Fossil

Check-in [9826bd00]
Login
Home Timeline Docs ForumDownload

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Fossil-defined SQL functions used inside of views for full-text-serch much be tagged using SQLITE_INNOCUOUS.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: 9826bd007a9a5af4fa6b5f5f00e4dfec3062ed8ecdd32a3a9aebb3f6256f66f6
User & Date: drh 2020-01-12 20:45:02
Context
2020-01-17
13:31
Give the correct count of check-ins for /timeline displays that include the from=, to=, and chng= query parameters. check-in: 9dce5ffe user: drh tags: trunk
2020-01-12
20:45
Fossil-defined SQL functions used inside of views for full-text-serch much be tagged using SQLITE_INNOCUOUS. check-in: 9826bd00 user: drh tags: trunk
2020-01-11
01:00
Explained the "language-WORD" CSS styling used with fenced code blocks in Markdown within md_rules. check-in: 06a3361d user: wyoung tags: trunk
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to src/search.c. 

528
529
530
531
532
533
534

535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
...
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917


/*
** Register the various SQL functions (defined above) needed to implement
** full-scan search.
*/
void search_sql_setup(sqlite3 *db){
  static int once = 0;

  if( once++ ) return;
  sqlite3_create_function(db, "search_match", -1, SQLITE_UTF8, 0,
     search_match_sqlfunc, 0, 0);
  sqlite3_create_function(db, "search_score", 0, SQLITE_UTF8, 0,
     search_score_sqlfunc, 0, 0);
  sqlite3_create_function(db, "search_snippet", 0, SQLITE_UTF8, 0,
     search_snippet_sqlfunc, 0, 0);
  sqlite3_create_function(db, "search_init", -1, SQLITE_UTF8, 0,
     search_init_sqlfunc, 0, 0);
  sqlite3_create_function(db, "stext", 3, SQLITE_UTF8, 0,
     search_stext_sqlfunc, 0, 0);
  sqlite3_create_function(db, "title", 3, SQLITE_UTF8, 0,
     search_title_sqlfunc, 0, 0);
  sqlite3_create_function(db, "body", 3, SQLITE_UTF8, 0,
     search_body_sqlfunc, 0, 0);
  sqlite3_create_function(db, "urlencode", 1, SQLITE_UTF8, 0,
     search_urlencode_sqlfunc, 0, 0);
}

/*
** Testing the search function.
**
** COMMAND: search*
................................................................................
*/
static void search_indexed(
  const char *zPattern,       /* The query pattern */
  unsigned int srchFlags      /* What to search over */
){
  Blob sql;
  if( srchFlags==0 ) return;
  sqlite3_create_function(g.db, "rank", 1, SQLITE_UTF8, 0,
     search_rank_sqlfunc, 0, 0);
  blob_init(&sql, 0, 0);
  blob_appendf(&sql,
    "INSERT INTO x(label,url,score,id,date,snip) "
    " SELECT ftsdocs.label,"
    "        ftsdocs.url,"
    "        rank(matchinfo(ftsidx,'pcsx')),"








>

|

|

|

|

|

|

|

|







 







|








528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
...
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918


/*
** Register the various SQL functions (defined above) needed to implement
** full-scan search.
*/
void search_sql_setup(sqlite3 *db){
  static int once = 0;
  static const int enc = SQLITE_UTF8|SQLITE_INNOCUOUS;
  if( once++ ) return;
  sqlite3_create_function(db, "search_match", -1, enc, 0,
     search_match_sqlfunc, 0, 0);
  sqlite3_create_function(db, "search_score", 0, enc, 0,
     search_score_sqlfunc, 0, 0);
  sqlite3_create_function(db, "search_snippet", 0, enc, 0,
     search_snippet_sqlfunc, 0, 0);
  sqlite3_create_function(db, "search_init", -1, enc, 0,
     search_init_sqlfunc, 0, 0);
  sqlite3_create_function(db, "stext", 3, enc, 0,
     search_stext_sqlfunc, 0, 0);
  sqlite3_create_function(db, "title", 3, enc, 0,
     search_title_sqlfunc, 0, 0);
  sqlite3_create_function(db, "body", 3, enc, 0,
     search_body_sqlfunc, 0, 0);
  sqlite3_create_function(db, "urlencode", 1, enc, 0,
     search_urlencode_sqlfunc, 0, 0);
}

/*
** Testing the search function.
**
** COMMAND: search*
................................................................................
*/
static void search_indexed(
  const char *zPattern,       /* The query pattern */
  unsigned int srchFlags      /* What to search over */
){
  Blob sql;
  if( srchFlags==0 ) return;
  sqlite3_create_function(g.db, "rank", 1, SQLITE_UTF8|SQLITE_INNOCUOUS, 0,
     search_rank_sqlfunc, 0, 0);
  blob_init(&sql, 0, 0);
  blob_appendf(&sql,
    "INSERT INTO x(label,url,score,id,date,snip) "
    " SELECT ftsdocs.label,"
    "        ftsdocs.url,"
    "        rank(matchinfo(ftsidx,'pcsx')),"

This page was generated in about 0.006s by Fossil 2.11 [f4e7ca02da] 2020-01-20 20:29:43