Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
Comment: | In defensive mode, do not allow shadow tables to be renamed using ALTER TABLE. |
---|---|
Downloads: | Tarball | ZIP archive |
Timelines: | family | ancestors | descendants | both | trunk |
Files: | files | file ages | folders |
SHA3-256: |
23e200da5cfbde0798e67cd9e016e4a1 |
User & Date: | dan 2018-12-18 20:31:14.302 |
Context
2018-12-20
| ||
15:04 | Fix a segfault caused by using the RAISE function incorrectly (library now returns an error instead of crashing). (check-in: ddf06db702 user: dan tags: trunk) | |
2018-12-18
| ||
20:31 | In defensive mode, do not allow shadow tables to be renamed using ALTER TABLE. (check-in: 23e200da5c user: dan tags: trunk) | |
2018-12-17
| ||
22:19 | Move variable declaration to address compilation issue (C89). (check-in: d64f248da3 user: mistachkin tags: trunk) | |
Changes
Changes to src/alter.c.
︙ | ︙ | |||
24 25 26 27 28 29 30 | ** Parameter zName is the name of a table that is about to be altered ** (either with ALTER TABLE ... RENAME TO or ALTER TABLE ... ADD COLUMN). ** If the table is a system table, this function leaves an error message ** in pParse->zErr (system tables may not be altered) and returns non-zero. ** ** Or, if zName is not a system table, zero is returned. */ | | | > > > > > > > | | 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 | ** Parameter zName is the name of a table that is about to be altered ** (either with ALTER TABLE ... RENAME TO or ALTER TABLE ... ADD COLUMN). ** If the table is a system table, this function leaves an error message ** in pParse->zErr (system tables may not be altered) and returns non-zero. ** ** Or, if zName is not a system table, zero is returned. */ static int isAlterableTable(Parse *pParse, Table *pTab){ if( 0==sqlite3StrNICmp(pTab->zName, "sqlite_", 7) #ifndef SQLITE_OMIT_VIRTUALTABLE || ( (pTab->tabFlags & TF_Shadow) && (pParse->db->flags & SQLITE_Defensive) && pParse->db->nVdbeExec==0 ) #endif ){ sqlite3ErrorMsg(pParse, "table %s may not be altered", pTab->zName); return 1; } return 0; } /* ** Generate code to verify that the schemas of database zDb and, if |
︙ | ︙ | |||
122 123 124 125 126 127 128 | "there is already another table or index with this name: %s", zName); goto exit_rename_table; } /* Make sure it is not a system table being altered, or a reserved name ** that the table is being renamed to. */ | | | 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 | "there is already another table or index with this name: %s", zName); goto exit_rename_table; } /* Make sure it is not a system table being altered, or a reserved name ** that the table is being renamed to. */ if( SQLITE_OK!=isAlterableTable(pParse, pTab) ){ goto exit_rename_table; } if( SQLITE_OK!=sqlite3CheckObjectName(pParse, zName) ){ goto exit_rename_table; } #ifndef SQLITE_OMIT_VIEW |
︙ | ︙ | |||
420 421 422 423 424 425 426 | #endif /* Make sure this is not an attempt to ALTER a view. */ if( pTab->pSelect ){ sqlite3ErrorMsg(pParse, "Cannot add a column to a view"); goto exit_begin_add_column; } | | | 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 | #endif /* Make sure this is not an attempt to ALTER a view. */ if( pTab->pSelect ){ sqlite3ErrorMsg(pParse, "Cannot add a column to a view"); goto exit_begin_add_column; } if( SQLITE_OK!=isAlterableTable(pParse, pTab) ){ goto exit_begin_add_column; } assert( pTab->addColOffset>0 ); iDb = sqlite3SchemaToIndex(db, pTab->pSchema); /* Put a copy of the Table struct in Parse.pNewTable for the |
︙ | ︙ | |||
522 523 524 525 526 527 528 | int bQuote; /* True to quote the new name */ /* Locate the table to be altered */ pTab = sqlite3LocateTableItem(pParse, 0, &pSrc->a[0]); if( !pTab ) goto exit_rename_column; /* Cannot alter a system table */ | | | 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 | int bQuote; /* True to quote the new name */ /* Locate the table to be altered */ pTab = sqlite3LocateTableItem(pParse, 0, &pSrc->a[0]); if( !pTab ) goto exit_rename_column; /* Cannot alter a system table */ if( SQLITE_OK!=isAlterableTable(pParse, pTab) ) goto exit_rename_column; if( SQLITE_OK!=isRealTable(pParse, pTab) ) goto exit_rename_column; /* Which schema holds the table to be altered */ iSchema = sqlite3SchemaToIndex(db, pTab->pSchema); assert( iSchema>=0 ); zDb = db->aDb[iSchema].zDbSName; |
︙ | ︙ |
Changes to test/altertab.test.
︙ | ︙ | |||
501 502 503 504 505 506 507 508 509 | SELECT * FROM x; } {x x x} do_execsql_test 15.5 { SELECT sql FROM sqlite_master WHERE name = 'y'; } {{CREATE VIEW y AS SELECT f2 AS f1 FROM x}} finish_test | > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > | 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 | SELECT * FROM x; } {x x x} do_execsql_test 15.5 { SELECT sql FROM sqlite_master WHERE name = 'y'; } {{CREATE VIEW y AS SELECT f2 AS f1 FROM x}} #------------------------------------------------------------------------- # Test that it is not possible to rename a shadow table in DEFENSIVE mode. # ifcapable fts3 { proc vtab_command {method args} { switch -- $method { xConnect { if {[info exists ::vtab_connect_sql]} { execsql $::vtab_connect_sql } return "CREATE TABLE t1(a, b, c)" } xBestIndex { set clist [lindex $args 0] if {[llength $clist]!=1} { error "unexpected constraint list" } catch { array unset C } array set C [lindex $clist 0] if {$C(usable)} { return "omit 0 cost 0 rows 1 idxnum 555 idxstr eq!" } else { return "cost 1000000 rows 0 idxnum 0 idxstr scan..." } } } return {} } register_tcl_module db sqlite3_db_config db DEFENSIVE 1 do_execsql_test 16.0 { CREATE VIRTUAL TABLE y1 USING fts3; } do_catchsql_test 16.1 { INSERT INTO y1_segments VALUES(1, X'1234567890'); } {1 {table y1_segments may not be modified}} do_catchsql_test 16.2 { ALTER TABLE y1_segments RENAME TO abc; } {1 {table y1_segments may not be altered}} do_execsql_test 16.3 { ALTER TABLE y1 RENAME TO z1; } do_execsql_test 16.4 { SELECT * FROM z1_segments; } } finish_test |