1 files changed, 47 insertions, 3 deletions
diff --git a/src/sqlite.h.in b/src/sqlite.h.in
index 50976ee16..dc8bf4a38 100644
--- a/src/sqlite.h.in
+++ b/src/sqlite.h.in
@@ -2265,6 +2265,33 @@ struct sqlite3_mem_methods {
 ** compile-time option.
 ** </dd>
 **
+** [[SQLITE_DBCONFIG_UNSAFE_FUNC_IN_VIEW]]
+** <dt>SQLITE_DBCONFIG_UNSAFE_FUNC_IN_VIEW</td>
+** <dd>The SQLITE_DBCONFIG_UNSAFE_FUNC_IN_VIEW option activates or deactivates
+** the ability to use SQL functions that have side-effects inside of
+** triggers and views.  For legacy compatibility, this setting defaults
+** to "on".  Applications that are operating on untrusted database files
+** are advised to change this setting to "off".  When this setting is on,
+** only functions that have no side effects are usable inside of views.
+** This prevents an attacker from modifying the schema of a database so
+** that views and/or triggers with undesirable side-effects are run when
+** the application innocently tries to access what it thinks is an ordinary
+** table.
+** </dd>
+**
+** [[SQLITE_DBCONFIG_VTAB_IN_VIEW]]
+** <dt>SQLITE_DBCONFIG_VTAB_IN_VIEW</td>
+** <dd>The SQLITE_DBCONFIG_VTAB_IN_VIEW option activates or deactivates
+** the ability to use [virtual tables] inside of triggers and views.
+** For legacy compatibility, this setting defaults
+** to "on".  Applications that are operating on untrusted database files
+** are advised to change this setting to "off".  Turning this setting off
+** prevents an attacker from modifying the schema of a database so
+** that views and/or triggers with undesirable side-effects are run when
+** the application innocently tries to access what it thinks is an ordinary
+** table.
+** </dd>
+**
 ** [[SQLITE_DBCONFIG_LEGACY_FILE_FORMAT]]
 ** <dt>SQLITE_DBCONFIG_LEGACY_FILE_FORMAT</td>
 ** <dd>The SQLITE_DBCONFIG_LEGACY_FILE_FORMAT option activates or deactivates
@@ -2305,7 +2332,9 @@ struct sqlite3_mem_methods {
 #define SQLITE_DBCONFIG_DQS_DDL               1014 /* int int* */
 #define SQLITE_DBCONFIG_ENABLE_VIEW           1015 /* int int* */
 #define SQLITE_DBCONFIG_LEGACY_FILE_FORMAT    1016 /* int int* */
-#define SQLITE_DBCONFIG_MAX                   1016 /* Largest DBCONFIG */
+#define SQLITE_DBCONFIG_UNSAFE_FUNC_IN_VIEW   1017 /* int int* */
+#define SQLITE_DBCONFIG_VTAB_IN_VIEW          1018 /* int int* */
+#define SQLITE_DBCONFIG_MAX                   1018 /* Largest DBCONFIG */
 
 /*
 ** CAPI3REF: Enable Or Disable Extended Result Codes
@@ -4996,12 +5025,26 @@ int sqlite3_create_window_function(
 ** [sqlite3_create_function_v2()].
 **
 ** The SQLITE_DETERMINISTIC flag means that the new function always gives
-** the same output when the input parameters are the same. The abs() function
-** is deterministic, for example, but randomblob() is not.  Functions must
+** the same output when the input parameters are the same.
+** The [abs|abs() function] is deterministic, for example, but
+** [randomblob|randomblob()] is not.  Functions must
 ** be deterministic in order to be used in certain contexts such as
 ** [CHECK constraints] or [generated columns].  SQLite might also optimize
 ** deterministic functions by factoring them out of inner loops.
 **
+** The SQLITE_INNOCUOUS flag means that the new function is unlikely
+** to cause problems even if misused.  An innocuous function should have
+** no side effects and consume few resources. The [abs|abs() function] 
+** is an example of an innocuous function.
+** The [load_extension() SQL function] is not innocuous because of its
+** side effects.  Some heightened security settings
+** ([SQLITE_DBCONFIG_UNSAFE_FUNC_IN_VIEW])
+** disable the use of SQLlfunctions inside views and triggers unless
+** the function is tagged with SQLITE_INNOCUOUS.  Most built-in functions
+** are innocuous.  Developers are advised to avoid using the
+** SQLITE_INNOCUOUS flag for application-defined functions unless the
+** function is specifically intended for use inside of views and triggers.
+**
 ** The SQLITE_DIRECTONLY flag means that the function may only be invoked
 ** from top-level SQL, and cannot be used in VIEWs or TRIGGERs.  This is
 ** a security feature which is recommended for all 
@@ -5021,6 +5064,7 @@ int sqlite3_create_window_function(
 #define SQLITE_DETERMINISTIC    0x000000800
 #define SQLITE_DIRECTONLY       0x000080000
 #define SQLITE_SUBTYPE          0x000100000
+#define SQLITE_INNOCUOUS        0x000200000
 
 /*
 ** CAPI3REF: Deprecated Functions