Fossil

Check-in [96b0c1ffac]
Login
Home Timeline Docs Forum Download

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:But, do not allow access to private columns of fx_ tables unless the user has "Email" privilege (letter "e").
Downloads: Tarball | ZIP archive
Timelines: family | ancestors | descendants | both | branch-2.14
Files: files | file ages | folders
SHA3-256: 96b0c1ffac491333e0eb4a18084990322182df13b3a8d899ba8213c51f25174c
User & Date: drh 2021-04-08 01:07:23.385
Context
2021-04-08
01:07
Version 2.14.1 ... (check-in: 4de59089c2 user: drh tags: release, version-2.14.1, branch-2.14)
01:07
But, do not allow access to private columns of fx_ tables unless the user has "Email" privilege (letter "e"). ... (check-in: 96b0c1ffac user: drh tags: branch-2.14)
00:47
But, do not allow access to private columns of fx_ tables unless the user has "Email" privilege (letter "e"). ... (check-in: 719dfbb95d user: drh tags: trunk)
00:27
Increase the version number to 2.14.1 ... (check-in: b39338dcb1 user: drh tags: branch-2.14)
Changes
Unified Diff Ignore Whitespace Patch
Changes to src/report.c. 
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227




228
229
230
231
232
233
234

      if( zArg1==0 ){
        /* Some legacy versions of SQLite will sometimes send spurious
        ** READ authorizations that have no table name.  These can be
        ** ignored. */
        rc = SQLITE_IGNORE;
        break;
      }
      if( sqlite3_strnicmp(zArg1, "fx_", 3)==0 ){
        /* Ok to read any table whose name begins with "fx_" */
        rc = SQLITE_OK;
        break;
      }
      while( lwr<=upr ){
        int i = (lwr+upr)/2;
        cmp = fossil_stricmp(zArg1, azAllowed[i]);
        if( cmp<0 ){
          upr = i - 1;
        }else if( cmp>0 ){
          lwr = i + 1;
        }else{
          break;
        }
      }




      if( cmp ){
        *(char**)pError = mprintf("access to table \"%s\" is restricted",zArg1);
        rc = SQLITE_DENY;
      }else if( !g.perm.RdAddr && sqlite3_strnicmp(zArg2, "private_", 8)==0 ){
        rc = SQLITE_IGNORE;
      }
      break;








<
<
<
<
<











>
>
>
>








205
206
207
208
209
210
211





212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233

      if( zArg1==0 ){
        /* Some legacy versions of SQLite will sometimes send spurious
        ** READ authorizations that have no table name.  These can be
        ** ignored. */
        rc = SQLITE_IGNORE;
        break;
      }





      while( lwr<=upr ){
        int i = (lwr+upr)/2;
        cmp = fossil_stricmp(zArg1, azAllowed[i]);
        if( cmp<0 ){
          upr = i - 1;
        }else if( cmp>0 ){
          lwr = i + 1;
        }else{
          break;
        }
      }
      if( cmp ){
        /* Always ok to access tables whose names begin with "fx_" */
        cmp = sqlite3_strnicmp(zArg1, "fx_", 3);
      }
      if( cmp ){
        *(char**)pError = mprintf("access to table \"%s\" is restricted",zArg1);
        rc = SQLITE_DENY;
      }else if( !g.perm.RdAddr && sqlite3_strnicmp(zArg2, "private_", 8)==0 ){
        rc = SQLITE_IGNORE;
      }
      break;
This page was generated in about 0.014s by Fossil 2.26 [1205ec86cb] 2025-04-30 16:57:32