diff options
-rw-r--r-- | ext/sqlite3/php_sqlite3.h | 1 | ||||
-rw-r--r-- | ext/sqlite3/sqlite3.c | 9 | ||||
-rw-r--r-- | ext/sqlite3/tests/sqlite3_defensive.phpt | 40 | ||||
-rw-r--r-- | php.ini-development | 11 | ||||
-rw-r--r-- | php.ini-production | 11 |
5 files changed, 72 insertions, 0 deletions
diff --git a/ext/sqlite3/php_sqlite3.h b/ext/sqlite3/php_sqlite3.h index cfb3327d71..411c4eb0ba 100644 --- a/ext/sqlite3/php_sqlite3.h +++ b/ext/sqlite3/php_sqlite3.h @@ -26,6 +26,7 @@ extern zend_module_entry sqlite3_module_entry; ZEND_BEGIN_MODULE_GLOBALS(sqlite3) char *extension_dir; + int dbconfig_defensive; ZEND_END_MODULE_GLOBALS(sqlite3) #ifdef ZTS diff --git a/ext/sqlite3/sqlite3.c b/ext/sqlite3/sqlite3.c index 45c5b4e5bb..205d972550 100644 --- a/ext/sqlite3/sqlite3.c +++ b/ext/sqlite3/sqlite3.c @@ -79,6 +79,9 @@ static void php_sqlite3_error(php_sqlite3_db_object *db_obj, char *format, ...) */ PHP_INI_BEGIN() STD_PHP_INI_ENTRY("sqlite3.extension_dir", NULL, PHP_INI_SYSTEM, OnUpdateString, extension_dir, zend_sqlite3_globals, sqlite3_globals) +#if SQLITE_VERSION_NUMBER >= 3026000 + STD_PHP_INI_ENTRY("sqlite3.defensive", "1", PHP_INI_SYSTEM, OnUpdateBool, dbconfig_defensive, zend_sqlite3_globals, sqlite3_globals) +#endif PHP_INI_END() /* }}} */ @@ -160,6 +163,12 @@ PHP_METHOD(sqlite3, open) sqlite3_set_authorizer(db_obj->db, php_sqlite3_authorizer, NULL); } +#if SQLITE_VERSION_NUMBER >= 3026000 + if (SQLITE3G(dbconfig_defensive)) { + sqlite3_db_config(db_obj->db, SQLITE_DBCONFIG_DEFENSIVE, 1, NULL); + } +#endif + if (fullpath != filename) { efree(fullpath); } diff --git a/ext/sqlite3/tests/sqlite3_defensive.phpt b/ext/sqlite3/tests/sqlite3_defensive.phpt new file mode 100644 index 0000000000..064d87b50a --- /dev/null +++ b/ext/sqlite3/tests/sqlite3_defensive.phpt @@ -0,0 +1,40 @@ +--TEST-- +SQLite3 defensive mode ini setting +--SKIPIF-- +<?php require_once(__DIR__ . '/skipif.inc'); + +if (SQLite3::version()['versionNumber'] < 3026000) { + die("skip: sqlite3 library version < 3.26: no support for defensive mode"); +} + +?> +--INI-- +sqlite3.defensive=On +--FILE-- +<?php + +$db = new SQLite3(':memory:'); +var_dump($db->exec('CREATE TABLE test (a, b);')); + +// This does not generate an error! +var_dump($db->exec('PRAGMA writable_schema = ON;')); +var_dump($db->querySingle('PRAGMA writable_schema;')); + +// Should be 1 +var_dump($db->querySingle('SELECT COUNT(*) FROM sqlite_master;')); + +// Should generate an error! +var_dump($db->querySingle('DELETE FROM sqlite_master;')); + +// Should still be 1 +var_dump($db->querySingle('SELECT COUNT(*) FROM sqlite_master;')); +?> +--EXPECTF-- +bool(true) +bool(true) +int(1) +int(1) + +Warning: SQLite3::querySingle(): Unable to prepare statement: 1, table sqlite_master may not be modified in %s on line %d +bool(false) +int(1)
\ No newline at end of file diff --git a/php.ini-development b/php.ini-development index 979d8627b2..9dfb1d50df 100644 --- a/php.ini-development +++ b/php.ini-development @@ -996,8 +996,19 @@ cli_server.color = On ;intl.use_exceptions = 0 [sqlite3] +; Directory pointing to SQLite3 extensions +; http://php.net/sqlite3.extension-dir ;sqlite3.extension_dir = +; SQLite defensive mode flag (only available from SQLite 3.26+) +; When the defensive flag is enabled, language features that allow ordinary +; SQL to deliberately corrupt the database file are disabled. This forbids +; writing directly to the schema, shadow tables (eg. FTS data tables), or +; the sqlite_dbpage virtual table. +; https://www.sqlite.org/c3ref/c_dbconfig_defensive.html +; (for older SQLite versions, this flag has no use) +sqlite3.defensive = 1 + [Pcre] ; PCRE library backtracking limit. ; http://php.net/pcre.backtrack-limit diff --git a/php.ini-production b/php.ini-production index be9f3a4eed..1dc30a09f6 100644 --- a/php.ini-production +++ b/php.ini-production @@ -996,8 +996,19 @@ cli_server.color = On ;intl.use_exceptions = 0 [sqlite3] +; Directory pointing to SQLite3 extensions +; http://php.net/sqlite3.extension-dir ;sqlite3.extension_dir = +; SQLite defensive mode flag (only available from SQLite 3.26+) +; When the defensive flag is enabled, language features that allow ordinary +; SQL to deliberately corrupt the database file are disabled. This forbids +; writing directly to the schema, shadow tables (eg. FTS data tables), or +; the sqlite_dbpage virtual table. +; https://www.sqlite.org/c3ref/c_dbconfig_defensive.html +; (for older SQLite versions, this flag has no use) +sqlite3.defensive = 1 + [Pcre] ; PCRE library backtracking limit. ; http://php.net/pcre.backtrack-limit |