Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | API Change: Modify sqlite3_enable_load_extension() so that it only enables/disables the load_extension() SQL function, and leaves the C-APIs enabled at all times. In this way, applications can enable extension loading for the C interface without having to expose that capability to the SQL. |
|---|---|
| Downloads: | Tarball | ZIP archive |
| Timelines: | family | ancestors | descendants | both | load-ext-security |
| Files: | files | file ages | folders |
| SHA1: |
edb454e45ae008e051e2f48d704a855b |
| User & Date: | drh 2016-04-20 00:30:05.107 |
Context
|
2016-04-21
| ||
| 01:30 | Revert sqlite3_enable_load_extension() to its original long-standing behavior. Add SQLITE_DBCONFIG_ENABLE_LOAD_EXTENSION which will enable only the C-API and leave the SQL function disabled. (check-in: b2ae5bfa32 user: drh tags: load-ext-security) | |
|
2016-04-20
| ||
| 00:30 | API Change: Modify sqlite3_enable_load_extension() so that it only enables/disables the load_extension() SQL function, and leaves the C-APIs enabled at all times. In this way, applications can enable extension loading for the C interface without having to expose that capability to the SQL. (check-in: edb454e45a user: drh tags: load-ext-security) | |
|
2016-04-18
| ||
| 15:46 | Remove quotes from identifiers used as datatype names in a CREATE TABLE statement. Fix for ticket [7d7525cb01b68] (check-in: eba27d4d17 user: drh tags: trunk) | |
Changes
Changes to src/func.c.
| ︙ | ︙ | |||
1381 1382 1383 1384 1385 1386 1387 1388 1389 1390 1391 1392 1393 1394 |
** A function that loads a shared-library extension then returns NULL.
*/
static void loadExt(sqlite3_context *context, int argc, sqlite3_value **argv){
const char *zFile = (const char *)sqlite3_value_text(argv[0]);
const char *zProc;
sqlite3 *db = sqlite3_context_db_handle(context);
char *zErrMsg = 0;
if( argc==2 ){
zProc = (const char *)sqlite3_value_text(argv[1]);
}else{
zProc = 0;
}
if( zFile && sqlite3_load_extension(db, zFile, zProc, &zErrMsg) ){
| > > > > > > > > | 1381 1382 1383 1384 1385 1386 1387 1388 1389 1390 1391 1392 1393 1394 1395 1396 1397 1398 1399 1400 1401 1402 |
** A function that loads a shared-library extension then returns NULL.
*/
static void loadExt(sqlite3_context *context, int argc, sqlite3_value **argv){
const char *zFile = (const char *)sqlite3_value_text(argv[0]);
const char *zProc;
sqlite3 *db = sqlite3_context_db_handle(context);
char *zErrMsg = 0;
/* Disallow the load_extension function unless the SQLITE_LoadExtension
** flag is set. See the sqlite3_enable_load_extension() API.
*/
if( (db->flags & SQLITE_LoadExtension)==0 ){
sqlite3_result_error(context, "not authorized", -1);
return;
}
if( argc==2 ){
zProc = (const char *)sqlite3_value_text(argv[1]);
}else{
zProc = 0;
}
if( zFile && sqlite3_load_extension(db, zFile, zProc, &zErrMsg) ){
|
| ︙ | ︙ |
Changes to src/loadext.c.
| ︙ | ︙ | |||
456 457 458 459 460 461 462 |
#else
"so"
#endif
};
if( pzErrMsg ) *pzErrMsg = 0;
| < < < < < < < < < < < < < < < | 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 |
#else
"so"
#endif
};
if( pzErrMsg ) *pzErrMsg = 0;
zEntry = zProc ? zProc : "sqlite3_extension_init";
handle = sqlite3OsDlOpen(pVfs, zFile);
#if SQLITE_OS_UNIX || SQLITE_OS_WIN
for(ii=0; ii<ArraySize(azEndings) && handle==0; ii++){
char *zAltFile = sqlite3_mprintf("%s.%s", zFile, azEndings[ii]);
if( zAltFile==0 ) return SQLITE_NOMEM_BKPT;
handle = sqlite3OsDlOpen(pVfs, zAltFile);
sqlite3_free(zAltFile);
|
| ︙ | ︙ |