OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2007 Apple Inc. All rights reserved. | 2 * Copyright (C) 2007 Apple Inc. All rights reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
6 * are met: | 6 * are met: |
7 * | 7 * |
8 * 1. Redistributions of source code must retain the above copyright | 8 * 1. Redistributions of source code must retain the above copyright |
9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
10 * 2. Redistributions in binary form must reproduce the above copyright | 10 * 2. Redistributions in binary form must reproduce the above copyright |
(...skipping 327 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
338 } | 338 } |
339 | 339 |
340 void DatabaseAuthorizer::setPermissions(int permissions) { | 340 void DatabaseAuthorizer::setPermissions(int permissions) { |
341 m_permissions = permissions; | 341 m_permissions = permissions; |
342 } | 342 } |
343 | 343 |
344 int DatabaseAuthorizer::denyBasedOnTableName(const String& tableName) const { | 344 int DatabaseAuthorizer::denyBasedOnTableName(const String& tableName) const { |
345 if (!m_securityEnabled) | 345 if (!m_securityEnabled) |
346 return SQLAuthAllow; | 346 return SQLAuthAllow; |
347 | 347 |
348 // Sadly, normal creates and drops end up affecting sqlite_master in an author
izer callback, so | 348 // Sadly, normal creates and drops end up affecting sqlite_master in an |
349 // it will be tough to enforce all of the following policies | 349 // authorizer callback, so it will be tough to enforce all of the following |
350 //if (equalIgnoringCase(tableName, "sqlite_master") || equalIgnoringCase(table
Name, "sqlite_temp_master") || | 350 // policies: |
351 // equalIgnoringCase(tableName, "sqlite_sequence") || equalIgnoringCase(tab
leName, Database::databaseInfoTableName())) | 351 // if (equalIgnoringCase(tableName, "sqlite_master") || |
352 // return SQLAuthDeny; | 352 // equalIgnoringCase(tableName, "sqlite_temp_master") || |
| 353 // equalIgnoringCase(tableName, "sqlite_sequence") || |
| 354 // equalIgnoringCase(tableName, Database::databaseInfoTableName())) |
| 355 // return SQLAuthDeny; |
353 | 356 |
354 if (equalIgnoringCase(tableName, m_databaseInfoTableName)) | 357 if (equalIgnoringCase(tableName, m_databaseInfoTableName)) |
355 return SQLAuthDeny; | 358 return SQLAuthDeny; |
356 | 359 |
357 return SQLAuthAllow; | 360 return SQLAuthAllow; |
358 } | 361 } |
359 | 362 |
360 int DatabaseAuthorizer::updateDeletesBasedOnTableName(const String& tableName) { | 363 int DatabaseAuthorizer::updateDeletesBasedOnTableName(const String& tableName) { |
361 int allow = denyBasedOnTableName(tableName); | 364 int allow = denyBasedOnTableName(tableName); |
362 if (allow) | 365 if (allow) |
363 m_hadDeletes = true; | 366 m_hadDeletes = true; |
364 return allow; | 367 return allow; |
365 } | 368 } |
366 | 369 |
367 } // namespace blink | 370 } // namespace blink |
OLD | NEW |