diff options
author | Caolán McNamara <caolanm@redhat.com> | 2023-02-13 13:56:10 +0000 |
---|---|---|
committer | Thorsten Behrens <thorsten.behrens@allotropia.de> | 2023-02-22 00:21:44 +0100 |
commit | 3f9529440a373b607ed356cc207ecc23af05bc71 (patch) | |
tree | 48d7e4699459594a80d769233414d64b9668778a /connectivity/source | |
parent | openssl: upgrade to release 1.1.1t (diff) | |
download | core-3f9529440a373b607ed356cc207ecc23af05bc71.tar.gz core-3f9529440a373b607ed356cc207ecc23af05bc71.zip |
disable script dump
Change-Id: I04d740cc0fcf87daa192a0a6af34138278043a19
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/146986
Tested-by: Jenkins
Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/147051
Tested-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
Diffstat (limited to 'connectivity/source')
-rw-r--r-- | connectivity/source/drivers/hsqldb/HDriver.cxx | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/connectivity/source/drivers/hsqldb/HDriver.cxx b/connectivity/source/drivers/hsqldb/HDriver.cxx index 9facdd3660b6..b62446b4fb6e 100644 --- a/connectivity/source/drivers/hsqldb/HDriver.cxx +++ b/connectivity/source/drivers/hsqldb/HDriver.cxx @@ -297,6 +297,37 @@ namespace connectivity } // if ( xStream.is() ) ::comphelper::disposeComponent(xStream); } + + // disallow any database/script files that contain a "SCRIPT[.*]" entry (this is belt and braces + // in that bundled hsqldb 1.8.0 is patched to also reject them) + // + // hsqldb 2.6.0 release notes have: added system role SCRIPT_OPS for export / import of database structure and data + // which seems to provide a builtin way to do this with contemporary hsqldb + const OUString sScript( "script" ); + if (!bIsNewDatabase && xStorage->isStreamElement(sScript)) + { + Reference<XStream > xStream = xStorage->openStreamElement(sScript, ElementModes::READ); + if (xStream.is()) + { + std::unique_ptr<SvStream> pStream(::utl::UcbStreamHelper::CreateStream(xStream)); + if (pStream) + { + OString sLine; + while (pStream->ReadLine(sLine)) + { + OString sText = sLine.trim(); + if (sText.startsWithIgnoreAsciiCase("SCRIPT")) + { + ::connectivity::SharedResources aResources; + sMessage = aResources.getResourceString(STR_COULD_NOT_LOAD_FILE).replaceFirst("$filename$", sSystemPath); + break; + } + } + } + } // if ( xStream.is() ) + ::comphelper::disposeComponent(xStream); + } + } catch(Exception&) { |