Fossil SCM
Take over some latest bug-fixes (one security-related) from SQLite trunk's command-line shell
Commit
592c6725195e11f27e12493e1809932f4f747c2bf96cc79eeb682e81a1be8231
Parent
e80667191a17273…
1 file changed
+4
-3
+4
-3
| --- src/shell.c | ||
| +++ src/shell.c | ||
| @@ -10067,12 +10067,11 @@ | ||
| 10067 | 10067 | const char *z; /* Used to check if this is an EXPLAIN */ |
| 10068 | 10068 | int *abYield = 0; /* True if op is an OP_Yield */ |
| 10069 | 10069 | int nAlloc = 0; /* Allocated size of p->aiIndent[], abYield */ |
| 10070 | 10070 | int iOp; /* Index of operation in p->aiIndent[] */ |
| 10071 | 10071 | |
| 10072 | - const char *azNext[] = { "Next", "Prev", "VPrev", "VNext", "SorterNext", | |
| 10073 | - "NextIfOpen", "PrevIfOpen", 0 }; | |
| 10072 | + const char *azNext[] = { "Next", "Prev", "VPrev", "VNext", "SorterNext", 0 }; | |
| 10074 | 10073 | const char *azYield[] = { "Yield", "SeekLT", "SeekGT", "RowSetRead", |
| 10075 | 10074 | "Rewind", 0 }; |
| 10076 | 10075 | const char *azGoto[] = { "Goto", 0 }; |
| 10077 | 10076 | |
| 10078 | 10077 | /* Try to figure out if this is really an EXPLAIN statement. If this |
| @@ -10472,10 +10471,11 @@ | ||
| 10472 | 10471 | if( pArg->autoEQP>=AUTOEQP_trigger && triggerEQP==0 ){ |
| 10473 | 10472 | sqlite3_db_config(db, SQLITE_DBCONFIG_TRIGGER_EQP, 0, 0); |
| 10474 | 10473 | /* Reprepare pStmt before reactiving trace modes */ |
| 10475 | 10474 | sqlite3_finalize(pStmt); |
| 10476 | 10475 | sqlite3_prepare_v2(db, zSql, -1, &pStmt, 0); |
| 10476 | + if( pArg ) pArg->pStmt = pStmt; | |
| 10477 | 10477 | } |
| 10478 | 10478 | restore_debug_trace_modes(); |
| 10479 | 10479 | } |
| 10480 | 10480 | |
| 10481 | 10481 | if( pArg ){ |
| @@ -12784,11 +12784,12 @@ | ||
| 12784 | 12784 | static int arExtractCommand(ArCommand *pAr){ |
| 12785 | 12785 | const char *zSql1 = |
| 12786 | 12786 | "SELECT " |
| 12787 | 12787 | " ($dir || name)," |
| 12788 | 12788 | " writefile(($dir || name), %s, mode, mtime) " |
| 12789 | - "FROM %s WHERE (%s) AND (data IS NULL OR $dirOnly = 0)"; | |
| 12789 | + "FROM %s WHERE (%s) AND (data IS NULL OR $dirOnly = 0)" | |
| 12790 | + " AND name NOT GLOB '*..[/\\]*'"; | |
| 12790 | 12791 | |
| 12791 | 12792 | const char *azExtraArg[] = { |
| 12792 | 12793 | "sqlar_uncompress(data, sz)", |
| 12793 | 12794 | "data" |
| 12794 | 12795 | }; |
| 12795 | 12796 |
| --- src/shell.c | |
| +++ src/shell.c | |
| @@ -10067,12 +10067,11 @@ | |
| 10067 | const char *z; /* Used to check if this is an EXPLAIN */ |
| 10068 | int *abYield = 0; /* True if op is an OP_Yield */ |
| 10069 | int nAlloc = 0; /* Allocated size of p->aiIndent[], abYield */ |
| 10070 | int iOp; /* Index of operation in p->aiIndent[] */ |
| 10071 | |
| 10072 | const char *azNext[] = { "Next", "Prev", "VPrev", "VNext", "SorterNext", |
| 10073 | "NextIfOpen", "PrevIfOpen", 0 }; |
| 10074 | const char *azYield[] = { "Yield", "SeekLT", "SeekGT", "RowSetRead", |
| 10075 | "Rewind", 0 }; |
| 10076 | const char *azGoto[] = { "Goto", 0 }; |
| 10077 | |
| 10078 | /* Try to figure out if this is really an EXPLAIN statement. If this |
| @@ -10472,10 +10471,11 @@ | |
| 10472 | if( pArg->autoEQP>=AUTOEQP_trigger && triggerEQP==0 ){ |
| 10473 | sqlite3_db_config(db, SQLITE_DBCONFIG_TRIGGER_EQP, 0, 0); |
| 10474 | /* Reprepare pStmt before reactiving trace modes */ |
| 10475 | sqlite3_finalize(pStmt); |
| 10476 | sqlite3_prepare_v2(db, zSql, -1, &pStmt, 0); |
| 10477 | } |
| 10478 | restore_debug_trace_modes(); |
| 10479 | } |
| 10480 | |
| 10481 | if( pArg ){ |
| @@ -12784,11 +12784,12 @@ | |
| 12784 | static int arExtractCommand(ArCommand *pAr){ |
| 12785 | const char *zSql1 = |
| 12786 | "SELECT " |
| 12787 | " ($dir || name)," |
| 12788 | " writefile(($dir || name), %s, mode, mtime) " |
| 12789 | "FROM %s WHERE (%s) AND (data IS NULL OR $dirOnly = 0)"; |
| 12790 | |
| 12791 | const char *azExtraArg[] = { |
| 12792 | "sqlar_uncompress(data, sz)", |
| 12793 | "data" |
| 12794 | }; |
| 12795 |
| --- src/shell.c | |
| +++ src/shell.c | |
| @@ -10067,12 +10067,11 @@ | |
| 10067 | const char *z; /* Used to check if this is an EXPLAIN */ |
| 10068 | int *abYield = 0; /* True if op is an OP_Yield */ |
| 10069 | int nAlloc = 0; /* Allocated size of p->aiIndent[], abYield */ |
| 10070 | int iOp; /* Index of operation in p->aiIndent[] */ |
| 10071 | |
| 10072 | const char *azNext[] = { "Next", "Prev", "VPrev", "VNext", "SorterNext", 0 }; |
| 10073 | const char *azYield[] = { "Yield", "SeekLT", "SeekGT", "RowSetRead", |
| 10074 | "Rewind", 0 }; |
| 10075 | const char *azGoto[] = { "Goto", 0 }; |
| 10076 | |
| 10077 | /* Try to figure out if this is really an EXPLAIN statement. If this |
| @@ -10472,10 +10471,11 @@ | |
| 10471 | if( pArg->autoEQP>=AUTOEQP_trigger && triggerEQP==0 ){ |
| 10472 | sqlite3_db_config(db, SQLITE_DBCONFIG_TRIGGER_EQP, 0, 0); |
| 10473 | /* Reprepare pStmt before reactiving trace modes */ |
| 10474 | sqlite3_finalize(pStmt); |
| 10475 | sqlite3_prepare_v2(db, zSql, -1, &pStmt, 0); |
| 10476 | if( pArg ) pArg->pStmt = pStmt; |
| 10477 | } |
| 10478 | restore_debug_trace_modes(); |
| 10479 | } |
| 10480 | |
| 10481 | if( pArg ){ |
| @@ -12784,11 +12784,12 @@ | |
| 12784 | static int arExtractCommand(ArCommand *pAr){ |
| 12785 | const char *zSql1 = |
| 12786 | "SELECT " |
| 12787 | " ($dir || name)," |
| 12788 | " writefile(($dir || name), %s, mode, mtime) " |
| 12789 | "FROM %s WHERE (%s) AND (data IS NULL OR $dirOnly = 0)" |
| 12790 | " AND name NOT GLOB '*..[/\\]*'"; |
| 12791 | |
| 12792 | const char *azExtraArg[] = { |
| 12793 | "sqlar_uncompress(data, sz)", |
| 12794 | "data" |
| 12795 | }; |
| 12796 |