Documentation updates for the new SQLITE_FUNCTION authorization. (CVS 3366)
FossilOrigin-Name: e029637e54e190c89206725a99e1ee7db6c23804
diff --git a/manifest b/manifest
index 31e3fdc..b933284 100644
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Enhance\sthe\ssqlite3_set_authorizer()\scallback\sso\sthat\sit\sprovides\scallbacks\non\seach\sSQL\sfunction\sthat\sis\sinvoked.\s(CVS\s3365)
-D 2006-08-24T14:59:46
+C Documentation\supdates\sfor\sthe\snew\sSQLITE_FUNCTION\sauthorization.\s(CVS\s3366)
+D 2006-08-24T15:18:25
F Makefile.in 8e7f9ecebab2c6e0f3db20ff129a8f9405ab64f8
F Makefile.linux-gcc 2d8574d1ba75f129aba2019f0b959db380a90935
F README 9c4e2d6706bdcc3efdd773ce752a8cdab4f90028
@@ -50,7 +50,7 @@
F src/date.c cd2bd5d1ebc6fa12d6312f69789ae5b0a2766f2e
F src/delete.c 804384761144fe1a5035b99f4bd7d706976831bd
F src/experimental.c 1b2d1a6cd62ecc39610e97670332ca073c50792b
-F src/expr.c fb53fb9ddbfb2868bf148031adde2290de0fd65a
+F src/expr.c 0546cc60f08c426d96092dea0789d085aed3580e
F src/func.c dd9cea8ed3246d7a4c49fd01034d470d5702b8b0
F src/hash.c 449f3d6620193aa557f5d86cbc5cc6b87702b185
F src/hash.h 1b3f7e2609141fd571f62199fc38687d262e9564
@@ -344,7 +344,7 @@
F www/autoinc.tcl b357f5ba954b046ee35392ce0f884a2fcfcdea06
F www/c_interface.tcl b51b08591554c16a0c3ef718364a508ac25abc7e
F www/capi3.tcl 7a7cc225fe02eb7ab861a6019b08baa0014409e1
-F www/capi3ref.tcl fab3d77e72fcea574e0fd52e6374d75143792f1c
+F www/capi3ref.tcl 3df3e9703aca711dcdbe6de94bd93456abf75078
F www/changes.tcl 7bbcf947aa71d4760cbd286ba176466e729c974f
F www/common.tcl 14d121c28532ad20c3e349caa4db708b0b822083
F www/compile.tcl 276546d7eb445add5a867193bbd80f6919a6b084
@@ -388,7 +388,7 @@
F www/vdbe.tcl 87a31ace769f20d3627a64fa1fade7fed47b90d0
F www/version3.tcl 890248cf7b70e60c383b0e84d77d5132b3ead42b
F www/whentouse.tcl 97e2b5cd296f7d8057e11f44427dea8a4c2db513
-P 5696e0cb771ea62df6f91cb03dfc428af1441e9e
-R adbd010d3035a48a51b9cccec0ffd93d
+P 4547c81f7da29b1490c6eba8d9c333218c5cb88f
+R 4e02aebf9882923b83a6bdd556e1b24b
U drh
-Z e780ba3f47ab009dda8d768d0c7835f6
+Z 0629764da6fb062720dc2a83a77f2d2f
diff --git a/manifest.uuid b/manifest.uuid
index 902b58c..6f97047 100644
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-4547c81f7da29b1490c6eba8d9c333218c5cb88f
\ No newline at end of file
+e029637e54e190c89206725a99e1ee7db6c23804
\ No newline at end of file
diff --git a/src/expr.c b/src/expr.c
index 32fb543..54b6488 100644
--- a/src/expr.c
+++ b/src/expr.c
@@ -12,7 +12,7 @@
** This file contains routines used for analyzing expressions and
** for generating VDBE code that evaluates expressions in SQLite.
**
-** $Id: expr.c,v 1.267 2006/08/24 14:59:46 drh Exp $
+** $Id: expr.c,v 1.268 2006/08/24 15:18:25 drh Exp $
*/
#include "sqliteInt.h"
#include <ctype.h>
@@ -1180,6 +1180,7 @@
}else{
is_agg = pDef->xFunc==0;
}
+#ifndef SQLITE_OMIT_AUTHORIZER
if( pDef ){
auth = sqlite3AuthCheck(pParse, SQLITE_FUNCTION, 0, pDef->zName, 0);
if( auth!=SQLITE_OK ){
@@ -1192,6 +1193,7 @@
return 1;
}
}
+#endif
if( is_agg && !pNC->allowAgg ){
sqlite3ErrorMsg(pParse, "misuse of aggregate function %.*s()", nId,zId);
pNC->nErr++;
diff --git a/www/capi3ref.tcl b/www/capi3ref.tcl
index 8e46efb..2d6661f 100644
--- a/www/capi3ref.tcl
+++ b/www/capi3ref.tcl
@@ -1,4 +1,4 @@
-set rcsid {$Id: capi3ref.tcl,v 1.42 2006/08/12 14:38:47 drh Exp $}
+set rcsid {$Id: capi3ref.tcl,v 1.43 2006/08/24 15:18:25 drh Exp $}
source common.tcl
header {C/C++ Interface For SQLite Version 3}
puts {
@@ -1198,29 +1198,52 @@
#define SQLITE_ALTER_TABLE 26 /* Database Name Table Name */
#define SQLITE_REINDEX 27 /* Index Name NULL */
#define SQLITE_ANALYZE 28 /* Table Name NULL */
+#define SQLITE_CREATE_VTABLE 29 /* Table Name Module Name */
+#define SQLITE_DROP_VTABLE 30 /* Table Name Module Name */
+#define SQLITE_FUNCTION 31 /* Function Name NULL */
#define SQLITE_DENY 1 /* Abort the SQL statement with an error */
#define SQLITE_IGNORE 2 /* Don't allow access, but don't generate an error */
} {
This routine registers a callback with the SQLite library. The
- callback is invoked (at compile-time, not at run-time) for each
- attempt to access a column of a table in the database. The callback should
+ callback is invoked by sqlite3_prepare() to authorize various
+ operations against the database. The callback should
return SQLITE_OK if access is allowed, SQLITE_DENY if the entire
SQL statement should be aborted with an error and SQLITE_IGNORE
- if the column should be treated as a NULL value.
+ if the operation should be treated as a no-op.
+
+ Each database connection have at most one authorizer registered
+ at a time one time. Each call
+ to sqlite3_set_authorizer() overrides the previous authorizer.
+ Setting the callback to NULL disables the authorizer.
The second argument to the access authorization function will be one
of the defined constants shown. These values signify what kind of operation
is to be authorized. The 3rd and 4th arguments to the authorization
- function will be arguments or NULL depending on which of the following
- codes is used as the second argument. The 5th argument is the name
- of the database ("main", "temp", etc.) if applicable. The 6th argument
+ function will be arguments or NULL depending on which of the
+ codes is used as the second argument. For example, if the the
+ 2nd argument code is SQLITE_READ then the 3rd argument will be the name
+ of the table that is being read from and the 4th argument will be the
+ name of the column that is being read from. Or if the 2nd argument
+ is SQLITE_FUNCTION then the 3rd argument will be the name of the
+ function that is being invoked and the 4th argument will be NULL.
+
+ The 5th argument is the name
+ of the database ("main", "temp", etc.) where applicable. The 6th argument
is the name of the inner-most trigger or view that is responsible for
the access attempt or NULL if this access attempt is directly from
input SQL code.
The return value of the authorization function should be one of the
- constants SQLITE_OK, SQLITE_DENY, or SQLITE_IGNORE.
+ constants SQLITE_OK, SQLITE_DENY, or SQLITE_IGNORE. A return of
+ SQLITE_OK means that the operation is permitted and that
+ sqlite3_prepare() can proceed as normal.
+ A return of SQLITE_DENY means that the sqlite3_prepare()
+ should fail with an error. A return of SQLITE_IGNORE causes the
+ sqlite3_prepare() to continue as normal but the requested
+ operation is silently converted into a no-op. A return of SQLITE_IGNORE
+ in response to an SQLITE_READ or SQLITE_FUNCTION causes the column
+ being read or the function being invoked to return a NULL.
The intent of this routine is to allow applications to safely execute
user-entered SQL. An appropriate callback can deny the user-entered