Fossil SCM

Fossil-defined SQL functions used inside of views for full-text-serch much be tagged using SQLITE_INNOCUOUS.

drh 2020-01-12 20:45 trunk
Commit 9826bd007a9a5af4fa6b5f5f00e4dfec3062ed8ecdd32a3a9aebb3f6256f66f6
Parent 06a3361dc08754a…
1 file changed +10 -9
~ src/search.c
M src/search.c
+10 -9
--- src/search.c
+++ src/search.c
@@ -530,26 +530,27 @@
530530
 ** Register the various SQL functions (defined above) needed to implement
531531
 ** full-scan search.
532532
 */
533533
 void search_sql_setup(sqlite3 *db){
534534
 static int once = 0;
535
+ static const int enc = SQLITE_UTF8|SQLITE_INNOCUOUS;
535536
 if( once++ ) return;
536
- sqlite3_create_function(db, "search_match", -1, SQLITE_UTF8, 0,
537
+ sqlite3_create_function(db, "search_match", -1, enc, 0,
537538
 search_match_sqlfunc, 0, 0);
538
- sqlite3_create_function(db, "search_score", 0, SQLITE_UTF8, 0,
539
+ sqlite3_create_function(db, "search_score", 0, enc, 0,
539540
 search_score_sqlfunc, 0, 0);
540
- sqlite3_create_function(db, "search_snippet", 0, SQLITE_UTF8, 0,
541
+ sqlite3_create_function(db, "search_snippet", 0, enc, 0,
541542
 search_snippet_sqlfunc, 0, 0);
542
- sqlite3_create_function(db, "search_init", -1, SQLITE_UTF8, 0,
543
+ sqlite3_create_function(db, "search_init", -1, enc, 0,
543544
 search_init_sqlfunc, 0, 0);
544
- sqlite3_create_function(db, "stext", 3, SQLITE_UTF8, 0,
545
+ sqlite3_create_function(db, "stext", 3, enc, 0,
545546
 search_stext_sqlfunc, 0, 0);
546
- sqlite3_create_function(db, "title", 3, SQLITE_UTF8, 0,
547
+ sqlite3_create_function(db, "title", 3, enc, 0,
547548
 search_title_sqlfunc, 0, 0);
548
- sqlite3_create_function(db, "body", 3, SQLITE_UTF8, 0,
549
+ sqlite3_create_function(db, "body", 3, enc, 0,
549550
 search_body_sqlfunc, 0, 0);
550
- sqlite3_create_function(db, "urlencode", 1, SQLITE_UTF8, 0,
551
+ sqlite3_create_function(db, "urlencode", 1, enc, 0,
551552
 search_urlencode_sqlfunc, 0, 0);
552553
 }
553554
554555
 /*
555556
 ** Testing the search function.
@@ -905,11 +906,11 @@
905906
 const char *zPattern, /* The query pattern */
906907
 unsigned int srchFlags /* What to search over */
907908
 ){
908909
 Blob sql;
909910
 if( srchFlags==0 ) return;
910
- sqlite3_create_function(g.db, "rank", 1, SQLITE_UTF8, 0,
911
+ sqlite3_create_function(g.db, "rank", 1, SQLITE_UTF8|SQLITE_INNOCUOUS, 0,
911912
 search_rank_sqlfunc, 0, 0);
912913
 blob_init(&sql, 0, 0);
913914
 blob_appendf(&sql,
914915
 "INSERT INTO x(label,url,score,id,date,snip) "
915916
 " SELECT ftsdocs.label,"
916917
--- src/search.c
+++ src/search.c
@@ -530,26 +530,27 @@
530 ** Register the various SQL functions (defined above) needed to implement
531 ** full-scan search.
532 */
533 void search_sql_setup(sqlite3 *db){
534 static int once = 0;
 
535 if( once++ ) return;
536 sqlite3_create_function(db, "search_match", -1, SQLITE_UTF8, 0,
537 search_match_sqlfunc, 0, 0);
538 sqlite3_create_function(db, "search_score", 0, SQLITE_UTF8, 0,
539 search_score_sqlfunc, 0, 0);
540 sqlite3_create_function(db, "search_snippet", 0, SQLITE_UTF8, 0,
541 search_snippet_sqlfunc, 0, 0);
542 sqlite3_create_function(db, "search_init", -1, SQLITE_UTF8, 0,
543 search_init_sqlfunc, 0, 0);
544 sqlite3_create_function(db, "stext", 3, SQLITE_UTF8, 0,
545 search_stext_sqlfunc, 0, 0);
546 sqlite3_create_function(db, "title", 3, SQLITE_UTF8, 0,
547 search_title_sqlfunc, 0, 0);
548 sqlite3_create_function(db, "body", 3, SQLITE_UTF8, 0,
549 search_body_sqlfunc, 0, 0);
550 sqlite3_create_function(db, "urlencode", 1, SQLITE_UTF8, 0,
551 search_urlencode_sqlfunc, 0, 0);
552 }
553
554 /*
555 ** Testing the search function.
@@ -905,11 +906,11 @@
905 const char *zPattern, /* The query pattern */
906 unsigned int srchFlags /* What to search over */
907 ){
908 Blob sql;
909 if( srchFlags==0 ) return;
910 sqlite3_create_function(g.db, "rank", 1, SQLITE_UTF8, 0,
911 search_rank_sqlfunc, 0, 0);
912 blob_init(&sql, 0, 0);
913 blob_appendf(&sql,
914 "INSERT INTO x(label,url,score,id,date,snip) "
915 " SELECT ftsdocs.label,"
916
--- src/search.c
+++ src/search.c
@@ -530,26 +530,27 @@
530 ** Register the various SQL functions (defined above) needed to implement
531 ** full-scan search.
532 */
533 void search_sql_setup(sqlite3 *db){
534 static int once = 0;
535 static const int enc = SQLITE_UTF8|SQLITE_INNOCUOUS;
536 if( once++ ) return;
537 sqlite3_create_function(db, "search_match", -1, enc, 0,
538 search_match_sqlfunc, 0, 0);
539 sqlite3_create_function(db, "search_score", 0, enc, 0,
540 search_score_sqlfunc, 0, 0);
541 sqlite3_create_function(db, "search_snippet", 0, enc, 0,
542 search_snippet_sqlfunc, 0, 0);
543 sqlite3_create_function(db, "search_init", -1, enc, 0,
544 search_init_sqlfunc, 0, 0);
545 sqlite3_create_function(db, "stext", 3, enc, 0,
546 search_stext_sqlfunc, 0, 0);
547 sqlite3_create_function(db, "title", 3, enc, 0,
548 search_title_sqlfunc, 0, 0);
549 sqlite3_create_function(db, "body", 3, enc, 0,
550 search_body_sqlfunc, 0, 0);
551 sqlite3_create_function(db, "urlencode", 1, enc, 0,
552 search_urlencode_sqlfunc, 0, 0);
553 }
554
555 /*
556 ** Testing the search function.
@@ -905,11 +906,11 @@
906 const char *zPattern, /* The query pattern */
907 unsigned int srchFlags /* What to search over */
908 ){
909 Blob sql;
910 if( srchFlags==0 ) return;
911 sqlite3_create_function(g.db, "rank", 1, SQLITE_UTF8|SQLITE_INNOCUOUS, 0,
912 search_rank_sqlfunc, 0, 0);
913 blob_init(&sql, 0, 0);
914 blob_appendf(&sql,
915 "INSERT INTO x(label,url,score,id,date,snip) "
916 " SELECT ftsdocs.label,"
917

Keyboard Shortcuts

Open search /
Next entry (timeline) j
Previous entry (timeline) k
Open focused entry Enter
Show this help ?
Toggle theme Top nav button