openbsd-ports/devel/cvstrac/patches/patch-db_c

177 lines
6.3 KiB
Plaintext
Raw Normal View History

$OpenBSD: patch-db_c,v 1.1.1.1 2009/02/17 00:16:04 sthen Exp $
http://www.cvstrac.org/cvstrac/chngview?cn=994
Avoid using sqlite internal functions.
http://www.cvstrac.org/cvstrac/chngview?cn=932
chng and inspect records are viewable by people with wiki read
permissions, not checkout.
http://www.cvstrac.org/cvstrac/chngview?cn=969
Use sqlite3_free() not free() on functions returning memory strings.
--- db.c.orig Thu Aug 7 01:15:31 2008
+++ db.c Thu Aug 7 01:15:21 2008
@@ -31,6 +31,7 @@
#include <errno.h>
#include <sqlite3.h>
#include <string.h>
+#include <strings.h>
#include <wchar.h>
#include "config.h"
#include "db.h"
@@ -125,7 +126,6 @@ static int query_authorizer(
** routine NULLs-out fields of the database we do not want arbitrary
** users to see, such as the USER.PASSWD field.
*/
-extern int sqlite3StrICmp(const char*, const char*);
static int access_authorizer(
void *NotUsed,
int type,
@@ -141,34 +141,34 @@ static int access_authorizer(
return SQLITE_OK;
#endif
}else if( type==SQLITE_READ ){
- if( sqlite3StrICmp(zArg1,"user")==0 ){
- if( sqlite3StrICmp(zArg2,"passwd")==0 || sqlite3StrICmp(zArg2,"email")==0 ){
+ if( strcasecmp(zArg1,"user")==0 ){
+ if( strcasecmp(zArg2,"passwd")==0 || strcasecmp(zArg2,"email")==0 ){
return SQLITE_IGNORE;
}
- }else if( sqlite3StrICmp(zArg1, "cookie")==0 ){
+ }else if( strcasecmp(zArg1, "cookie")==0 ){
return SQLITE_IGNORE;
- }else if( sqlite3StrICmp(zArg1, "config")==0 ){
+ }else if( strcasecmp(zArg1, "config")==0 ){
return SQLITE_IGNORE;
- }else if( !g.okSetup && sqlite3StrICmp(zArg1, "access_load")==0 ){
+ }else if( !g.okSetup && strcasecmp(zArg1, "access_load")==0 ){
return SQLITE_IGNORE;
- }else if( (!g.okWrite || g.isAnon) && sqlite3StrICmp(zArg1,"ticket")==0
- && sqlite3StrICmp(zArg2,"contact")==0){
+ }else if( (!g.okWrite || g.isAnon) && strcasecmp(zArg1,"ticket")==0
+ && strcasecmp(zArg2,"contact")==0){
return SQLITE_IGNORE;
- }else if( !g.okCheckout && sqlite3StrICmp(zArg1,"chng")==0 ){
+ }else if( !g.okRead && strcasecmp(zArg1,"chng")==0 ){
return SQLITE_IGNORE;
- }else if( !g.okCheckout && sqlite3StrICmp(zArg1,"filechng")==0 ){
+ }else if( !g.okCheckout && strcasecmp(zArg1,"filechng")==0 ){
return SQLITE_IGNORE;
- }else if( !g.okCheckout && sqlite3StrICmp(zArg1,"file")==0 ){
+ }else if( !g.okCheckout && strcasecmp(zArg1,"file")==0 ){
return SQLITE_IGNORE;
- }else if( !g.okCheckout && sqlite3StrICmp(zArg1,"inspect")==0 ){
+ }else if( !g.okRead && strcasecmp(zArg1,"inspect")==0 ){
return SQLITE_IGNORE;
- }else if( !g.okRead && sqlite3StrICmp(zArg1,"ticket")==0 ){
+ }else if( !g.okRead && strcasecmp(zArg1,"ticket")==0 ){
return SQLITE_IGNORE;
- }else if( !g.okRead && sqlite3StrICmp(zArg1,"tktchng")==0 ){
+ }else if( !g.okRead && strcasecmp(zArg1,"tktchng")==0 ){
return SQLITE_IGNORE;
- }else if( !g.okRdWiki && sqlite3StrICmp(zArg1,"attachment")==0 ){
+ }else if( !g.okRdWiki && strcasecmp(zArg1,"attachment")==0 ){
return SQLITE_IGNORE;
- }else if( !g.okRdWiki && sqlite3StrICmp(zArg1,"wiki")==0 ){
+ }else if( !g.okRdWiki && strcasecmp(zArg1,"wiki")==0 ){
return SQLITE_IGNORE;
}
return SQLITE_OK;
@@ -326,7 +326,7 @@ char **db_query(const char *zFormat, ...){
db_err( zErrMsg ? zErrMsg : sqlite3_errmsg(pDb), zSql,
"db_query: Database query failed" );
}
- free(zSql);
+ sqlite3_free(zSql);
if( sResult.azElem==0 ){
db_query_callback(&sResult, 0, 0, 0);
}
@@ -385,7 +385,7 @@ char *db_short_query(const char *zFormat, ...){
db_err( zErrMsg ? zErrMsg : sqlite3_errmsg(pDb), zSql,
"db_short_query: Database query failed" );
}
- free(zSql);
+ sqlite3_free(zSql);
return zResult;
}
@@ -409,7 +409,7 @@ void db_execute(const char *zFormat, ...){
if( rc!=SQLITE_OK ){
db_err(zErrMsg, zSql, "db_execute: Database execute failed");
}
- free(zSql);
+ sqlite3_free(zSql);
}
/*
@@ -448,7 +448,7 @@ int db_exists(const char *zFormat, ...){
if( rc!=SQLITE_OK ){
db_err(zErrMsg, zSql, "db_exists: Database exists query failed");
}
- free(zSql);
+ sqlite3_free(zSql);
return iResult;
}
@@ -470,6 +470,7 @@ char *db_query_check(const char *zFormat, ...){
db_restrict_query(1);
rc = sqlite3_exec(pDb, zSql, 0, 0, &zErrMsg);
db_restrict_query(0);
+ sqlite3_free(zSql);
return (rc!=SQLITE_OK) ? zErrMsg : 0;
}
@@ -538,7 +539,7 @@ void db_callback_query(
db_err(zErrMsg ? zErrMsg : sqlite3_errmsg(pDb), zSql,
"db_callback_query: Database query failed");
}
- free(zSql);
+ sqlite3_free(zSql);
}
/*
@@ -565,7 +566,7 @@ void db_callback_execute(
db_err(zErrMsg ? zErrMsg : sqlite3_errmsg(pDb), zSql,
"db_callback_execute: Database query failed");
}
- free(zSql);
+ sqlite3_free(zSql);
}
/*
@@ -672,7 +673,6 @@ static void f_cgi(sqlite3_context *context, int argc,
** name as an argument and returns the value that the user enters in the
** resulting HTML form. A second optional parameter provides a default value.
*/
-extern int sqlite3StrICmp(const char*, const char*);
static void f_aux(sqlite3_context *context, int argc, sqlite3_value **argv){
int i;
const char *zParm;
@@ -682,7 +682,7 @@ static void f_aux(sqlite3_context *context, int argc,
if( zParm==0 ) return;
for(i=0; i<g.nAux && g.azAuxName[i]; i++){
- if( sqlite3StrICmp(zParm,g.azAuxName[i])==0 ){
+ if( strcasecmp(zParm,g.azAuxName[i])==0 ){
if( g.azAuxVal[i] ){
sqlite3_result_text(context, g.azAuxVal[i], -1, SQLITE_STATIC);
}
@@ -712,7 +712,6 @@ static void f_aux(sqlite3_context *context, int argc,
** currently selected value. Results may be a single value column or
** two value,description columns. The first result row is the default.
*/
-extern int sqlite3StrICmp(const char*, const char*);
static void f_option(sqlite3_context *context, int argc, sqlite3_value **argv){
const char *zParm;
int i;
@@ -722,7 +721,7 @@ static void f_option(sqlite3_context *context, int arg
if( zParm==0 ) return;
for(i=0; i<g.nAux && g.azAuxName[i]; i++){
- if( sqlite3StrICmp(zParm,g.azAuxName[i])==0 ){
+ if( strcasecmp(zParm,g.azAuxName[i])==0 ){
if( g.azAuxVal[i] ){
sqlite3_result_text(context, g.azAuxVal[i], -1, SQLITE_STATIC);
}