connectivity/source/drivers/hsqldb/HDriver.cxx | 31 ++++++++++++++++++++++
external/hsqldb/UnpackedTarball_hsqldb.mk | 1
external/hsqldb/patches/disable-dump-script.patch | 14 +++++++++
3 files changed, 46 insertions(+)
New commits:
commit 448f8729bbf42b4fe9019e4886e7cef136d3a7b8
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Mon Feb 13 13:56:10 2023 +0000
Commit: Thorsten Behrens <thorsten.behr...@allotropia.de>
CommitDate: Wed Feb 15 09:55:45 2023 +0000
disable script dump
Change-Id: I04d740cc0fcf87daa192a0a6af34138278043a19
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/146986
Tested-by: Jenkins
Reviewed-by: Thorsten Behrens <thorsten.behr...@allotropia.de>
diff --git a/connectivity/source/drivers/hsqldb/HDriver.cxx
b/connectivity/source/drivers/hsqldb/HDriver.cxx
index aa874c6120f2..c18a46e8440e 100644
--- a/connectivity/source/drivers/hsqldb/HDriver.cxx
+++ b/connectivity/source/drivers/hsqldb/HDriver.cxx
@@ -291,6 +291,37 @@ namespace connectivity
} // if ( xStream.is() )
::comphelper::disposeComponent(xStream);
}
+
+ // disallow any database/script files that contain a
"SCRIPT[.*]" entry (this is belt and braces
+ // in that bundled hsqldb 1.8.0 is patched to also reject
them)
+ //
+ // hsqldb 2.6.0 release notes have: added system role
SCRIPT_OPS for export / import of database structure and data
+ // which seems to provide a builtin way to do this with
contemporary hsqldb
+ static const OUStringLiteral sScript(u"script");
+ if (!bIsNewDatabase && xStorage->isStreamElement(sScript))
+ {
+ Reference<XStream > xStream =
xStorage->openStreamElement(sScript, ElementModes::READ);
+ if (xStream.is())
+ {
+ std::unique_ptr<SvStream>
pStream(::utl::UcbStreamHelper::CreateStream(xStream));
+ if (pStream)
+ {
+ OStringBuffer sLine;
+ while (pStream->ReadLine(sLine))
+ {
+ OString sText =
sLine.makeStringAndClear().trim();
+ if
(sText.startsWithIgnoreAsciiCase("SCRIPT"))
+ {
+ ::connectivity::SharedResources
aResources;
+ sMessage =
aResources.getResourceString(STR_COULD_NOT_LOAD_FILE).replaceFirst("$filename$",
sSystemPath);
+ break;
+ }
+ }
+ }
+ } // if ( xStream.is() )
+ ::comphelper::disposeComponent(xStream);
+ }
+
}
catch(Exception&)
{
diff --git a/external/hsqldb/UnpackedTarball_hsqldb.mk
b/external/hsqldb/UnpackedTarball_hsqldb.mk
index 389572377fa6..0b05b45ba3c3 100644
--- a/external/hsqldb/UnpackedTarball_hsqldb.mk
+++ b/external/hsqldb/UnpackedTarball_hsqldb.mk
@@ -27,6 +27,7 @@ $(eval $(call gb_UnpackedTarball_add_patches,hsqldb,\
external/hsqldb/patches/hsqldb-runFinalizersOnExit.patch \
external/hsqldb/patches/jdbc-4.1.patch \
external/hsqldb/patches/multipleResultSets.patch \
+ external/hsqldb/patches/disable-dump-script.patch \
))
# vim: set noet sw=4 ts=4:
diff --git a/external/hsqldb/patches/disable-dump-script.patch
b/external/hsqldb/patches/disable-dump-script.patch
new file mode 100644
index 000000000000..401dd38abc9a
--- /dev/null
+++ b/external/hsqldb/patches/disable-dump-script.patch
@@ -0,0 +1,14 @@
+--- a/hsqldb/src/org/hsqldb/DatabaseCommandInterpreter.java 2023-02-13
11:08:11.297243034 +0000
++++ b/hsqldb/src/org/hsqldb/DatabaseCommandInterpreter.java 2023-02-13
13:49:17.973089433 +0000
+@@ -403,6 +403,11 @@
+ throw Trace.error(Trace.INVALID_IDENTIFIER);
+ }
+
++ // added condition to avoid execution of spurious command in
.script or .log file
++ if (session.isProcessingScript() ||
session.isProcessingLog()) {
++ return new Result(ResultConstants.UPDATECOUNT);
++ }
++
+ dsw = new ScriptWriterText(database, token, true, true, true);
+
+ dsw.writeAll();
