/ Check-in [b8a0f1b5]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Allow only "localhost" and "" as authorities in URIs. Do not allow escapes (%HH) in the authority part of a URI.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | uri
Files: files | file ages | folders
SHA1:b8a0f1b523d1f31c8e7a102ba4bae5935b07104a
User & Date: dan 2011-05-03 11:53:20
Context
2011-05-03
15:09
Remove some unused code related to URI parsing. check-in: 008cd0ef user: dan tags: uri
11:53
Allow only "localhost" and "" as authorities in URIs. Do not allow escapes (%HH) in the authority part of a URI. check-in: b8a0f1b5 user: dan tags: uri
10:22
Change the supported URI options to "mode" and "cache". check-in: 0a694a0b user: dan tags: uri
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to src/main.c.

1824
1825
1826
1827
1828
1829
1830







1831
1832
1833
1834
1835
1836
1837
    zFile = sqlite3_malloc(nByte);
    if( !zFile ) return SQLITE_NOMEM;

    /* Discard the scheme and authority segments of the URI. */
    if( zUri[5]=='/' && zUri[6]=='/' ){
      iIn = 7;
      while( zUri[iIn] && zUri[iIn]!='/' ) iIn++;







    }else{
      iIn = 5;
    }

    /* Copy the filename and any query parameters into the zFile buffer. 
    ** Decode %HH escape codes along the way. 
    **







>
>
>
>
>
>
>







1824
1825
1826
1827
1828
1829
1830
1831
1832
1833
1834
1835
1836
1837
1838
1839
1840
1841
1842
1843
1844
    zFile = sqlite3_malloc(nByte);
    if( !zFile ) return SQLITE_NOMEM;

    /* Discard the scheme and authority segments of the URI. */
    if( zUri[5]=='/' && zUri[6]=='/' ){
      iIn = 7;
      while( zUri[iIn] && zUri[iIn]!='/' ) iIn++;

      if( iIn!=7 && (iIn!=16 || memcmp("localhost", &zUri[7], 9)) ){
        *pzErrMsg = sqlite3_mprintf("invalid uri authority: %.*s", 
            iIn-7, &zUri[7]);
        rc = SQLITE_ERROR;
        goto parse_uri_out;
      }
    }else{
      iIn = 5;
    }

    /* Copy the filename and any query parameters into the zFile buffer. 
    ** Decode %HH escape codes along the way. 
    **

Changes to test/uri.test.

29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
..
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
...
238
239
240
241
242
243
244




















245
246
247

#-------------------------------------------------------------------------
# Test that file names are correctly extracted from URIs.
#
foreach {tn uri file} {
  1      test.db                            test.db
  2      file:test.db                       test.db
  3      file://an-authorityPWD/test.db     test.db
  4      file:PWD/test.db                   test.db
  5      file:test.db?mork=1                test.db
  6      file:test.db?mork=1&tonglor=2      test.db
  7      file:test.db?mork=1#boris          test.db
  8      file:test.db#boris                 test.db
  9      test.db#boris                      test.db#boris
  10     test.db?mork=1#boris               test.db?mork=1#boris
  11     file:test%2Edb                     test.db
  12     file                               file
  13     http:test.db                       http:test.db
  14     file://xyzPWD/test.db%3Fhello      test.db?hello
  15     file:test.db%00extra               test.db
  16     file:test%00.db%00extra            test
} {
  set uri  [string map [list PWD [pwd]] $uri]
  set file [string map [list PWD [pwd]] $file]

  forcedelete $file
................................................................................

  do_test 1.$tn.3 { file exists $file } 0
  sqlite3 db xxx.db
  execsql { ATTACH $uri AS aux }
  do_test 1.$tn.4 { file exists $file } 1
  db close
}


#-------------------------------------------------------------------------
# Test that URI query parameters are passed through to the VFS layer
# correctly.
#
testvfs tvfs -default 1
tvfs filter xOpen
................................................................................
do_test 5.1.2 {
  lsort [array names ::T2]
} {test.db2 test.db2-journal test.db2-wal}

db close
tvfs1 delete
tvfs2 delete





















finish_test








|










|







 







<







 







>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>



29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
..
60
61
62
63
64
65
66

67
68
69
70
71
72
73
...
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266

#-------------------------------------------------------------------------
# Test that file names are correctly extracted from URIs.
#
foreach {tn uri file} {
  1      test.db                            test.db
  2      file:test.db                       test.db
  3      file://PWD/test.db     test.db
  4      file:PWD/test.db                   test.db
  5      file:test.db?mork=1                test.db
  6      file:test.db?mork=1&tonglor=2      test.db
  7      file:test.db?mork=1#boris          test.db
  8      file:test.db#boris                 test.db
  9      test.db#boris                      test.db#boris
  10     test.db?mork=1#boris               test.db?mork=1#boris
  11     file:test%2Edb                     test.db
  12     file                               file
  13     http:test.db                       http:test.db
  14     file://localhostPWD/test.db%3Fhello   test.db?hello
  15     file:test.db%00extra               test.db
  16     file:test%00.db%00extra            test
} {
  set uri  [string map [list PWD [pwd]] $uri]
  set file [string map [list PWD [pwd]] $file]

  forcedelete $file
................................................................................

  do_test 1.$tn.3 { file exists $file } 0
  sqlite3 db xxx.db
  execsql { ATTACH $uri AS aux }
  do_test 1.$tn.4 { file exists $file } 1
  db close
}


#-------------------------------------------------------------------------
# Test that URI query parameters are passed through to the VFS layer
# correctly.
#
testvfs tvfs -default 1
tvfs filter xOpen
................................................................................
do_test 5.1.2 {
  lsort [array names ::T2]
} {test.db2 test.db2-journal test.db2-wal}

db close
tvfs1 delete
tvfs2 delete

#-------------------------------------------------------------------------
# Check that only "" and "localhost" are acceptable as authorities.
#
catch {db close}
foreach {tn uri res} {
  1     "file://localhost/PWD/test.db"   {not an error}
  2     "file:///PWD/test.db"            {not an error}
  3     "file:/PWD/test.db"              {not an error}
  4     "file://l%6Fcalhost/PWD/test.db" {invalid uri authority: l%6Fcalhost}
  5     "file://lbcalhost/PWD/test.db"   {invalid uri authority: lbcalhost}
  6     "file://x/PWD/test.db"           {invalid uri authority: x}
} {
  set uri  [string map [list PWD [string range [pwd] 1 end]] $uri]
  do_test 6.$tn {
    set DB [sqlite3_open $uri]
    sqlite3_errmsg $DB
  } $res
  catch { sqlite3_close $DB }
}

finish_test