Author: gstein
Date: Thu Apr 21 05:25:13 2011
New Revision: 1095598
URL: http://svn.apache.org/viewvc?rev=1095598&view=rev
Log:
Move the "prepare" function to private. This functionality should not be
used by Subversion code, as it opens us up to SQL injection (without lots
of particular care). We simply choose not to worry.
* subversion/include/private/svn_sqlite.h:
(svn_sqlite__prepare): remove
* subversion/libsvn_subr/sqlite.c:
(svn_sqlite__prepare): renamed to ...
(prepare_statement): ... this. make static and move its location in the
file above the first usage.
(svn_sqlite__get_statement, svn_sqlite__read_schema_version): update
call to prepare_statement.
Modified:
subversion/trunk/subversion/include/private/svn_sqlite.h
subversion/trunk/subversion/libsvn_subr/sqlite.c
Modified: subversion/trunk/subversion/include/private/svn_sqlite.h
URL:
http://svn.apache.org/viewvc/subversion/trunk/subversion/include/private/svn_sqlite.h?rev=1095598&r1=1095597&r2=1095598&view=diff
==============================================================================
--- subversion/trunk/subversion/include/private/svn_sqlite.h (original)
+++ subversion/trunk/subversion/include/private/svn_sqlite.h Thu Apr 21
05:25:13 2011
@@ -134,12 +134,6 @@ svn_error_t *
svn_sqlite__get_statement(svn_sqlite__stmt_t **stmt, svn_sqlite__db_t *db,
int stmt_idx);
-/* Prepare TEXT as a statement in DB, returning a statement in *STMT,
- allocated in RESULT_POOL. */
-svn_error_t *
-svn_sqlite__prepare(svn_sqlite__stmt_t **stmt, svn_sqlite__db_t *db,
- const char *text, apr_pool_t *result_pool);
-
/* ---------------------------------------------------------------------
Modified: subversion/trunk/subversion/libsvn_subr/sqlite.c
URL:
http://svn.apache.org/viewvc/subversion/trunk/subversion/libsvn_subr/sqlite.c?rev=1095598&r1=1095597&r2=1095598&view=diff
==============================================================================
--- subversion/trunk/subversion/libsvn_subr/sqlite.c (original)
+++ subversion/trunk/subversion/libsvn_subr/sqlite.c Thu Apr 21 05:25:13 2011
@@ -139,6 +139,20 @@ exec_sql(svn_sqlite__db_t *db, const cha
}
+static svn_error_t *
+prepare_statement(svn_sqlite__stmt_t **stmt, svn_sqlite__db_t *db,
+ const char *text, apr_pool_t *result_pool)
+{
+ *stmt = apr_palloc(result_pool, sizeof(**stmt));
+ (*stmt)->db = db;
+ (*stmt)->needs_reset = FALSE;
+
+ SQLITE_ERR(sqlite3_prepare_v2(db->db3, text, -1, &(*stmt)->s3stmt, NULL),
db);
+
+ return SVN_NO_ERROR;
+}
+
+
svn_error_t *
svn_sqlite__exec_statements(svn_sqlite__db_t *db, int stmt_idx)
{
@@ -155,9 +169,9 @@ svn_sqlite__get_statement(svn_sqlite__st
SVN_ERR_ASSERT(stmt_idx < db->nbr_statements);
if (db->prepared_stmts[stmt_idx] == NULL)
- SVN_ERR(svn_sqlite__prepare(&db->prepared_stmts[stmt_idx], db,
- db->statement_strings[stmt_idx],
- db->state_pool));
+ SVN_ERR(prepare_statement(&db->prepared_stmts[stmt_idx], db,
+ db->statement_strings[stmt_idx],
+ db->state_pool));
*stmt = db->prepared_stmts[stmt_idx];
@@ -167,19 +181,6 @@ svn_sqlite__get_statement(svn_sqlite__st
return SVN_NO_ERROR;
}
-svn_error_t *
-svn_sqlite__prepare(svn_sqlite__stmt_t **stmt, svn_sqlite__db_t *db,
- const char *text, apr_pool_t *result_pool)
-{
- *stmt = apr_palloc(result_pool, sizeof(**stmt));
- (*stmt)->db = db;
- (*stmt)->needs_reset = FALSE;
-
- SQLITE_ERR(sqlite3_prepare_v2(db->db3, text, -1, &(*stmt)->s3stmt, NULL),
db);
-
- return SVN_NO_ERROR;
-}
-
static svn_error_t *
step_with_expectation(svn_sqlite__stmt_t* stmt,
svn_boolean_t expecting_row)
@@ -668,7 +669,7 @@ svn_sqlite__read_schema_version(int *ver
{
svn_sqlite__stmt_t *stmt;
- SVN_ERR(svn_sqlite__prepare(&stmt, db, "PRAGMA user_version;",
scratch_pool));
+ SVN_ERR(prepare_statement(&stmt, db, "PRAGMA user_version;", scratch_pool));
SVN_ERR(svn_sqlite__step_row(stmt));
*version = svn_sqlite__column_int(stmt, 0);
