Begin making changes to turn off trusted schema in command-line tools that
open SQLite databases. There are a lot of these, and a lot of places to
change, which makes me wonder if trusted schema out to be off by default.
FossilOrigin-Name: 3d23a275ab5d7d5052130c74cc59025cf6a99cc933cd30cfbcca2a3eaddbb999
diff --git a/manifest b/manifest
index eaa24e1..3db60a1 100644
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Documentation\supdates\son\snewer\sAPIs.\s\sNo\schanges\sto\scode.
-D 2020-01-10T00:00:18.770
+C Begin\smaking\schanges\sto\sturn\soff\strusted\sschema\sin\scommand-line\stools\sthat\nopen\sSQLite\sdatabases.\s\sThere\sare\sa\slot\sof\sthese,\sand\sa\slot\sof\splaces\sto\nchange,\swhich\smakes\sme\swonder\sif\strusted\sschema\sout\sto\sbe\soff\sby\sdefault.
+D 2020-01-10T00:20:41.072
F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
F LICENSE.md df5091916dbb40e6e9686186587125e1b2ff51f022cc334e886c19a0e9982724
@@ -531,7 +531,7 @@
F src/resolve.c 1139e3157c710c6e6f04fe726f4e0d8bdb1ae89a276d3b0ca4975af163141c9c
F src/rowset.c d977b011993aaea002cab3e0bb2ce50cf346000dff94e944d547b989f4b1fe93
F src/select.c 924b61cef57033a8ca1ed3dcffd02445a7dd0c837cc849b2e4117251cac831f5
-F src/shell.c.in 43d3cfbee97d78ca5782dc53e4c1e22d3cc15c91beff20889dc60551f47eab9f
+F src/shell.c.in a68cd2a90e86dfb63fbf5a003a807013f30ea490ffb6cf54d10499bb12d2116a
F src/sqlite.h.in 0ed2c973fcfa1e2ce120b35827a23e252719c3337ff64a1f76b800b53169d56e
F src/sqlite3.rc 5121c9e10c3964d5755191c80dd1180c122fc3a8
F src/sqlite3ext.h 72af51aa4e912e14cd495fb6e7fac65f0940db80ed950d90911aff292cc47ce2
@@ -1821,7 +1821,7 @@
F tool/speedtest8.c 2902c46588c40b55661e471d7a86e4dd71a18224
F tool/speedtest8inst1.c 7ce07da76b5e745783e703a834417d725b7d45fd
F tool/split-sqlite3c.tcl 3efcd4240b738f6bb2b5af0aea7e1e0ef9bc1c61654f645076cec883030b710c
-F tool/sqldiff.c 7b9b7238284f02131dbb8f21a4e862409bff728045c5473139d28c67ac87580e
+F tool/sqldiff.c 270266966100dcb57490bdd933bb145c06cdef85afc856f7354d3f3a25c0ff1c
F tool/sqlite3_analyzer.c.in 7eeaae8b0d7577662acaabbb11107af0659d1b41bc1dfdd4d91422de27127968
F tool/sqltclsh.c.in 1bcc2e9da58fadf17b0bf6a50e68c1159e602ce057210b655d50bad5aaaef898
F tool/sqltclsh.tcl 862f4cf1418df5e1315b5db3b5ebe88969e2a784525af5fbf9596592f14ed848
@@ -1856,7 +1856,10 @@
F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
-P 20237d5dc4451f142b511e50a4acef4574cef17b9222c87dcebfe1ed1bab0ad9
-R 62d7e9ceb3c6bf2163d7b131b5c92b18
+P 8845a8c22a4ceabee130ce2addbe07e13b0496eeb542c89850f8658d21a48f89
+R 6d7d6cc0b2b3dc095c65be57f394a405
+T *branch * default-untrusted-schema
+T *sym-default-untrusted-schema *
+T -sym-trunk *
U drh
-Z 8e437f19b27b8e5454199c775779247a
+Z 910a86746ff9d57b9bd1611487c6e73d
diff --git a/manifest.uuid b/manifest.uuid
index d68bfd4..18fb356 100644
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-8845a8c22a4ceabee130ce2addbe07e13b0496eeb542c89850f8658d21a48f89
\ No newline at end of file
+3d23a275ab5d7d5052130c74cc59025cf6a99cc933cd30cfbcca2a3eaddbb999
\ No newline at end of file
diff --git a/src/shell.c.in b/src/shell.c.in
index 1182055..806c329 100644
--- a/src/shell.c.in
+++ b/src/shell.c.in
@@ -4162,6 +4162,7 @@
}
exit(1);
}
+ sqlite3_db_config(p->db, SQLITE_DBCONFIG_TRUSTED_SCHEMA, 0, 0);
#ifndef SQLITE_OMIT_LOAD_EXTENSION
sqlite3_enable_load_extension(p->db, 1);
#endif
@@ -4848,6 +4849,7 @@
sqlite3_errmsg(newDb));
}else{
sqlite3_exec(p->db, "PRAGMA writable_schema=ON;", 0, 0, 0);
+ sqlite3_db_config(newDb, SQLITE_DBCONFIG_TRUSTED_SCHEMA, 0, 0);
sqlite3_exec(newDb, "BEGIN EXCLUSIVE;", 0, 0, 0);
tryToCloneSchema(p, newDb, "type='table'", tryToCloneData);
tryToCloneSchema(p, newDb, "type!='table'", 0);
@@ -6171,6 +6173,7 @@
);
goto end_ar_command;
}
+ sqlite3_db_config(cmd.db, SQLITE_DBCONFIG_TRUSTED_SCHEMA, 0, 0);
sqlite3_fileio_init(cmd.db, 0, 0);
sqlite3_sqlar_init(cmd.db, 0, 0);
sqlite3_create_function(cmd.db, "shell_putsnl", 1, SQLITE_UTF8, cmd.p,
@@ -7023,6 +7026,7 @@
close_db(pDest);
return 1;
}
+ sqlite3_db_config(pDest, SQLITE_DBCONFIG_TRUSTED_SCHEMA, 0, 0);
if( bAsync ){
sqlite3_exec(pDest, "PRAGMA synchronous=OFF; PRAGMA journal_mode=OFF;",
0, 0, 0);
@@ -8390,6 +8394,7 @@
return 1;
}
open_db(p, 0);
+ sqlite3_db_config(pSrc, SQLITE_DBCONFIG_TRUSTED_SCHEMA, 0, 0);
pBackup = sqlite3_backup_init(p->db, zDb, pSrc, "main");
if( pBackup==0 ){
utf8_printf(stderr, "Error: %s\n", sqlite3_errmsg(p->db));
diff --git a/tool/sqldiff.c b/tool/sqldiff.c
index 9f5b6fe..e9571d4 100644
--- a/tool/sqldiff.c
+++ b/tool/sqldiff.c
@@ -1955,6 +1955,7 @@
if( rc ){
cmdlineError("cannot open database file \"%s\"", zDb1);
}
+ sqlite3_db_config(g.db, SQLITE_DBCONFIG_TRUSTED_SCHEMA, 0, 0);
rc = sqlite3_exec(g.db, "SELECT * FROM sqlite_master", 0, 0, &zErrMsg);
if( rc || zErrMsg ){
cmdlineError("\"%s\" does not appear to be a valid SQLite database", zDb1);