diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/expr.c | 15 | ||||
| -rw-r--r-- | src/sqlite.h.in | 3 | ||||
| -rw-r--r-- | src/tclsqlite.c | 7 |
3 files changed, 21 insertions, 4 deletions
diff --git a/src/expr.c b/src/expr.c index 4e8d322b9..32fb543cc 100644 --- a/src/expr.c +++ b/src/expr.c @@ -12,7 +12,7 @@ ** This file contains routines used for analyzing expressions and ** for generating VDBE code that evaluates expressions in SQLite. ** -** $Id: expr.c,v 1.266 2006/07/11 13:15:08 drh Exp $ +** $Id: expr.c,v 1.267 2006/08/24 14:59:46 drh Exp $ */ #include "sqliteInt.h" #include <ctype.h> @@ -1161,6 +1161,7 @@ static int nameResolverStep(void *pArg, Expr *pExpr){ int wrong_num_args = 0; /* True if wrong number of arguments */ int is_agg = 0; /* True if is an aggregate function */ int i; + int auth; /* Authorization to use the function */ int nId; /* Number of characters in function name */ const char *zId; /* The function name. */ FuncDef *pDef; /* Information about the function */ @@ -1179,6 +1180,18 @@ static int nameResolverStep(void *pArg, Expr *pExpr){ }else{ is_agg = pDef->xFunc==0; } + if( pDef ){ + auth = sqlite3AuthCheck(pParse, SQLITE_FUNCTION, 0, pDef->zName, 0); + if( auth!=SQLITE_OK ){ + if( auth==SQLITE_DENY ){ + sqlite3ErrorMsg(pParse, "not authorized to use function: %s", + pDef->zName); + pNC->nErr++; + } + pExpr->op = TK_NULL; + return 1; + } + } if( is_agg && !pNC->allowAgg ){ sqlite3ErrorMsg(pParse, "misuse of aggregate function %.*s()", nId,zId); pNC->nErr++; diff --git a/src/sqlite.h.in b/src/sqlite.h.in index 7a32e972f..a1fbf7e82 100644 --- a/src/sqlite.h.in +++ b/src/sqlite.h.in @@ -12,7 +12,7 @@ ** This header file defines the interface that the SQLite library ** presents to client programs. ** -** @(#) $Id: sqlite.h.in,v 1.188 2006/08/23 20:07:22 drh Exp $ +** @(#) $Id: sqlite.h.in,v 1.189 2006/08/24 14:59:46 drh Exp $ */ #ifndef _SQLITE3_H_ #define _SQLITE3_H_ @@ -478,6 +478,7 @@ int sqlite3_set_authorizer( #define SQLITE_ANALYZE 28 /* Table Name NULL */ #define SQLITE_CREATE_VTABLE 29 /* Table Name Module Name */ #define SQLITE_DROP_VTABLE 30 /* Table Name Module Name */ +#define SQLITE_FUNCTION 31 /* Function Name NULL */ /* ** The return value of the authorization function should be one of the diff --git a/src/tclsqlite.c b/src/tclsqlite.c index 1d5eee14b..e7b317041 100644 --- a/src/tclsqlite.c +++ b/src/tclsqlite.c @@ -11,7 +11,7 @@ ************************************************************************* ** A TCL Interface to SQLite ** -** $Id: tclsqlite.c,v 1.168 2006/08/24 02:42:28 drh Exp $ +** $Id: tclsqlite.c,v 1.169 2006/08/24 14:59:46 drh Exp $ */ #ifndef NO_TCL /* Omit this whole file if TCL is unavailable */ @@ -553,6 +553,7 @@ static int auth_callback( case SQLITE_ANALYZE : zCode="SQLITE_ANALYZE"; break; case SQLITE_CREATE_VTABLE : zCode="SQLITE_CREATE_VTABLE"; break; case SQLITE_DROP_VTABLE : zCode="SQLITE_DROP_VTABLE"; break; + case SQLITE_FUNCTION : zCode="SQLITE_FUNCTION"; break; default : zCode="????"; break; } Tcl_DStringInit(&str); @@ -2068,9 +2069,12 @@ static int DbMain(void *cd, Tcl_Interp *interp, int objc,Tcl_Obj *const*objv){ return TCL_ERROR; } p->maxStmt = NUM_PREPARED_STMTS; + p->interp = interp; zArg = Tcl_GetStringFromObj(objv[1], 0); Tcl_CreateObjCommand(interp, zArg, DbObjCmd, (char*)p, DbDeleteCmd); + /* If a TCL procedure named "::sqlite3_init + /* If compiled with SQLITE_TEST turned on, then register the "md5sum" ** SQL function. */ @@ -2087,7 +2091,6 @@ static int DbMain(void *cd, Tcl_Interp *interp, int objc,Tcl_Obj *const*objv){ #endif } #endif - p->interp = interp; return TCL_OK; } |