webkitgtk-2.16.5HEAD webkitgtk-2.16.5 master

author: Lorry Tar Creator <lorry-tar-importer@lorry> 2017-06-27 06:07:23 +0000
committer: Lorry Tar Creator <lorry-tar-importer@lorry> 2017-06-27 06:07:23 +0000
commit: 1bf1084f2b10c3b47fd1a588d85d21ed0eb41d0c (patch)
tree: 46dcd36c86e7fbc6e5df36deb463b33e9967a6f7 /Source/WebCore/Modules/webdatabase/DatabaseAuthorizer.cpp
parent: 32761a6cee1d0dee366b885b7b9c777e67885688 (diff)
download: WebKitGtk-tarball-master.tar.gz
1 files changed, 16 insertions, 35 deletions
diff --git a/Source/WebCore/Modules/webdatabase/DatabaseAuthorizer.cpp b/Source/WebCore/Modules/webdatabase/DatabaseAuthorizer.cpp
index 13932fb01..f85f9207c 100644
--- a/Source/WebCore/Modules/webdatabase/DatabaseAuthorizer.cpp
+++ b/Source/WebCore/Modules/webdatabase/DatabaseAuthorizer.cpp
@@ -10,7 +10,7 @@
  * 2.  Redistributions in binary form must reproduce the above copyright
  *     notice, this list of conditions and the following disclaimer in the
  *     documentation and/or other materials provided with the distribution.
- * 3.  Neither the name of Apple Computer, Inc. ("Apple") nor the names of
+ * 3.  Neither the name of Apple Inc. ("Apple") nor the names of
  *     its contributors may be used to endorse or promote products derived
  *     from this software without specific prior written permission.
  *
@@ -29,14 +29,13 @@
 #include "config.h"
 #include "DatabaseAuthorizer.h"
 
-#include <wtf/PassRefPtr.h>
 #include <wtf/text/WTFString.h>
 
 namespace WebCore {
 
-PassRefPtr<DatabaseAuthorizer> DatabaseAuthorizer::create(const String& databaseInfoTableName)
+Ref<DatabaseAuthorizer> DatabaseAuthorizer::create(const String& databaseInfoTableName)
 {
-    return adoptRef(new DatabaseAuthorizer(databaseInfoTableName));
+    return adoptRef(*new DatabaseAuthorizer(databaseInfoTableName));
 }
 
 DatabaseAuthorizer::DatabaseAuthorizer(const String& databaseInfoTableName)
@@ -283,29 +282,14 @@ int DatabaseAuthorizer::dropTempView(const String&)
     return SQLAuthAllow;
 }
 
-int DatabaseAuthorizer::createVTable(const String& tableName, const String& moduleName)
+int DatabaseAuthorizer::createVTable(const String&, const String&)
 {
-    if (!allowWrite())
-        return SQLAuthDeny;
-
-    // Allow only the FTS3 extension
-    if (!equalIgnoringCase(moduleName, "fts3"))
-        return SQLAuthDeny;
-
-    m_lastActionChangedDatabase = true;
-    return denyBasedOnTableName(tableName);
+    return SQLAuthDeny;
 }
 
-int DatabaseAuthorizer::dropVTable(const String& tableName, const String& moduleName)
+int DatabaseAuthorizer::dropVTable(const String&, const String&)
 {
-    if (!allowWrite())
-        return SQLAuthDeny;
-
-    // Allow only the FTS3 extension
-    if (!equalIgnoringCase(moduleName, "fts3"))
-        return SQLAuthDeny;
-
-    return updateDeletesBasedOnTableName(tableName);
+    return SQLAuthDeny;
 }
 
 int DatabaseAuthorizer::allowDelete(const String& tableName)
@@ -344,7 +328,7 @@ int DatabaseAuthorizer::allowRead(const String& tableName, const String&)
 {
     if (m_permissions & NoAccessMask && m_securityEnabled)
         return SQLAuthDeny;
-    
+
     return denyBasedOnTableName(tableName);
 }
 
@@ -396,11 +380,6 @@ bool DatabaseAuthorizer::allowWrite()
     return !(m_securityEnabled && (m_permissions & ReadOnlyMask || m_permissions & NoAccessMask));
 }
 
-void DatabaseAuthorizer::setReadOnly()
-{
-    m_permissions |= ReadOnlyMask;
-}
-   
 void DatabaseAuthorizer::setPermissions(int permissions)
 {
     m_permissions = permissions;
@@ -412,12 +391,14 @@ int DatabaseAuthorizer::denyBasedOnTableName(const String& tableName) const
         return SQLAuthAllow;
 
     // Sadly, normal creates and drops end up affecting sqlite_master in an authorizer callback, so
-    // it will be tough to enforce all of the following policies
-    //if (equalIgnoringCase(tableName, "sqlite_master") || equalIgnoringCase(tableName, "sqlite_temp_master") ||
-    //    equalIgnoringCase(tableName, "sqlite_sequence") || equalIgnoringCase(tableName, Database::databaseInfoTableName()))
-    //        return SQLAuthDeny;
-
-    if (equalIgnoringCase(tableName, m_databaseInfoTableName))
+    // it will be tough to enforce all of the following policies.
+    // if (equalIgnoringASCIICase(tableName, "sqlite_master")
+    //      || equalIgnoringASCIICase(tableName, "sqlite_temp_master")
+    //      || equalIgnoringASCIICase(tableName, "sqlite_sequence")
+    //      || equalIgnoringASCIICase(tableName, Database::databaseInfoTableName()))
+    //    return SQLAuthDeny;
+
+    if (equalIgnoringASCIICase(tableName, m_databaseInfoTableName))
         return SQLAuthDeny;
 
     return SQLAuthAllow;
author	Lorry Tar Creator <lorry-tar-importer@lorry>	2017-06-27 06:07:23 +0000
committer	Lorry Tar Creator <lorry-tar-importer@lorry>	2017-06-27 06:07:23 +0000
commit	1bf1084f2b10c3b47fd1a588d85d21ed0eb41d0c (patch)
tree	46dcd36c86e7fbc6e5df36deb463b33e9967a6f7 /Source/WebCore/Modules/webdatabase/DatabaseAuthorizer.cpp
parent	32761a6cee1d0dee366b885b7b9c777e67885688 (diff)
download	WebKitGtk-tarball-master.tar.gz