Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | Allow only "localhost" and "" as authorities in URIs. Do not allow escapes (%HH) in the authority part of a URI. |
|---|---|
| Downloads: | Tarball | ZIP archive |
| Timelines: | family | ancestors | descendants | both | uri |
| Files: | files | file ages | folders |
| SHA1: |
b8a0f1b523d1f31c8e7a102ba4bae593 |
| User & Date: | dan 2011-05-03 11:53:20.345 |
Context
|
2011-05-03
| ||
| 15:09 | Remove some unused code related to URI parsing. (check-in: 008cd0ef6b user: dan tags: uri) | |
| 11:53 | Allow only "localhost" and "" as authorities in URIs. Do not allow escapes (%HH) in the authority part of a URI. (check-in: b8a0f1b523 user: dan tags: uri) | |
| 10:22 | Change the supported URI options to "mode" and "cache". (check-in: 0a694a0b27 user: dan tags: uri) | |
Changes
Changes to src/main.c.
| ︙ | ︙ | |||
1824 1825 1826 1827 1828 1829 1830 1831 1832 1833 1834 1835 1836 1837 |
zFile = sqlite3_malloc(nByte);
if( !zFile ) return SQLITE_NOMEM;
/* Discard the scheme and authority segments of the URI. */
if( zUri[5]=='/' && zUri[6]=='/' ){
iIn = 7;
while( zUri[iIn] && zUri[iIn]!='/' ) iIn++;
}else{
iIn = 5;
}
/* Copy the filename and any query parameters into the zFile buffer.
** Decode %HH escape codes along the way.
**
| > > > > > > > | 1824 1825 1826 1827 1828 1829 1830 1831 1832 1833 1834 1835 1836 1837 1838 1839 1840 1841 1842 1843 1844 |
zFile = sqlite3_malloc(nByte);
if( !zFile ) return SQLITE_NOMEM;
/* Discard the scheme and authority segments of the URI. */
if( zUri[5]=='/' && zUri[6]=='/' ){
iIn = 7;
while( zUri[iIn] && zUri[iIn]!='/' ) iIn++;
if( iIn!=7 && (iIn!=16 || memcmp("localhost", &zUri[7], 9)) ){
*pzErrMsg = sqlite3_mprintf("invalid uri authority: %.*s",
iIn-7, &zUri[7]);
rc = SQLITE_ERROR;
goto parse_uri_out;
}
}else{
iIn = 5;
}
/* Copy the filename and any query parameters into the zFile buffer.
** Decode %HH escape codes along the way.
**
|
| ︙ | ︙ |
Changes to test/uri.test.
| ︙ | ︙ | |||
29 30 31 32 33 34 35 |
#-------------------------------------------------------------------------
# Test that file names are correctly extracted from URIs.
#
foreach {tn uri file} {
1 test.db test.db
2 file:test.db test.db
| | | < | 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 |
#-------------------------------------------------------------------------
# Test that file names are correctly extracted from URIs.
#
foreach {tn uri file} {
1 test.db test.db
2 file:test.db test.db
3 file://PWD/test.db test.db
4 file:PWD/test.db test.db
5 file:test.db?mork=1 test.db
6 file:test.db?mork=1&tonglor=2 test.db
7 file:test.db?mork=1#boris test.db
8 file:test.db#boris test.db
9 test.db#boris test.db#boris
10 test.db?mork=1#boris test.db?mork=1#boris
11 file:test%2Edb test.db
12 file file
13 http:test.db http:test.db
14 file://localhostPWD/test.db%3Fhello test.db?hello
15 file:test.db%00extra test.db
16 file:test%00.db%00extra test
} {
set uri [string map [list PWD [pwd]] $uri]
set file [string map [list PWD [pwd]] $file]
forcedelete $file
do_test 1.$tn.1 { file exists $file } 0
set DB [sqlite3_open $uri]
do_test 1.$tn.2 { file exists $file } 1
sqlite3_close $DB
forcedelete $file
do_test 1.$tn.3 { file exists $file } 0
sqlite3 db xxx.db
execsql { ATTACH $uri AS aux }
do_test 1.$tn.4 { file exists $file } 1
db close
}
#-------------------------------------------------------------------------
# Test that URI query parameters are passed through to the VFS layer
# correctly.
#
testvfs tvfs -default 1
tvfs filter xOpen
|
| ︙ | ︙ | |||
238 239 240 241 242 243 244 245 246 247 |
do_test 5.1.2 {
lsort [array names ::T2]
} {test.db2 test.db2-journal test.db2-wal}
db close
tvfs1 delete
tvfs2 delete
finish_test
| > > > > > > > > > > > > > > > > > > > > | 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 |
do_test 5.1.2 {
lsort [array names ::T2]
} {test.db2 test.db2-journal test.db2-wal}
db close
tvfs1 delete
tvfs2 delete
#-------------------------------------------------------------------------
# Check that only "" and "localhost" are acceptable as authorities.
#
catch {db close}
foreach {tn uri res} {
1 "file://localhost/PWD/test.db" {not an error}
2 "file:///PWD/test.db" {not an error}
3 "file:/PWD/test.db" {not an error}
4 "file://l%6Fcalhost/PWD/test.db" {invalid uri authority: l%6Fcalhost}
5 "file://lbcalhost/PWD/test.db" {invalid uri authority: lbcalhost}
6 "file://x/PWD/test.db" {invalid uri authority: x}
} {
set uri [string map [list PWD [string range [pwd] 1 end]] $uri]
do_test 6.$tn {
set DB [sqlite3_open $uri]
sqlite3_errmsg $DB
} $res
catch { sqlite3_close $DB }
}
finish_test
|