Fossil SCM
Add reminder hints to the authorizer function header comments about how to test those functions using the "test-db-prepare" command.
Commit
b594f486efdf61b8aa65f73e55ee3e8283a24760ffba01ea1662b2ef0856761c
Parent
323e3dfcbd3c817…
2 files changed
+3
+3
+3
| --- src/report.c | ||
| +++ src/report.c | ||
| @@ -161,10 +161,13 @@ | ||
| 161 | 161 | /* |
| 162 | 162 | ** This is the SQLite authorizer callback used to make sure that the |
| 163 | 163 | ** SQL statements entered by users do not try to do anything untoward. |
| 164 | 164 | ** If anything suspicious is tried, set *(char**)pError to an error |
| 165 | 165 | ** message obtained from malloc. |
| 166 | +** | |
| 167 | +** Use the "fossil test-db-prepare --auth-report SQL" command to perform | |
| 168 | +** manual testing of this authorizer. | |
| 166 | 169 | */ |
| 167 | 170 | static int report_query_authorizer( |
| 168 | 171 | void *pError, |
| 169 | 172 | int code, |
| 170 | 173 | const char *zArg1, |
| 171 | 174 |
| --- src/report.c | |
| +++ src/report.c | |
| @@ -161,10 +161,13 @@ | |
| 161 | /* |
| 162 | ** This is the SQLite authorizer callback used to make sure that the |
| 163 | ** SQL statements entered by users do not try to do anything untoward. |
| 164 | ** If anything suspicious is tried, set *(char**)pError to an error |
| 165 | ** message obtained from malloc. |
| 166 | */ |
| 167 | static int report_query_authorizer( |
| 168 | void *pError, |
| 169 | int code, |
| 170 | const char *zArg1, |
| 171 |
| --- src/report.c | |
| +++ src/report.c | |
| @@ -161,10 +161,13 @@ | |
| 161 | /* |
| 162 | ** This is the SQLite authorizer callback used to make sure that the |
| 163 | ** SQL statements entered by users do not try to do anything untoward. |
| 164 | ** If anything suspicious is tried, set *(char**)pError to an error |
| 165 | ** message obtained from malloc. |
| 166 | ** |
| 167 | ** Use the "fossil test-db-prepare --auth-report SQL" command to perform |
| 168 | ** manual testing of this authorizer. |
| 169 | */ |
| 170 | static int report_query_authorizer( |
| 171 | void *pError, |
| 172 | int code, |
| 173 | const char *zArg1, |
| 174 |
+3
| --- src/tkt.c | ||
| +++ src/tkt.c | ||
| @@ -395,10 +395,13 @@ | ||
| 395 | 395 | ** |
| 396 | 396 | ** Of particular importance for security is that this routine |
| 397 | 397 | ** disallows data changes on the "config" table, as that could |
| 398 | 398 | ** allow a malicious server to modify settings in such a way as |
| 399 | 399 | ** to cause a remote code execution. |
| 400 | +** | |
| 401 | +** Use the "fossil test-db-prepare --auth-ticket SQL" command to perform | |
| 402 | +** manual testing of this authorizer. | |
| 400 | 403 | */ |
| 401 | 404 | static int ticket_schema_auth( |
| 402 | 405 | void *pNErr, |
| 403 | 406 | int eCode, |
| 404 | 407 | const char *z0, |
| 405 | 408 |
| --- src/tkt.c | |
| +++ src/tkt.c | |
| @@ -395,10 +395,13 @@ | |
| 395 | ** |
| 396 | ** Of particular importance for security is that this routine |
| 397 | ** disallows data changes on the "config" table, as that could |
| 398 | ** allow a malicious server to modify settings in such a way as |
| 399 | ** to cause a remote code execution. |
| 400 | */ |
| 401 | static int ticket_schema_auth( |
| 402 | void *pNErr, |
| 403 | int eCode, |
| 404 | const char *z0, |
| 405 |
| --- src/tkt.c | |
| +++ src/tkt.c | |
| @@ -395,10 +395,13 @@ | |
| 395 | ** |
| 396 | ** Of particular importance for security is that this routine |
| 397 | ** disallows data changes on the "config" table, as that could |
| 398 | ** allow a malicious server to modify settings in such a way as |
| 399 | ** to cause a remote code execution. |
| 400 | ** |
| 401 | ** Use the "fossil test-db-prepare --auth-ticket SQL" command to perform |
| 402 | ** manual testing of this authorizer. |
| 403 | */ |
| 404 | static int ticket_schema_auth( |
| 405 | void *pNErr, |
| 406 | int eCode, |
| 407 | const char *z0, |
| 408 |