Fossil SCM

Restrict the TH1 "query" command to be read-only and to only be able to see a specific subset of tables in the repository database file.

drh 2012-12-09 19:22 trunk
Commit 2056f624c0f88985929afcc8683f34376b243672
Parent 8e31adafad2b883…
2 files changed +1 +7 -2
~ src/report.c ~ src/th_main.c
M src/report.c
+1
--- src/report.c
+++ src/report.c
@@ -172,10 +172,11 @@
172172
 break;
173173
 }
174174
 case SQLITE_READ: {
175175
 static const char *const azAllowed[] = {
176176
 "ticket",
177
+ "ticketchng",
177178
 "blob",
178179
 "filename",
179180
 "mlink",
180181
 "plink",
181182
 "event",
182183
--- src/report.c
+++ src/report.c
@@ -172,10 +172,11 @@
172 break;
173 }
174 case SQLITE_READ: {
175 static const char *const azAllowed[] = {
176 "ticket",
 
177 "blob",
178 "filename",
179 "mlink",
180 "plink",
181 "event",
182
--- src/report.c
+++ src/report.c
@@ -172,10 +172,11 @@
172 break;
173 }
174 case SQLITE_READ: {
175 static const char *const azAllowed[] = {
176 "ticket",
177 "ticketchng",
178 "blob",
179 "filename",
180 "mlink",
181 "plink",
182 "event",
183
M src/th_main.c
+7 -2
--- src/th_main.c
+++ src/th_main.c
@@ -607,10 +607,11 @@
607607
 int nSql;
608608
 const char *zTail;
609609
 int n, i;
610610
 int res = TH_OK;
611611
 int nVar;
612
+ char *zErr = 0;
612613
613614
 if( argc!=3 ){
614615
 return Th_WrongNumArgs(interp, "query SQL CODE");
615616
 }
616617
 if( g.db==0 ){
@@ -618,13 +619,17 @@
618619
 return TH_ERROR;
619620
 }
620621
 zSql = argv[1];
621622
 nSql = argl[1];
622623
 while( res==TH_OK && nSql>0 ){
624
+ zErr = 0;
625
+ sqlite3_set_authorizer(g.db, report_query_authorizer, (void*)&zErr);
623626
 rc = sqlite3_prepare_v2(g.db, argv[1], argl[1], &pStmt, &zTail);
624
- if( rc!=0 ){
625
- Th_ErrorMessage(interp, "SQL error: ", sqlite3_errmsg(g.db), -1);
627
+ sqlite3_set_authorizer(g.db, 0, 0);
628
+ if( rc!=0 || zErr!=0 ){
629
+ Th_ErrorMessage(interp, "SQL error: ",
630
+ zErr ? zErr : sqlite3_errmsg(g.db), -1);
626631
 return TH_ERROR;
627632
 }
628633
 n = (int)(zTail - zSql);
629634
 zSql += n;
630635
 nSql -= n;
631636
--- src/th_main.c
+++ src/th_main.c
@@ -607,10 +607,11 @@
607 int nSql;
608 const char *zTail;
609 int n, i;
610 int res = TH_OK;
611 int nVar;
 
612
613 if( argc!=3 ){
614 return Th_WrongNumArgs(interp, "query SQL CODE");
615 }
616 if( g.db==0 ){
@@ -618,13 +619,17 @@
618 return TH_ERROR;
619 }
620 zSql = argv[1];
621 nSql = argl[1];
622 while( res==TH_OK && nSql>0 ){
 
 
623 rc = sqlite3_prepare_v2(g.db, argv[1], argl[1], &pStmt, &zTail);
624 if( rc!=0 ){
625 Th_ErrorMessage(interp, "SQL error: ", sqlite3_errmsg(g.db), -1);
 
 
626 return TH_ERROR;
627 }
628 n = (int)(zTail - zSql);
629 zSql += n;
630 nSql -= n;
631
--- src/th_main.c
+++ src/th_main.c
@@ -607,10 +607,11 @@
607 int nSql;
608 const char *zTail;
609 int n, i;
610 int res = TH_OK;
611 int nVar;
612 char *zErr = 0;
613
614 if( argc!=3 ){
615 return Th_WrongNumArgs(interp, "query SQL CODE");
616 }
617 if( g.db==0 ){
@@ -618,13 +619,17 @@
619 return TH_ERROR;
620 }
621 zSql = argv[1];
622 nSql = argl[1];
623 while( res==TH_OK && nSql>0 ){
624 zErr = 0;
625 sqlite3_set_authorizer(g.db, report_query_authorizer, (void*)&zErr);
626 rc = sqlite3_prepare_v2(g.db, argv[1], argl[1], &pStmt, &zTail);
627 sqlite3_set_authorizer(g.db, 0, 0);
628 if( rc!=0 || zErr!=0 ){
629 Th_ErrorMessage(interp, "SQL error: ",
630 zErr ? zErr : sqlite3_errmsg(g.db), -1);
631 return TH_ERROR;
632 }
633 n = (int)(zTail - zSql);
634 zSql += n;
635 nSql -= n;
636

Keyboard Shortcuts

Open search /
Next entry (timeline) j
Previous entry (timeline) k
Open focused entry Enter
Show this help ?
Toggle theme Top nav button