diff options
author | Caolán McNamara <caolanm@redhat.com> | 2023-02-13 13:56:10 +0000 |
---|---|---|
committer | Andras Timar <andras.timar@collabora.com> | 2023-03-26 19:24:25 +0200 |
commit | e304569f8815f493689d012b9998c985c2fb0e03 (patch) | |
tree | 559630430001f2894e5e10d29dfb9eb9fff1e91d | |
parent | d007905f89ac17622dbc683840286392a9c8b08d (diff) |
disable script dump
Change-Id: I04d740cc0fcf87daa192a0a6af34138278043a19
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/146986
Tested-by: Jenkins
Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/147051
Tested-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/147256
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Andras Timar <andras.timar@collabora.com>
-rw-r--r-- | connectivity/source/drivers/hsqldb/HDriver.cxx | 31 | ||||
-rw-r--r-- | external/hsqldb/UnpackedTarball_hsqldb.mk | 1 | ||||
-rw-r--r-- | external/hsqldb/patches/disable-dump-script.patch | 14 |
3 files changed, 46 insertions, 0 deletions
diff --git a/connectivity/source/drivers/hsqldb/HDriver.cxx b/connectivity/source/drivers/hsqldb/HDriver.cxx index e4d4e399ba2a..1027b689b532 100644 --- a/connectivity/source/drivers/hsqldb/HDriver.cxx +++ b/connectivity/source/drivers/hsqldb/HDriver.cxx @@ -290,6 +290,37 @@ namespace connectivity } // if ( xStream.is() ) ::comphelper::disposeComponent(xStream); } + + // disallow any database/script files that contain a "SCRIPT[.*]" entry (this is belt and braces + // in that bundled hsqldb 1.8.0 is patched to also reject them) + // + // hsqldb 2.6.0 release notes have: added system role SCRIPT_OPS for export / import of database structure and data + // which seems to provide a builtin way to do this with contemporary hsqldb + const OUString sScript( "script" ); + if (!bIsNewDatabase && xStorage->isStreamElement(sScript)) + { + Reference<XStream > xStream = xStorage->openStreamElement(sScript, ElementModes::READ); + if (xStream.is()) + { + std::unique_ptr<SvStream> pStream(::utl::UcbStreamHelper::CreateStream(xStream)); + if (pStream) + { + OString sLine; + while (pStream->ReadLine(sLine)) + { + OString sText = sLine.trim(); + if (sText.startsWithIgnoreAsciiCase("SCRIPT")) + { + ::connectivity::SharedResources aResources; + sMessage = aResources.getResourceString(STR_COULD_NOT_LOAD_FILE).replaceFirst("$filename$", sSystemPath); + break; + } + } + } + } // if ( xStream.is() ) + ::comphelper::disposeComponent(xStream); + } + } catch(Exception&) { diff --git a/external/hsqldb/UnpackedTarball_hsqldb.mk b/external/hsqldb/UnpackedTarball_hsqldb.mk index cbba770f19a0..ed262cccf4ca 100644 --- a/external/hsqldb/UnpackedTarball_hsqldb.mk +++ b/external/hsqldb/UnpackedTarball_hsqldb.mk @@ -29,6 +29,7 @@ $(eval $(call gb_UnpackedTarball_add_patches,hsqldb,\ external/hsqldb/patches/jdbc-4.1.patch \ external/hsqldb/patches/multipleResultSets.patch \ ) \ + external/hsqldb/patches/disable-dump-script.patch \ )) # vim: set noet sw=4 ts=4: diff --git a/external/hsqldb/patches/disable-dump-script.patch b/external/hsqldb/patches/disable-dump-script.patch new file mode 100644 index 000000000000..401dd38abc9a --- /dev/null +++ b/external/hsqldb/patches/disable-dump-script.patch @@ -0,0 +1,14 @@ +--- a/hsqldb/src/org/hsqldb/DatabaseCommandInterpreter.java 2023-02-13 11:08:11.297243034 +0000 ++++ b/hsqldb/src/org/hsqldb/DatabaseCommandInterpreter.java 2023-02-13 13:49:17.973089433 +0000 +@@ -403,6 +403,11 @@ + throw Trace.error(Trace.INVALID_IDENTIFIER); + } + ++ // added condition to avoid execution of spurious command in .script or .log file ++ if (session.isProcessingScript() || session.isProcessingLog()) { ++ return new Result(ResultConstants.UPDATECOUNT); ++ } ++ + dsw = new ScriptWriterText(database, token, true, true, true); + + dsw.writeAll(); |