/ Check-in [475d8f82]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Change the JSON extension so that it disallows control characters inside of strings. Fix for ticket [6c9b5514077fed34551f98e64c09a10dc2fc8e16].
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: 475d8f82ec61a4ff3e6a7650731230ccecb6cc580d1397d189d0ba479d9bad4d
User & Date: drh 2017-04-10 12:25:05
Context
2017-04-10
12:31
Add a new JSON test case to verify that all control characters are escaped in the json_quote() function. check-in: 6ee12221 user: drh tags: trunk
12:25
Change the JSON extension so that it disallows control characters inside of strings. Fix for ticket [6c9b5514077fed34551f98e64c09a10dc2fc8e16]. check-in: 475d8f82 user: drh tags: trunk
2017-04-09
19:23
Do not expose the name of the internal Mem object in the public interface defined by sqlite3.h. check-in: 19dd753f user: drh tags: trunk
Changes
Hide Diffs Unified Diffs Show Whitespace Changes Patch

Changes to ext/misc/json1.c.

781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
    return j+1;
  }else if( c=='"' ){
    /* Parse string */
    u8 jnFlags = 0;
    j = i+1;
    for(;;){
      c = z[j];
      if( c==0 ) return -1;
      if( c=='\\' ){
        c = z[++j];
        if( c=='"' || c=='\\' || c=='/' || c=='b' || c=='f'
           || c=='n' || c=='r' || c=='t'
           || (c=='u' && jsonIs4Hex(z+j+1)) ){
          jnFlags = JNODE_ESCAPE;
        }else{







|







781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
    return j+1;
  }else if( c=='"' ){
    /* Parse string */
    u8 jnFlags = 0;
    j = i+1;
    for(;;){
      c = z[j];
      if( c<=0x1f ) return -1;  /* Control characters not allowed in strings */
      if( c=='\\' ){
        c = z[++j];
        if( c=='"' || c=='\\' || c=='/' || c=='b' || c=='f'
           || c=='n' || c=='r' || c=='t'
           || (c=='u' && jsonIs4Hex(z+j+1)) ){
          jnFlags = JNODE_ESCAPE;
        }else{

Changes to test/json102.test.

314
315
316
317
318
319
320
321











322
do_execsql_test json102-1406 { SELECT json_valid('{"x":-0.1}') } 1
do_execsql_test json102-1407 { SELECT json_valid('{"x":0.0000}') } 1
do_execsql_test json102-1408 { SELECT json_valid('{"x":-0.0000}') } 1
do_execsql_test json102-1409 { SELECT json_valid('{"x":01.5}') } 0
do_execsql_test json102-1410 { SELECT json_valid('{"x":-01.5}') } 0
do_execsql_test json102-1411 { SELECT json_valid('{"x":00}') } 0
do_execsql_test json102-1412 { SELECT json_valid('{"x":-00}') } 0












finish_test








>
>
>
>
>
>
>
>
>
>
>

314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
do_execsql_test json102-1406 { SELECT json_valid('{"x":-0.1}') } 1
do_execsql_test json102-1407 { SELECT json_valid('{"x":0.0000}') } 1
do_execsql_test json102-1408 { SELECT json_valid('{"x":-0.0000}') } 1
do_execsql_test json102-1409 { SELECT json_valid('{"x":01.5}') } 0
do_execsql_test json102-1410 { SELECT json_valid('{"x":-01.5}') } 0
do_execsql_test json102-1411 { SELECT json_valid('{"x":00}') } 0
do_execsql_test json102-1412 { SELECT json_valid('{"x":-00}') } 0

#------------------------------------------------------------------------
# 2017-04-10 ticket 6c9b5514077fed34551f98e64c09a10dc2fc8e16
# JSON extension accepts strings containing control characters.
#
# The JSON spec requires that all control characters be escaped.
#
do_execsql_test json102-1500 {
  WITH RECURSIVE c(x) AS (VALUES(1) UNION ALL SELECT x+1 FROM c WHERE x<0x20)
  SELECT x FROM c WHERE json_valid(printf('{"a":"x%sz"}', char(x))) ORDER BY x;
} {32}

finish_test