diff options
| author | dan <dan@noemail.net> | 2013-10-03 12:29:38 +0000 |
|---|---|---|
| committer | dan <dan@noemail.net> | 2013-10-03 12:29:38 +0000 |
| commit | 46539d7cfab6202ed6a6b5de7de5a6256c16f1ba (patch) | |
| tree | 4adea647b4b003b296b8c2829ac17ec71506b3c2 /src/attach.c | |
| parent | 582d47d27a2540564bbf0bd060de73d1dd413e35 (diff) | |
| download | sqlite-46539d7cfab6202ed6a6b5de7de5a6256c16f1ba.tar.gz sqlite-46539d7cfab6202ed6a6b5de7de5a6256c16f1ba.zip | |
Return an error if an attempt is made to create a trigger with an SQL variable embedded within it. If such a variable reference is found within a trigger definition loaded from the sqlite_master table, silently replace it with a NULL.
FossilOrigin-Name: f35f6ae3da77dbdf5f7a4a9927475659fc6e0ca6
Diffstat (limited to 'src/attach.c')
| -rw-r--r-- | src/attach.c | 41 |
1 files changed, 32 insertions, 9 deletions
diff --git a/src/attach.c b/src/attach.c index 805305dab..7cefe252f 100644 --- a/src/attach.c +++ b/src/attach.c @@ -430,7 +430,7 @@ int sqlite3FixInit( ){ sqlite3 *db; - if( NEVER(iDb<0) || iDb==1 ) return 0; + if( NEVER(iDb<0) ) return 0; db = pParse->db; assert( db->nDb>iDb ); pFix->pParse = pParse; @@ -438,6 +438,7 @@ int sqlite3FixInit( pFix->pSchema = db->aDb[iDb].pSchema; pFix->zType = zType; pFix->pName = pName; + pFix->bVarOnly = (iDb==1); return 1; } @@ -466,15 +467,17 @@ int sqlite3FixSrcList( if( NEVER(pList==0) ) return 0; zDb = pFix->zDb; for(i=0, pItem=pList->a; i<pList->nSrc; i++, pItem++){ - if( pItem->zDatabase && sqlite3StrICmp(pItem->zDatabase, zDb) ){ - sqlite3ErrorMsg(pFix->pParse, - "%s %T cannot reference objects in database %s", - pFix->zType, pFix->pName, pItem->zDatabase); - return 1; + if( pFix->bVarOnly==0 ){ + if( pItem->zDatabase && sqlite3StrICmp(pItem->zDatabase, zDb) ){ + sqlite3ErrorMsg(pFix->pParse, + "%s %T cannot reference objects in database %s", + pFix->zType, pFix->pName, pItem->zDatabase); + return 1; + } + sqlite3DbFree(pFix->pParse->db, pItem->zDatabase); + pItem->zDatabase = 0; + pItem->pSchema = pFix->pSchema; } - sqlite3DbFree(pFix->pParse->db, pItem->zDatabase); - pItem->zDatabase = 0; - pItem->pSchema = pFix->pSchema; #if !defined(SQLITE_OMIT_VIEW) || !defined(SQLITE_OMIT_TRIGGER) if( sqlite3FixSelect(pFix, pItem->pSelect) ) return 1; if( sqlite3FixExpr(pFix, pItem->pOn) ) return 1; @@ -497,9 +500,21 @@ int sqlite3FixSelect( if( sqlite3FixExpr(pFix, pSelect->pWhere) ){ return 1; } + if( sqlite3FixExprList(pFix, pSelect->pGroupBy) ){ + return 1; + } if( sqlite3FixExpr(pFix, pSelect->pHaving) ){ return 1; } + if( sqlite3FixExprList(pFix, pSelect->pOrderBy) ){ + return 1; + } + if( sqlite3FixExpr(pFix, pSelect->pLimit) ){ + return 1; + } + if( sqlite3FixExpr(pFix, pSelect->pOffset) ){ + return 1; + } pSelect = pSelect->pPrior; } return 0; @@ -509,6 +524,14 @@ int sqlite3FixExpr( Expr *pExpr /* The expression to be fixed to one database */ ){ while( pExpr ){ + if( pExpr->op==TK_VARIABLE ){ + if( pFix->pParse->db->init.busy ){ + pExpr->op = TK_NULL; + }else{ + sqlite3ErrorMsg(pFix->pParse, "%s cannot use variables", pFix->zType); + return 1; + } + } if( ExprHasProperty(pExpr, EP_TokenOnly) ) break; if( ExprHasProperty(pExpr, EP_xIsSelect) ){ if( sqlite3FixSelect(pFix, pExpr->x.pSelect) ) return 1; |