third_party/sqlite/patches/0017-fts2-Disable-fts2_tokenizer-for-security-reasons.patch - Issue 901033002: Import SQLite 3.8.7.4.

Side by Side Diff

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Side by Side Diff: third_party/sqlite/patches/0017-fts2-Disable-fts2_tokenizer-for-security-reasons.patch

Issue 901033002: Import SQLite 3.8.7.4. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Chromium changes to support SQLite 3.8.7.4. Created 5 years, 10 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

« no previous file with comments | « third_party/sqlite/patches/0016-fts2-test-Add-fts2-to-testfixture.patch ('k') | third_party/sqlite/patches/0018-fts2-backport-ICU-tokenizer-iterate-by-UTF16.patch » ('j') | third_party/sqlite/src/src/os_unix.c » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
	(Empty)
1 From ffc4e16279571911d59495335652905e06ac2b63 Mon Sep 17 00:00:00 2001

2 From: Scott Hess <shess@chromium.org>

3 Date: Mon, 22 Dec 2014 14:06:33 -0800

4 Subject: [PATCH 17/23] [fts2] Disable fts2_tokenizer for security reasons.

5

6 This was a leftover bit from merging the Gears SQLite into Chromium's version.

7

8 Original commit URL, which also shifted directory structure:

9 http://src.chromium.org/viewvc/chrome?revision=7623&view=revision

10 ---

11 third_party/sqlite/src/ext/fts2/fts2.c \| 18 ++++++++++++++++++

12 1 file changed, 18 insertions(+)

13

14 diff --git a/third_party/sqlite/src/ext/fts2/fts2.c b/third_party/sqlite/src/ext /fts2/fts2.c

15 index 3d9728a..4945cd9 100644

16 --- a/third_party/sqlite/src/ext/fts2/fts2.c

17 +++ b/third_party/sqlite/src/ext/fts2/fts2.c

18 @@ -37,6 +37,20 @@

19 ** This is an SQLite module implementing full-text search.

20 */

21

22 +/* TODO(shess): To make it easier to spot changes without groveling

23 +** through changelogs, I've defined GEARS_FTS2_CHANGES to call them

24 +** out, and I will document them here. On imports, these changes

25 +** should be reviewed to make sure they are still present, or are

26 +** dropped as appropriate.

27 +**

28 +** SQLite core adds the custom function fts2_tokenizer() to be used

29 +** for defining new tokenizers. The second parameter is a vtable

30 +** pointer encoded as a blob. Obviously this cannot be exposed to

31 +** Gears callers for security reasons. It could be suppressed in the

32 +** authorizer, but for now I have simply commented the definition out.

33 +*/

34 +#define GEARS_FTS2_CHANGES 1

35 +

36 /*

37 ** The code in this file is only compiled if:

38 **

39 @@ -6822,7 +6836,11 @@ int sqlite3Fts2Init(sqlite3 *db){

40 ** module with sqlite.

41 */

42 if( SQLITE_OK==rc

43 +#if GEARS_FTS2_CHANGES && !SQLITE_TEST

44 + /* fts2_tokenizer() disabled for security reasons. */

45 +#else

46 && SQLITE_OK==(rc = sqlite3Fts2InitHashTable(db, pHash, "fts2_tokenizer"))

47 +#endif

48 && SQLITE_OK==(rc = sqlite3_overload_function(db, "snippet", -1))

49 && SQLITE_OK==(rc = sqlite3_overload_function(db, "offsets", -1))

50 && SQLITE_OK==(rc = sqlite3_overload_function(db, "optimize", -1))

51 --

52 2.2.1

53

OLD	NEW