Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
Comment: | Fossil-defined SQL functions used inside of views for full-text-serch much be tagged using SQLITE_INNOCUOUS. |
---|---|
Downloads: | Tarball | ZIP archive |
Timelines: | family | ancestors | descendants | both | trunk |
Files: | files | file ages | folders |
SHA3-256: |
9826bd007a9a5af4fa6b5f5f00e4dfec |
User & Date: | drh 2020-01-12 20:45:02.481 |
Context
2020-02-12
| ||
09:25 | Update the built-in SQLite to version 3.31.1 plus the s390x architecture fix. ... (check-in: 22a9cc7f user: jan.nijtmans tags: branch-2.10) | |
2020-01-17
| ||
13:31 | Give the correct count of check-ins for /timeline displays that include the from=, to=, and chng= query parameters. ... (check-in: 9dce5ffe user: drh tags: trunk) | |
2020-01-12
| ||
20:45 | Fossil-defined SQL functions used inside of views for full-text-serch much be tagged using SQLITE_INNOCUOUS. ... (check-in: 9826bd00 user: drh tags: trunk) | |
2020-01-11
| ||
01:00 | Explained the "language-WORD" CSS styling used with fenced code blocks in Markdown within md_rules. ... (check-in: 06a3361d user: wyoung tags: trunk) | |
Changes
Changes to src/search.c.
︙ | ︙ | |||
528 529 530 531 532 533 534 535 | /* ** Register the various SQL functions (defined above) needed to implement ** full-scan search. */ void search_sql_setup(sqlite3 *db){ static int once = 0; if( once++ ) return; | > | | | | | | | | | 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 | /* ** Register the various SQL functions (defined above) needed to implement ** full-scan search. */ void search_sql_setup(sqlite3 *db){ static int once = 0; static const int enc = SQLITE_UTF8|SQLITE_INNOCUOUS; if( once++ ) return; sqlite3_create_function(db, "search_match", -1, enc, 0, search_match_sqlfunc, 0, 0); sqlite3_create_function(db, "search_score", 0, enc, 0, search_score_sqlfunc, 0, 0); sqlite3_create_function(db, "search_snippet", 0, enc, 0, search_snippet_sqlfunc, 0, 0); sqlite3_create_function(db, "search_init", -1, enc, 0, search_init_sqlfunc, 0, 0); sqlite3_create_function(db, "stext", 3, enc, 0, search_stext_sqlfunc, 0, 0); sqlite3_create_function(db, "title", 3, enc, 0, search_title_sqlfunc, 0, 0); sqlite3_create_function(db, "body", 3, enc, 0, search_body_sqlfunc, 0, 0); sqlite3_create_function(db, "urlencode", 1, enc, 0, search_urlencode_sqlfunc, 0, 0); } /* ** Testing the search function. ** ** COMMAND: search* |
︙ | ︙ | |||
903 904 905 906 907 908 909 | */ static void search_indexed( const char *zPattern, /* The query pattern */ unsigned int srchFlags /* What to search over */ ){ Blob sql; if( srchFlags==0 ) return; | | | 904 905 906 907 908 909 910 911 912 913 914 915 916 917 918 | */ static void search_indexed( const char *zPattern, /* The query pattern */ unsigned int srchFlags /* What to search over */ ){ Blob sql; if( srchFlags==0 ) return; sqlite3_create_function(g.db, "rank", 1, SQLITE_UTF8|SQLITE_INNOCUOUS, 0, search_rank_sqlfunc, 0, 0); blob_init(&sql, 0, 0); blob_appendf(&sql, "INSERT INTO x(label,url,score,id,date,snip) " " SELECT ftsdocs.label," " ftsdocs.url," " rank(matchinfo(ftsidx,'pcsx'))," |
︙ | ︙ |