Context Navigation

Changeset 214776 in webkit

Timestamp:

Apr 3, 2017 5:35:30 AM (7 years ago)

Author:

Carlos Garcia Campos

Message:

Merge r214237 - Disable all virtual tables.
<rdar://problem/31081972> and https://bugs.webkit.org/show_bug.cgi?id=169928
Source/WebCore:

Reviewed by Jer Noble.

No new tests (Covered by changes to existing test).

(WebCore::DatabaseAuthorizer::createVTable):
(WebCore::DatabaseAuthorizer::dropVTable):

LayoutTests:

Reviewed by Jer Noble.

(createStatementsCallback):

Location:

releases/WebKitGTK/webkit-2.16

Files:

-                      r214775
+                      r214776
+-03-21  Brady Eidson  <beidson@apple.com>
+        Disable all virtual tables.
+        <rdar://problem/31081972> and https://bugs.webkit.org/show_bug.cgi?id=169928
+        Reviewed by Jer Noble.
+        * storage/websql/test-authorizer-expected.txt:
+        * storage/websql/test-authorizer.js:
+        (createStatementsCallback):
 -03-21  Zalan Bujtas  <zalan@apple.com>

-                      r183646
+                      r214776
 SQLITE_CREATE_VIEW statement succeeded.
 SQLITE_CREATE_VTABLE statement failed: could not prepare statement (23 not authorized)
+SQLITE_CREATE_VTABLE (FTS3) statement failed: could not prepare statement (23 not authorized)
 SQLITE_READ statement succeeded.
 SQLITE_SELECT statement succeeded.
 …
 SQLITE_CREATE_VIEW statement failed: could not prepare statement (23 not authorized)
 SQLITE_CREATE_VTABLE statement failed: could not prepare statement (23 not authorized)
+SQLITE_CREATE_VTABLE (FTS3) statement failed: could not prepare statement (23 not authorized)
 SQLITE_CREATE_INDEX statement succeeded.
 SQLITE_CREATE_TEMP_TABLE statement succeeded.
 …
 SQLITE_CREATE_VIEW statement succeeded.
 SQLITE_CREATE_VTABLE statement failed: could not prepare statement (23 not authorized)
+SQLITE_CREATE_VTABLE (FTS3) statement failed: could not prepare statement (23 not authorized)
 SQLITE_READ statement succeeded.
 SQLITE_SELECT statement succeeded.

r183646	r214776
59	59	executeStatement(tx, "CREATE VIEW TestView AS SELECT COUNT(*) FROM Test;", "SQLITE_CREATE_VIEW");
60	60	executeStatement(tx, "CREATE VIRTUAL TABLE TestVirtualTable USING MissingModule;", "SQLITE_CREATE_VTABLE");
	61	executeStatement(tx, "CREATE VIRTUAL TABLE TestVirtualTableFTS USING fts3;", "SQLITE_CREATE_VTABLE (FTS3)");
61	62	}
62	63

-                      r214775
+                      r214776
+-03-21  Brady Eidson  <beidson@apple.com>
+        Disable all virtual tables.
+        <rdar://problem/31081972> and https://bugs.webkit.org/show_bug.cgi?id=169928
+        Reviewed by Jer Noble.
+        No new tests (Covered by changes to existing test).
+        * Modules/webdatabase/DatabaseAuthorizer.cpp:
+        (WebCore::DatabaseAuthorizer::createVTable):
+        (WebCore::DatabaseAuthorizer::dropVTable):
 -03-21  Zalan Bujtas  <zalan@apple.com>

-                      r203146
+                      r214776
+}
+int DatabaseAuthorizer::createVTable(const String& tableName, const String& moduleName)
+{
+    if (!allowWrite())
+        return SQLAuthDeny;
+    // Allow only the FTS3 extension
+    if (!equalLettersIgnoringASCIICase(moduleName, "fts3"))
+        return SQLAuthDeny;
+    m_lastActionChangedDatabase = true;
+    return denyBasedOnTableName(tableName);
+}
+int DatabaseAuthorizer::dropVTable(const String& tableName, const String& moduleName)
+{
+    if (!allowWrite())
+        return SQLAuthDeny;
+    // Allow only the FTS3 extension
+    if (!equalLettersIgnoringASCIICase(moduleName, "fts3"))
+        return SQLAuthDeny;
+    return updateDeletesBasedOnTableName(tableName);
+int DatabaseAuthorizer::createVTable(const String&, const String&)
+{
+    return SQLAuthDeny;
+}
+int DatabaseAuthorizer::dropVTable(const String&, const String&)
+{
+    return SQLAuthDeny;
+}

Note: See TracChangeset for help on using the changeset viewer.