[Libreoffice-commits] core.git: Branch 'distro/collabora/co-2021' - connectivity/source external/hsqldb

Sun, 19 Feb 2023 11:04:20 -0800 

 connectivity/source/drivers/hsqldb/HDriver.cxx    |   31 ++++++++++++++++++++++
 external/hsqldb/UnpackedTarball_hsqldb.mk         |    1 
 external/hsqldb/patches/disable-dump-script.patch |   14 +++++++++
 3 files changed, 46 insertions(+)

New commits:
commit c948c8d3bb1433cde46319f3bb81693912371aea
Author:     Caolán McNamara <caol...@redhat.com>
AuthorDate: Mon Feb 13 13:56:10 2023 +0000
Commit:     Andras Timar <andras.ti...@collabora.com>
CommitDate: Sun Feb 19 19:03:48 2023 +0000

    disable script dump
    
    Change-Id: I04d740cc0fcf87daa192a0a6af34138278043a19
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/146986
    Tested-by: Jenkins
    Reviewed-by: Thorsten Behrens <thorsten.behr...@allotropia.de>
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/147051
    Tested-by: Thorsten Behrens <thorsten.behr...@allotropia.de>
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/147256
    Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoff...@gmail.com>
    Reviewed-by: Andras Timar <andras.ti...@collabora.com>

diff --git a/connectivity/source/drivers/hsqldb/HDriver.cxx 
b/connectivity/source/drivers/hsqldb/HDriver.cxx
index 6ff0f539407b..eee39911a255 100644
--- a/connectivity/source/drivers/hsqldb/HDriver.cxx
+++ b/connectivity/source/drivers/hsqldb/HDriver.cxx
@@ -290,6 +290,37 @@ namespace connectivity
                         } // if ( xStream.is() )
                         ::comphelper::disposeComponent(xStream);
                     }
+
+                    // disallow any database/script files that contain a 
"SCRIPT[.*]" entry (this is belt and braces
+                    // in that bundled hsqldb 1.8.0 is patched to also reject 
them)
+                    //
+                    // hsqldb 2.6.0 release notes have: added system role 
SCRIPT_OPS for export / import of database structure and data
+                    // which seems to provide a builtin way to do this with 
contemporary hsqldb
+                    const OUString sScript( "script" );
+                    if (!bIsNewDatabase && xStorage->isStreamElement(sScript))
+                    {
+                        Reference<XStream > xStream = 
xStorage->openStreamElement(sScript, ElementModes::READ);
+                        if (xStream.is())
+                        {
+                            std::unique_ptr<SvStream> 
pStream(::utl::UcbStreamHelper::CreateStream(xStream));
+                            if (pStream)
+                            {
+                                OString sLine;
+                                while (pStream->ReadLine(sLine))
+                                {
+                                    OString sText = sLine.trim();
+                                    if 
(sText.startsWithIgnoreAsciiCase("SCRIPT"))
+                                    {
+                                        ::connectivity::SharedResources 
aResources;
+                                        sMessage = 
aResources.getResourceString(STR_COULD_NOT_LOAD_FILE).replaceFirst("$filename$",
 sSystemPath);
+                                        break;
+                                    }
+                                }
+                            }
+                        } // if ( xStream.is() )
+                        ::comphelper::disposeComponent(xStream);
+                    }
+
                 }
                 catch(Exception&)
                 {
diff --git a/external/hsqldb/UnpackedTarball_hsqldb.mk 
b/external/hsqldb/UnpackedTarball_hsqldb.mk
index cbba770f19a0..ed262cccf4ca 100644
--- a/external/hsqldb/UnpackedTarball_hsqldb.mk
+++ b/external/hsqldb/UnpackedTarball_hsqldb.mk
@@ -29,6 +29,7 @@ $(eval $(call gb_UnpackedTarball_add_patches,hsqldb,\
                external/hsqldb/patches/jdbc-4.1.patch \
                external/hsqldb/patches/multipleResultSets.patch \
        ) \
+       external/hsqldb/patches/disable-dump-script.patch \
 ))
 
 # vim: set noet sw=4 ts=4:
diff --git a/external/hsqldb/patches/disable-dump-script.patch 
b/external/hsqldb/patches/disable-dump-script.patch
new file mode 100644
index 000000000000..401dd38abc9a
--- /dev/null
+++ b/external/hsqldb/patches/disable-dump-script.patch
@@ -0,0 +1,14 @@
+--- a/hsqldb/src/org/hsqldb/DatabaseCommandInterpreter.java    2023-02-13 
11:08:11.297243034 +0000
++++ b/hsqldb/src/org/hsqldb/DatabaseCommandInterpreter.java    2023-02-13 
13:49:17.973089433 +0000
+@@ -403,6 +403,11 @@
+                     throw Trace.error(Trace.INVALID_IDENTIFIER);
+                 }
+ 
++                // added condition to avoid execution of spurious command in 
.script or .log file
++                if (session.isProcessingScript() || 
session.isProcessingLog()) {
++                    return new Result(ResultConstants.UPDATECOUNT);
++                }
++
+                 dsw = new ScriptWriterText(database, token, true, true, true);
+ 
+                 dsw.writeAll();

Reply via email to