Navigation

← Previous Changeset
Next Changeset →

Changeset 5

Timestamp:

11/14/07 09:08:03 (1 year ago)

Author:

Scott

Message:

Change extension INI option to allow extensions to be loaded from a single safe directory.

Files:

sqlite3/NEWS (modified) (1 diff)
sqlite3/TODO (modified) (1 diff)
sqlite3/php_sqlite3.h (modified) (1 diff)
sqlite3/sqlite3.c (modified) (5 diffs)

Legend:

: Unmodified
: Added
: Removed
: Modified
: Copied
: Moved

sqlite3/NEWS

r4	r5
11	11	- Changed numColumn to num_columns for consistency
12	12	- Fixed PHP 5.3 support
	13	- Removed sqlite3.enable_extensions INI option in favour of sqlite3.extension_dir
13	14
14	15	8 Nov 2007, PHP SQLite3 v0.2

sqlite3/TODO

r3 r5

3 3 - Bound Variables for Prepared Statements
4 4 - Check for encryption implementation
5 ~~- Change load extension code to load from a specific directory~~

sqlite3/php_sqlite3.h

r4	r5
38	38
39	39	ZEND_BEGIN_MODULE_GLOBALS(sqlite3)
40		zend_bool ~~allow_extensions~~;
41		char *extensions_dir;
	40	zend_bool extensions_enabled;
	41	char *extension_dir;
42	42	ZEND_END_MODULE_GLOBALS(sqlite3)
43	43

sqlite3/sqlite3.c

r4	r5
43	43	*/
44	44	PHP_INI_BEGIN()
45		STD_PHP_INI_ENTRY("sqlite3.allow_extensions", "0", PHP_INI_SYSTEM, OnUpdateBool, allow_extensions, zend_sqlite3_globals, sqlite3_globals)
46		STD_PHP_INI_ENTRY("sqlite3.extensions_dir", NULL, PHP_INI_SYSTEM, OnUpdateString, extensions_dir, zend_sqlite3_globals, sqlite3_globals)
	45	STD_PHP_INI_ENTRY("sqlite3.extension_dir", NULL, PHP_INI_SYSTEM, OnUpdateString, extension_dir, zend_sqlite3_globals, sqlite3_globals)
47	46	PHP_INI_END()
48	47	/* }}} */
…	…
115	114	}
116	115
117		if (SQLITE3G(allow_extensions)) {
	116	if (SQLITE3G(extension_dir) && strlen(SQLITE3G(extension_dir)) > 0) {
	117	SQLITE3G(extensions_enabled) = 1;
118	118	sqlite3_enable_load_extension(db->db, 1);
119	119	}
…	…
224	224	php_sqlite3_db *db;
225	225	zval *object = getThis();
226		char extension, fullpath, *errtext = NULL;
227		int extension_len;
	226	char extension, lib_path, extension_dir, errtext = NULL;
	227	char fullpath[MAXPATHLEN];
	228	int extension_len, extension_dir_len;
228	229	db = (php_sqlite3_db *)zend_object_store_get_object(object TSRMLS_CC);
229	230
…	…
233	234	}
234	235
235		if (!(fullpath = expand_filepath(extension, NULL TSRMLS_CC))) {
	236	if (!SQLITE3G(extensions_enabled)) {
	237	php_error_docref(NULL TSRMLS_CC, E_WARNING, "SQLite Extension are disabled");
	238	RETURN_FALSE;
	239	}
	240
	241	if (extension_len == 0) {
	242	php_error_docref(NULL TSRMLS_CC, E_WARNING, "Empty string as an extension");
	243	RETURN_FALSE;
	244	}
	245
	246	extension_dir = SQLITE3G(extension_dir);
	247	extension_dir_len = strlen(SQLITE3G(extension_dir));
	248
	249	if (IS_SLASH(extension_dir[extension_dir_len-1])) {
	250	spprintf(&lib_path, 0, "%s%s", extension_dir, extension);
	251	} else {
	252	spprintf(&lib_path, 0, "%s%c%s", extension_dir, DEFAULT_SLASH, extension);
	253	}
	254
	255	if (!VCWD_REALPATH(lib_path, fullpath)) {
	256	php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to load extension at '%s'", lib_path);
	257	RETURN_FALSE;
	258	}
	259
	260	if (strncmp(fullpath, extension_dir, extension_dir_len) != 0) {
	261	php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to open extensions ourside the defined directory");
236	262	RETURN_FALSE;
237	263	}
…	…
240	266	php_error_docref(NULL TSRMLS_CC, E_WARNING, "%s", errtext);
241	267	sqlite3_free(errtext);
242		if (fullpath) {
243		efree(fullpath);
244		}
245		RETURN_FALSE;
246		}
247
248		if (fullpath) {
249		efree(fullpath);
250		}
	268	RETURN_FALSE;
	269	}
	270
251	271	RETURN_TRUE;
252	272	}

r3	r5
3	3	- Bound Variables for Prepared Statements
4	4	- Check for encryption implementation
5		~~- Change load extension code to load from a specific directory~~

Navigation

Changeset 5

Legend:

sqlite3/NEWS

sqlite3/TODO

sqlite3/php_sqlite3.h

sqlite3/sqlite3.c

Download in other formats: