Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | Add the ability for an administrator to run raw SQL commands via the web interface. |
|---|---|
| Downloads: | Tarball | ZIP archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA1: |
ca0faa88a4ef6ef2a636587a340fe340 |
| User & Date: | drh 2012-06-20 17:24:07.899 |
Context
|
2012-06-20
| ||
| 17:26 | Remove an unused variable. ... (check-in: 2955cece user: drh tags: trunk) | |
| 17:24 | Add the ability for an administrator to run raw SQL commands via the web interface. ... (check-in: ca0faa88 user: drh tags: trunk) | |
| 16:47 | comment-after-#ifdef patch from Alexander Orefkov. ... (check-in: c5d56e49 user: stephan tags: trunk) | |
Changes
Changes to src/setup.c.
| ︙ | ︙ | |||
93 94 95 96 97 98 99 100 101 102 103 104 105 106 |
"Show artifacts that are shunned by this repository");
setup_menu_entry("Log", "rcvfromlist",
"A record of received artifacts and their sources");
setup_menu_entry("User-Log", "access_log",
"A record of login attempts");
setup_menu_entry("Stats", "stat",
"Display repository statistics");
@ </table>
style_footer();
}
/*
** WEBPAGE: setup_ulist
| > > | 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 |
"Show artifacts that are shunned by this repository");
setup_menu_entry("Log", "rcvfromlist",
"A record of received artifacts and their sources");
setup_menu_entry("User-Log", "access_log",
"A record of login attempts");
setup_menu_entry("Stats", "stat",
"Display repository statistics");
setup_menu_entry("SQL", "admin_sql",
"Enter raw SQL commands");
@ </table>
style_footer();
}
/*
** WEBPAGE: setup_ulist
|
| ︙ | ︙ | |||
1527 1528 1529 1530 1531 1532 1533 | @ @ <p><span class="note">Note:</span> Your browser has probably cached these @ images, so you may need to press the Reload button before changes will @ take effect. </p> style_footer(); db_end_transaction(0); } | > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > | 1529 1530 1531 1532 1533 1534 1535 1536 1537 1538 1539 1540 1541 1542 1543 1544 1545 1546 1547 1548 1549 1550 1551 1552 1553 1554 1555 1556 1557 1558 1559 1560 1561 1562 1563 1564 1565 1566 1567 1568 1569 1570 1571 1572 1573 1574 1575 1576 1577 1578 1579 1580 1581 1582 1583 1584 1585 1586 1587 1588 1589 1590 1591 1592 1593 1594 1595 1596 1597 1598 1599 1600 1601 1602 1603 1604 1605 1606 1607 1608 1609 1610 1611 1612 1613 1614 1615 1616 1617 1618 1619 1620 1621 1622 1623 1624 1625 1626 1627 1628 1629 1630 1631 1632 1633 1634 1635 1636 1637 1638 1639 1640 1641 1642 1643 1644 1645 1646 1647 1648 1649 1650 1651 |
@
@ <p><span class="note">Note:</span> Your browser has probably cached these
@ images, so you may need to press the Reload button before changes will
@ take effect. </p>
style_footer();
db_end_transaction(0);
}
/*
** WEBPAGE: admin_sql
**
** Run raw SQL commands against the database file using the web interface.
*/
void sql_page(void){
const char *zQ = P("q");
int go = P("go")!=0;
login_check_credentials();
if( !g.perm.Setup ){
login_needed();
}
db_begin_transaction();
style_header("Raw SQL Commands");
@ <p><b>Caution:</b> There are no restrictions on the SQL that can be
@ run by this page. You can do serious and irrepairable damage to the
@ repository. Proceed with extreme caution.</p>
@
@ <p>Database names:<ul><li>repository → %s(db_name("repository"))
if( g.configOpen ){
@ <li>config → %s(db_name("configdb"))
}
if( g.localOpen ){
@ <li>local-checkout → %s(db_name("localdb"))
}
@ </ul></p>
@
@ <form method="post" action="%s(g.zTop)/admin_sql">
login_insert_csrf_secret();
@ SQL:<br />
@ <textarea name="q" rows="5" cols="80">%h(zQ)</textarea><br />
@ <input type="submit" name="go" value="Run SQL">
@ <input type="submit" name="schema" value="Show Schema">
@ <input type="submit" name="tablelist" value="List Tables">
@ </form>
if( P("schema") ){
zQ = sqlite3_mprintf(
"SELECT sql FROM %s.sqlite_master WHERE sql IS NOT NULL",
db_name("repository"));
go = 1;
}else if( P("tablelist") ){
zQ = sqlite3_mprintf(
"SELECT name FROM %s.sqlite_master WHERE type='table'"
" ORDER BY name",
db_name("repository"));
go = 1;
}
if( go ){
sqlite3_stmt *pStmt;
int rc;
const char *zTail;
int nCol;
int nRow = 0;
int i;
@ <hr />
login_verify_csrf_secret();
rc = sqlite3_prepare_v2(g.db, zQ, -1, &pStmt, &zTail);
if( rc!=SQLITE_OK ){
@ <div class="generalError">%h(sqlite3_errmsg(g.db))</div>
sqlite3_finalize(pStmt);
}else if( pStmt==0 ){
/* No-op */
}else if( (nCol = sqlite3_column_count(pStmt))==0 ){
sqlite3_step(pStmt);
rc = sqlite3_finalize(pStmt);
if( rc ){
@ <div class="generalError">%h(sqlite3_errmsg(g.db))</div>
}
}else{
@ <table border=1>
while( sqlite3_step(pStmt)==SQLITE_ROW ){
if( nRow==0 ){
@ <tr>
for(i=0; i<nCol; i++){
@ <th>%h(sqlite3_column_name(pStmt, i))</th>
}
@ </tr>
}
nRow++;
@ <tr>
for(i=0; i<nCol; i++){
switch( sqlite3_column_type(pStmt, i) ){
case SQLITE_INTEGER:
case SQLITE_FLOAT: {
@ <td align="right" valign="top">
@ %s(sqlite3_column_text(pStmt, i))</td>
break;
}
case SQLITE_NULL: {
@ <td valign="top" align="center"><i>NULL</i></td>
break;
}
case SQLITE_TEXT: {
int k;
const char *zText = (const char*)sqlite3_column_text(pStmt, i);
@ <td align="left" valign="top"
@ style="white-space:pre;">%h(zText)</td>
break;
}
case SQLITE_BLOB: {
@ <td valign="top" align="center">
@ <i>%d(sqlite3_column_bytes(pStmt, i))-byte BLOB</i></td>
break;
}
}
}
@ </tr>
}
sqlite3_finalize(pStmt);
@ </table>
}
}
style_footer();
}
|