disable script dump

Change-Id: I04d740cc0fcf87daa192a0a6af34138278043a19 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/146986 Tested-by: Jenkins Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de> Reviewed-on: https://gerrit.libreoffice.org/c/core/+/147051 Tested-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
author: Caolán McNamara <caolanm@redhat.com> 2023-02-13 13:56:10 +0000
committer: Thorsten Behrens <thorsten.behrens@allotropia.de> 2023-02-22 00:21:44 +0100
commit: 3f9529440a373b607ed356cc207ecc23af05bc71 (patch)
tree: 48d7e4699459594a80d769233414d64b9668778a /connectivity/source
parent: openssl: upgrade to release 1.1.1t (diff)
download: core-3f9529440a373b607ed356cc207ecc23af05bc71.tar.gz
core-3f9529440a373b607ed356cc207ecc23af05bc71.zip
1 files changed, 31 insertions, 0 deletions
diff --git a/connectivity/source/drivers/hsqldb/HDriver.cxx b/connectivity/source/drivers/hsqldb/HDriver.cxx
index 9facdd3660b6..b62446b4fb6e 100644
--- a/connectivity/source/drivers/hsqldb/HDriver.cxx
+++ b/connectivity/source/drivers/hsqldb/HDriver.cxx
@@ -297,6 +297,37 @@ namespace connectivity
                         } // if ( xStream.is() )
                         ::comphelper::disposeComponent(xStream);
                     }
+
+                    // disallow any database/script files that contain a "SCRIPT[.*]" entry (this is belt and braces
+                    // in that bundled hsqldb 1.8.0 is patched to also reject them)
+                    //
+                    // hsqldb 2.6.0 release notes have: added system role SCRIPT_OPS for export / import of database structure and data
+                    // which seems to provide a builtin way to do this with contemporary hsqldb
+                    const OUString sScript( "script" );
+                    if (!bIsNewDatabase && xStorage->isStreamElement(sScript))
+                    {
+                        Reference<XStream > xStream = xStorage->openStreamElement(sScript, ElementModes::READ);
+                        if (xStream.is())
+                        {
+                            std::unique_ptr<SvStream> pStream(::utl::UcbStreamHelper::CreateStream(xStream));
+                            if (pStream)
+                            {
+                                OString sLine;
+                                while (pStream->ReadLine(sLine))
+                                {
+                                    OString sText = sLine.trim();
+                                    if (sText.startsWithIgnoreAsciiCase("SCRIPT"))
+                                    {
+                                        ::connectivity::SharedResources aResources;
+                                        sMessage = aResources.getResourceString(STR_COULD_NOT_LOAD_FILE).replaceFirst("$filename$", sSystemPath);
+                                        break;
+                                    }
+                                }
+                            }
+                        } // if ( xStream.is() )
+                        ::comphelper::disposeComponent(xStream);
+                    }
+
                 }
                 catch(Exception&)
                 {
author	Caolán McNamara <caolanm@redhat.com>	2023-02-13 13:56:10 +0000
committer	Thorsten Behrens <thorsten.behrens@allotropia.de>	2023-02-22 00:21:44 +0100
commit	3f9529440a373b607ed356cc207ecc23af05bc71 (patch)
tree	48d7e4699459594a80d769233414d64b9668778a /connectivity/source
parent	openssl: upgrade to release 1.1.1t (diff)
download	core-3f9529440a373b607ed356cc207ecc23af05bc71.tar.gz core-3f9529440a373b607ed356cc207ecc23af05bc71.zip