Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | Restrict the TH1 "query" command to be read-only and to only be able to see a specific subset of tables in the repository database file. |
|---|---|
| Downloads: | Tarball | ZIP archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA1: |
2056f624c0f88985929afcc8683f3437 |
| User & Date: | drh 2012-12-09 19:22:17.353 |
Context
|
2012-12-10
| ||
| 19:35 | A little bit smarter determination of the need for -DBROKEN_MINGW_CMDLINE ... (check-in: 0e5c128047 user: jan.nijtmans tags: trunk) | |
|
2012-12-09
| ||
| 19:22 | Restrict the TH1 "query" command to be read-only and to only be able to see a specific subset of tables in the repository database file. ... (check-in: 2056f624c0 user: drh tags: trunk) | |
|
2012-12-08
| ||
| 23:14 | Pull from upstream the SQLite version after the collating-sequence refactor. Fossil does not need this - the purpose is for testing the new SQLite in a real-world application. ... (check-in: 8e31adafad user: drh tags: trunk) | |
Changes
Changes to src/report.c.
| ︙ | ︙ | |||
170 171 172 173 174 175 176 177 178 179 180 181 182 183 |
case SQLITE_SELECT:
case SQLITE_FUNCTION: {
break;
}
case SQLITE_READ: {
static const char *const azAllowed[] = {
"ticket",
"blob",
"filename",
"mlink",
"plink",
"event",
"tag",
"tagxref",
| > | 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 |
case SQLITE_SELECT:
case SQLITE_FUNCTION: {
break;
}
case SQLITE_READ: {
static const char *const azAllowed[] = {
"ticket",
"ticketchng",
"blob",
"filename",
"mlink",
"plink",
"event",
"tag",
"tagxref",
|
| ︙ | ︙ |
Changes to src/th_main.c.
| ︙ | ︙ | |||
605 606 607 608 609 610 611 612 613 614 615 616 617 618 619 620 621 622 623 |
int rc;
const char *zSql;
int nSql;
const char *zTail;
int n, i;
int res = TH_OK;
int nVar;
if( argc!=3 ){
return Th_WrongNumArgs(interp, "query SQL CODE");
}
if( g.db==0 ){
Th_ErrorMessage(interp, "database is not open", 0, 0);
return TH_ERROR;
}
zSql = argv[1];
nSql = argl[1];
while( res==TH_OK && nSql>0 ){
rc = sqlite3_prepare_v2(g.db, argv[1], argl[1], &pStmt, &zTail);
| > > > > | | > | 605 606 607 608 609 610 611 612 613 614 615 616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631 632 633 634 635 636 637 |
int rc;
const char *zSql;
int nSql;
const char *zTail;
int n, i;
int res = TH_OK;
int nVar;
char *zErr = 0;
if( argc!=3 ){
return Th_WrongNumArgs(interp, "query SQL CODE");
}
if( g.db==0 ){
Th_ErrorMessage(interp, "database is not open", 0, 0);
return TH_ERROR;
}
zSql = argv[1];
nSql = argl[1];
while( res==TH_OK && nSql>0 ){
zErr = 0;
sqlite3_set_authorizer(g.db, report_query_authorizer, (void*)&zErr);
rc = sqlite3_prepare_v2(g.db, argv[1], argl[1], &pStmt, &zTail);
sqlite3_set_authorizer(g.db, 0, 0);
if( rc!=0 || zErr!=0 ){
Th_ErrorMessage(interp, "SQL error: ",
zErr ? zErr : sqlite3_errmsg(g.db), -1);
return TH_ERROR;
}
n = (int)(zTail - zSql);
zSql += n;
nSql -= n;
if( pStmt==0 ) continue;
nVar = sqlite3_bind_parameter_count(pStmt);
|
| ︙ | ︙ |