Title: [214237] trunk
- Revision
- 214237
- Author
- beid...@apple.com
- Date
- 2017-03-21 17:08:40 -0700 (Tue, 21 Mar 2017)
Log Message
Disable all virtual tables.
<rdar://problem/31081972> and https://bugs.webkit.org/show_bug.cgi?id=169928
Source/WebCore:
Reviewed by Jer Noble.
No new tests (Covered by changes to existing test).
* Modules/webdatabase/DatabaseAuthorizer.cpp:
(WebCore::DatabaseAuthorizer::createVTable):
(WebCore::DatabaseAuthorizer::dropVTable):
LayoutTests:
Reviewed by Jer Noble.
* storage/websql/test-authorizer-expected.txt:
* storage/websql/test-authorizer.js:
(createStatementsCallback):
Modified Paths
Diff
Modified: trunk/LayoutTests/ChangeLog (214236 => 214237)
--- trunk/LayoutTests/ChangeLog 2017-03-22 00:06:26 UTC (rev 214236)
+++ trunk/LayoutTests/ChangeLog 2017-03-22 00:08:40 UTC (rev 214237)
@@ -1,3 +1,14 @@
+2017-03-21 Brady Eidson <beid...@apple.com>
+
+ Disable all virtual tables.
+ <rdar://problem/31081972> and https://bugs.webkit.org/show_bug.cgi?id=169928
+
+ Reviewed by Jer Noble.
+
+ * storage/websql/test-authorizer-expected.txt:
+ * storage/websql/test-authorizer.js:
+ (createStatementsCallback):
+
2017-03-21 Zalan Bujtas <za...@apple.com>
Tear down descendant renderers when <slot>'s display value is set to no "contents".
Modified: trunk/LayoutTests/storage/websql/test-authorizer-expected.txt (214236 => 214237)
--- trunk/LayoutTests/storage/websql/test-authorizer-expected.txt 2017-03-22 00:06:26 UTC (rev 214236)
+++ trunk/LayoutTests/storage/websql/test-authorizer-expected.txt 2017-03-22 00:08:40 UTC (rev 214237)
@@ -7,6 +7,7 @@
SQLITE_CREATE_TRIGGER statement succeeded.
SQLITE_CREATE_VIEW statement succeeded.
SQLITE_CREATE_VTABLE statement failed: could not prepare statement (23 not authorized)
+SQLITE_CREATE_VTABLE (FTS3) statement failed: could not prepare statement (23 not authorized)
SQLITE_READ statement succeeded.
SQLITE_SELECT statement succeeded.
SQLITE_DELETE statement succeeded.
@@ -40,6 +41,7 @@
SQLITE_CREATE_TRIGGER statement failed: could not prepare statement (1 not authorized)
SQLITE_CREATE_VIEW statement failed: could not prepare statement (23 not authorized)
SQLITE_CREATE_VTABLE statement failed: could not prepare statement (23 not authorized)
+SQLITE_CREATE_VTABLE (FTS3) statement failed: could not prepare statement (23 not authorized)
SQLITE_CREATE_INDEX statement succeeded.
SQLITE_CREATE_TEMP_TABLE statement succeeded.
SQLITE_CREATE_TEMP_TRIGGER statement succeeded.
@@ -47,6 +49,7 @@
SQLITE_CREATE_TRIGGER statement succeeded.
SQLITE_CREATE_VIEW statement succeeded.
SQLITE_CREATE_VTABLE statement failed: could not prepare statement (23 not authorized)
+SQLITE_CREATE_VTABLE (FTS3) statement failed: could not prepare statement (23 not authorized)
SQLITE_READ statement succeeded.
SQLITE_SELECT statement succeeded.
SQLITE_DELETE statement failed: could not prepare statement (23 not authorized)
Modified: trunk/LayoutTests/storage/websql/test-authorizer.js (214236 => 214237)
--- trunk/LayoutTests/storage/websql/test-authorizer.js 2017-03-22 00:06:26 UTC (rev 214236)
+++ trunk/LayoutTests/storage/websql/test-authorizer.js 2017-03-22 00:08:40 UTC (rev 214237)
@@ -58,6 +58,7 @@
executeStatement(tx, "CREATE TRIGGER TestTrigger INSERT ON Test BEGIN SELECT COUNT(*) FROM Test; END;", "SQLITE_CREATE_TRIGGER");
executeStatement(tx, "CREATE VIEW TestView AS SELECT COUNT(*) FROM Test;", "SQLITE_CREATE_VIEW");
executeStatement(tx, "CREATE VIRTUAL TABLE TestVirtualTable USING MissingModule;", "SQLITE_CREATE_VTABLE");
+ executeStatement(tx, "CREATE VIRTUAL TABLE TestVirtualTableFTS USING fts3;", "SQLITE_CREATE_VTABLE (FTS3)");
}
function otherStatementsCallback(tx)
Modified: trunk/Source/WebCore/ChangeLog (214236 => 214237)
--- trunk/Source/WebCore/ChangeLog 2017-03-22 00:06:26 UTC (rev 214236)
+++ trunk/Source/WebCore/ChangeLog 2017-03-22 00:08:40 UTC (rev 214237)
@@ -1,3 +1,16 @@
+2017-03-21 Brady Eidson <beid...@apple.com>
+
+ Disable all virtual tables.
+ <rdar://problem/31081972> and https://bugs.webkit.org/show_bug.cgi?id=169928
+
+ Reviewed by Jer Noble.
+
+ No new tests (Covered by changes to existing test).
+
+ * Modules/webdatabase/DatabaseAuthorizer.cpp:
+ (WebCore::DatabaseAuthorizer::createVTable):
+ (WebCore::DatabaseAuthorizer::dropVTable):
+
2017-03-21 Anders Carlsson <ander...@apple.com>
Remove bogus availability annotations from DOM SPI headers.
Modified: trunk/Source/WebCore/Modules/webdatabase/DatabaseAuthorizer.cpp (214236 => 214237)
--- trunk/Source/WebCore/Modules/webdatabase/DatabaseAuthorizer.cpp 2017-03-22 00:06:26 UTC (rev 214236)
+++ trunk/Source/WebCore/Modules/webdatabase/DatabaseAuthorizer.cpp 2017-03-22 00:08:40 UTC (rev 214237)
@@ -282,29 +282,14 @@
return SQLAuthAllow;
}
-int DatabaseAuthorizer::createVTable(const String& tableName, const String& moduleName)
+int DatabaseAuthorizer::createVTable(const String&, const String&)
{
- if (!allowWrite())
- return SQLAuthDeny;
-
- // Allow only the FTS3 extension
- if (!equalLettersIgnoringASCIICase(moduleName, "fts3"))
- return SQLAuthDeny;
-
- m_lastActionChangedDatabase = true;
- return denyBasedOnTableName(tableName);
+ return SQLAuthDeny;
}
-int DatabaseAuthorizer::dropVTable(const String& tableName, const String& moduleName)
+int DatabaseAuthorizer::dropVTable(const String&, const String&)
{
- if (!allowWrite())
- return SQLAuthDeny;
-
- // Allow only the FTS3 extension
- if (!equalLettersIgnoringASCIICase(moduleName, "fts3"))
- return SQLAuthDeny;
-
- return updateDeletesBasedOnTableName(tableName);
+ return SQLAuthDeny;
}
int DatabaseAuthorizer::allowDelete(const String& tableName)
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes