Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
Comment: | Allow only "localhost" and "" as authorities in URIs. Do not allow escapes (%HH) in the authority part of a URI. |
---|---|
Downloads: | Tarball | ZIP archive |
Timelines: | family | ancestors | descendants | both | uri |
Files: | files | file ages | folders |
SHA1: |
b8a0f1b523d1f31c8e7a102ba4bae593 |
User & Date: | dan 2011-05-03 11:53:20.345 |
Context
2011-05-03
| ||
15:09 | Remove some unused code related to URI parsing. (check-in: 008cd0ef6b user: dan tags: uri) | |
11:53 | Allow only "localhost" and "" as authorities in URIs. Do not allow escapes (%HH) in the authority part of a URI. (check-in: b8a0f1b523 user: dan tags: uri) | |
10:22 | Change the supported URI options to "mode" and "cache". (check-in: 0a694a0b27 user: dan tags: uri) | |
Changes
Changes to src/main.c.
︙ | ︙ | |||
1824 1825 1826 1827 1828 1829 1830 1831 1832 1833 1834 1835 1836 1837 | zFile = sqlite3_malloc(nByte); if( !zFile ) return SQLITE_NOMEM; /* Discard the scheme and authority segments of the URI. */ if( zUri[5]=='/' && zUri[6]=='/' ){ iIn = 7; while( zUri[iIn] && zUri[iIn]!='/' ) iIn++; }else{ iIn = 5; } /* Copy the filename and any query parameters into the zFile buffer. ** Decode %HH escape codes along the way. ** | > > > > > > > | 1824 1825 1826 1827 1828 1829 1830 1831 1832 1833 1834 1835 1836 1837 1838 1839 1840 1841 1842 1843 1844 | zFile = sqlite3_malloc(nByte); if( !zFile ) return SQLITE_NOMEM; /* Discard the scheme and authority segments of the URI. */ if( zUri[5]=='/' && zUri[6]=='/' ){ iIn = 7; while( zUri[iIn] && zUri[iIn]!='/' ) iIn++; if( iIn!=7 && (iIn!=16 || memcmp("localhost", &zUri[7], 9)) ){ *pzErrMsg = sqlite3_mprintf("invalid uri authority: %.*s", iIn-7, &zUri[7]); rc = SQLITE_ERROR; goto parse_uri_out; } }else{ iIn = 5; } /* Copy the filename and any query parameters into the zFile buffer. ** Decode %HH escape codes along the way. ** |
︙ | ︙ |
Changes to test/uri.test.
︙ | ︙ | |||
29 30 31 32 33 34 35 | #------------------------------------------------------------------------- # Test that file names are correctly extracted from URIs. # foreach {tn uri file} { 1 test.db test.db 2 file:test.db test.db | | | < | 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 | #------------------------------------------------------------------------- # Test that file names are correctly extracted from URIs. # foreach {tn uri file} { 1 test.db test.db 2 file:test.db test.db 3 file://PWD/test.db test.db 4 file:PWD/test.db test.db 5 file:test.db?mork=1 test.db 6 file:test.db?mork=1&tonglor=2 test.db 7 file:test.db?mork=1#boris test.db 8 file:test.db#boris test.db 9 test.db#boris test.db#boris 10 test.db?mork=1#boris test.db?mork=1#boris 11 file:test%2Edb test.db 12 file file 13 http:test.db http:test.db 14 file://localhostPWD/test.db%3Fhello test.db?hello 15 file:test.db%00extra test.db 16 file:test%00.db%00extra test } { set uri [string map [list PWD [pwd]] $uri] set file [string map [list PWD [pwd]] $file] forcedelete $file do_test 1.$tn.1 { file exists $file } 0 set DB [sqlite3_open $uri] do_test 1.$tn.2 { file exists $file } 1 sqlite3_close $DB forcedelete $file do_test 1.$tn.3 { file exists $file } 0 sqlite3 db xxx.db execsql { ATTACH $uri AS aux } do_test 1.$tn.4 { file exists $file } 1 db close } #------------------------------------------------------------------------- # Test that URI query parameters are passed through to the VFS layer # correctly. # testvfs tvfs -default 1 tvfs filter xOpen |
︙ | ︙ | |||
238 239 240 241 242 243 244 245 246 247 | do_test 5.1.2 { lsort [array names ::T2] } {test.db2 test.db2-journal test.db2-wal} db close tvfs1 delete tvfs2 delete finish_test | > > > > > > > > > > > > > > > > > > > > | 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 | do_test 5.1.2 { lsort [array names ::T2] } {test.db2 test.db2-journal test.db2-wal} db close tvfs1 delete tvfs2 delete #------------------------------------------------------------------------- # Check that only "" and "localhost" are acceptable as authorities. # catch {db close} foreach {tn uri res} { 1 "file://localhost/PWD/test.db" {not an error} 2 "file:///PWD/test.db" {not an error} 3 "file:/PWD/test.db" {not an error} 4 "file://l%6Fcalhost/PWD/test.db" {invalid uri authority: l%6Fcalhost} 5 "file://lbcalhost/PWD/test.db" {invalid uri authority: lbcalhost} 6 "file://x/PWD/test.db" {invalid uri authority: x} } { set uri [string map [list PWD [string range [pwd] 1 end]] $uri] do_test 6.$tn { set DB [sqlite3_open $uri] sqlite3_errmsg $DB } $res catch { sqlite3_close $DB } } finish_test |