Fossil

Check-in [a80b2eae4a]
Login
Home Timeline Docs Forum Download

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Bug fix: Restore access to tables whose names start with "fx_" in ticket reports.
Downloads: Tarball | ZIP archive
Timelines: family | ancestors | descendants | both | branch-2.15
Files: files | file ages | folders
SHA3-256: a80b2eae4a57dad9632ab112a1b612bdc002b3e12fbbdaa0211dfbda0c7e3d8d
User & Date: drh 2021-04-08 00:24:56.836
Context
2021-04-08
00:26
Increase the version number to 2.15.1 ... (check-in: 215f42c22f user: drh tags: branch-2.15)
00:24
Bug fix: Restore access to tables whose names start with "fx_" in ticket reports. ... (check-in: a80b2eae4a user: drh tags: branch-2.15)
2021-04-07
23:32
Bug fix: Restore access to tables whose names start with "fx_" in ticket reports. Broken by check-in [5e7dc8a6f51818e6]. ... (check-in: cfb6e5eae3 user: drh tags: trunk)
2021-03-26
17:24
Version 2.15 ... (check-in: 2c6012c4aa user: drh tags: trunk, release, version-2.15)
Changes
Unified Diff Ignore Whitespace Patch
Changes to src/report.c. 
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211





212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233

         "tagxref",
         "ticket",
         "ticketchng",
         "unversioned",
      };
      int lwr = 0;
      int upr = count(azAllowed) - 1;
      int rc = 0;
      if( zArg1==0 ){
        /* Some legacy versions of SQLite will sometimes send spurious
        ** READ authorizations that have no table name.  These can be
        ** ignored. */
        rc = SQLITE_IGNORE;
        break;
      }





      while( lwr<upr ){
        int i = (lwr+upr)/2;
        int rc = fossil_stricmp(zArg1, azAllowed[i]);
        if( rc<0 ){
          upr = i - 1;
        }else if( rc>0 ){
          lwr = i + 1;
        }else{
          break;
        }
      }
      if( rc ){
        *(char**)pError = mprintf("access to table \"%s\" is restricted",zArg1);
        rc = SQLITE_DENY;
      }else if( !g.perm.RdAddr && strncmp(zArg2, "private_", 8)==0 ){
        rc = SQLITE_IGNORE;
      }
      break;
    }
    default: {
      *(char**)pError = mprintf("only SELECT statements are allowed");
      rc = SQLITE_DENY;








|







>
>
>
>
>
|

|
|

|





|


|








197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238

         "tagxref",
         "ticket",
         "ticketchng",
         "unversioned",
      };
      int lwr = 0;
      int upr = count(azAllowed) - 1;
      int cmp = 0;
      if( zArg1==0 ){
        /* Some legacy versions of SQLite will sometimes send spurious
        ** READ authorizations that have no table name.  These can be
        ** ignored. */
        rc = SQLITE_IGNORE;
        break;
      }
      if( sqlite3_strnicmp(zArg1, "fx_", 3)==0 ){
        /* Ok to read any table whose name begins with "fx_" */
        rc = SQLITE_OK;
        break;
      }
      while( lwr<=upr ){
        int i = (lwr+upr)/2;
        cmp = fossil_stricmp(zArg1, azAllowed[i]);
        if( cmp<0 ){
          upr = i - 1;
        }else if( cmp>0 ){
          lwr = i + 1;
        }else{
          break;
        }
      }
      if( cmp ){
        *(char**)pError = mprintf("access to table \"%s\" is restricted",zArg1);
        rc = SQLITE_DENY;
      }else if( !g.perm.RdAddr && sqlite3_strnicmp(zArg2, "private_", 8)==0 ){
        rc = SQLITE_IGNORE;
      }
      break;
    }
    default: {
      *(char**)pError = mprintf("only SELECT statements are allowed");
      rc = SQLITE_DENY;
This page was generated in about 0.013s by Fossil 2.26 [1205ec86cb] 2025-04-30 16:57:32