Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | Make sure the perferred timezone format has been queried prior to running user SQL, since while running user SQL access to the CONFIG table is restricted. |
|---|---|
| Downloads: | Tarball | ZIP archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA1: |
7922e56655ccdc37e62dff70eeb5df04 |
| User & Date: | drh 2011-09-01 11:33:14.700 |
Context
|
2011-09-01
| ||
| 12:49 | Clean up a harmless compiler warning introduced by the previous check-in. ... (check-in: f7f4a80ea0 user: drh tags: trunk) | |
| 11:33 | Make sure the perferred timezone format has been queried prior to running user SQL, since while running user SQL access to the CONFIG table is restricted. ... (check-in: 7922e56655 user: drh tags: trunk) | |
|
2011-08-31
| ||
| 14:34 | Improvements to artifact descriptions merged into trunk. ... (check-in: 49402fc722 user: drh tags: trunk) | |
Changes
Changes to src/report.c.
| ︙ | ︙ | |||
196 197 198 199 200 201 202 203 204 205 206 207 208 209 |
rc = SQLITE_DENY;
break;
}
}
return rc;
}
/*
** Check the given SQL to see if is a valid query that does not
** attempt to do anything dangerous. Return 0 on success and a
** pointer to an error message string (obtained from malloc) if
** there is a problem.
*/
| > > > > > > > > > > > > | 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 |
rc = SQLITE_DENY;
break;
}
}
return rc;
}
/*
** Activate the query authorizer
*/
static void report_restrict_sql(char **pzErr){
char *zErr;
(void)fossil_localtime(0);
sqlite3_set_authorizer(g.db, report_query_authorizer, (void*)pzErr);
}
static void report_unrestrict_sql(void){
sqlite3_set_authorizer(g.db, 0, 0);
}
/*
** Check the given SQL to see if is a valid query that does not
** attempt to do anything dangerous. Return 0 on success and a
** pointer to an error message string (obtained from malloc) if
** there is a problem.
*/
|
| ︙ | ︙ | |||
235 236 237 238 239 240 241 |
return mprintf("Semi-colon detected! "
"Only a single SQL statement is allowed");
}
}
}
/* Compile the statement and check for illegal accesses or syntax errors. */
| | | | 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 |
return mprintf("Semi-colon detected! "
"Only a single SQL statement is allowed");
}
}
}
/* Compile the statement and check for illegal accesses or syntax errors. */
report_restrict_sql(&zErr);
rc = sqlite3_prepare(g.db, zSql, -1, &pStmt, &zTail);
if( rc!=SQLITE_OK ){
zErr = mprintf("Syntax error: %s", sqlite3_errmsg(g.db));
}
if( !sqlite3_stmt_readonly(pStmt) ){
zErr = mprintf("SQL must not modify the database");
}
if( pStmt ){
sqlite3_finalize(pStmt);
}
report_unrestrict_sql();
return zErr;
}
/*
** WEBPAGE: /rptsql
*/
void view_see_sql(void){
|
| ︙ | ︙ | |||
961 962 963 964 965 966 967 |
}
style_header(zTitle);
output_color_key(zClrKey, 1,
"border=\"0\" cellpadding=\"3\" cellspacing=\"0\" class=\"report\"");
@ <table border="1" cellpadding="2" cellspacing="0" class="report">
sState.rn = rn;
sState.nCount = 0;
| < | | | | | 973 974 975 976 977 978 979 980 981 982 983 984 985 986 987 988 989 990 991 992 993 994 995 996 997 998 999 1000 |
}
style_header(zTitle);
output_color_key(zClrKey, 1,
"border=\"0\" cellpadding=\"3\" cellspacing=\"0\" class=\"report\"");
@ <table border="1" cellpadding="2" cellspacing="0" class="report">
sState.rn = rn;
sState.nCount = 0;
report_restrict_sql(&zErr1);
sqlite3_exec_readonly(g.db, zSql, generate_html, &sState, &zErr2);
report_unrestrict_sql();
@ </table>
if( zErr1 ){
@ <p class="reportError">Error: %h(zErr1)</p>
}else if( zErr2 ){
@ <p class="reportError">Error: %h(zErr2)</p>
}
style_footer();
}else{
report_restrict_sql(&zErr1);
sqlite3_exec_readonly(g.db, zSql, output_tab_separated, &count, &zErr2);
report_unrestrict_sql();
cgi_set_content_type("text/plain");
}
}
/*
** report number for full table ticket export
*/
|
| ︙ | ︙ | |||
1135 1136 1137 1138 1139 1140 1141 |
}
if( zFilter ){
zSql = mprintf("SELECT * FROM (%s) WHERE %s",zSql,zFilter);
}
count = 0;
tktEncode = enc;
zSep = zSepIn;
| | | | 1146 1147 1148 1149 1150 1151 1152 1153 1154 1155 1156 1157 1158 1159 |
}
if( zFilter ){
zSql = mprintf("SELECT * FROM (%s) WHERE %s",zSql,zFilter);
}
count = 0;
tktEncode = enc;
zSep = zSepIn;
report_restrict_sql(&zErr1);
sqlite3_exec_readonly(g.db, zSql, output_separated_file, &count, &zErr2);
report_unrestrict_sql();
if( zFilter ){
free(zSql);
}
}
|