArg1, azAllowed[i]);
        if( rc<0 ){
          upr = i - 1;
        }else if( rc>0 ){
          lwr = i + 1;
        }else{
          break;
        }


      }
      if( rc ){
        *(char**)pError = mprintf("access to table \"%s\" is restricted",zArg1);
        rc = SQLITE_DENY;
      }else if( !g.perm.RdAddr && strncmp(zArg2, "private_", 8)==0 ){
        rc = SQLITE_IGNORE;
      }
      break;
    }
This page was generated in about 0.015s by Fossil 2.26 [1205ec86cb] 2025-04-30 16:57:32