[SCM] WebKit Debian packaging branch, debian/experimental, updated. upstream/1.3.3-10851-g50815da
commit-queue at webkit.org
commit-queue at webkit.org
Wed Dec 22 18:38:56 UTC 2010
The following commit has been merged in the debian/experimental branch:
commit 14789b8b3fab88bc3bd51aa9628cb547cff3bbf2
Author: commit-queue at webkit.org <commit-queue at webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Wed Dec 15 03:01:58 2010 +0000
2010-12-14 Anton D'Auria <adauria at apple.com>
Reviewed by Darin Adler.
Do not allow access to existing HTML5 databases in private browsing
mode https://bugs.webkit.org/show_bug.cgi?id=49332
Test: storage/private-browsing-noread-nowrite.html
Previously, read-only transactions and private browsing mode were
represented by the same SQLStatement and DatabaseAuthorizer states.
This patch removes the m_readOnly member variable from SQLStatement and
DatabaseAuthorizer, and replaces it with m_permissions whose bit fields
are initialized by a DatabaseAuthorizer enum Permissions (ReadWrite,
ReadOnly, NoAccess). A read-only transaction sets permissions to
ReadOnly, and if !m_database->scriptExecutionContext()->allowDatabaseAccess(),
then permissions also set to NoAccess.
* dom/Document.cpp:
(WebCore::Document::allowDatabaseAccess): this method was previously
called isDatabaseReadOnly. It checks if private browsing preference is
set. This method is renamed because it is used to check if private
browsing restricts access to databases.
* dom/Document.h:
* dom/ScriptExecutionContext.h:
* storage/AbstractDatabase.cpp:
(WebCore::AbstractDatabase::setAuthorizerPermissions):
* storage/AbstractDatabase.h:
* storage/DatabaseAuthorizer.cpp:
(WebCore::DatabaseAuthorizer::reset):
(WebCore::DatabaseAuthorizer::createTable):
(WebCore::DatabaseAuthorizer::createTempTable):
(WebCore::DatabaseAuthorizer::dropTable):
(WebCore::DatabaseAuthorizer::dropTempTable):
(WebCore::DatabaseAuthorizer::allowAlterTable):
(WebCore::DatabaseAuthorizer::createIndex):
(WebCore::DatabaseAuthorizer::createTempIndex):
(WebCore::DatabaseAuthorizer::dropIndex):
(WebCore::DatabaseAuthorizer::dropTempIndex):
(WebCore::DatabaseAuthorizer::createTrigger):
(WebCore::DatabaseAuthorizer::createTempTrigger):
(WebCore::DatabaseAuthorizer::dropTrigger):
(WebCore::DatabaseAuthorizer::dropTempTrigger):
(WebCore::DatabaseAuthorizer::createView):
(WebCore::DatabaseAuthorizer::createTempView):
(WebCore::DatabaseAuthorizer::dropView):
(WebCore::DatabaseAuthorizer::dropTempView):
(WebCore::DatabaseAuthorizer::createVTable):
(WebCore::DatabaseAuthorizer::dropVTable):
(WebCore::DatabaseAuthorizer::allowDelete):
(WebCore::DatabaseAuthorizer::allowInsert):
(WebCore::DatabaseAuthorizer::allowUpdate):
(WebCore::DatabaseAuthorizer::allowRead):
(WebCore::DatabaseAuthorizer::allowReindex):
(WebCore::DatabaseAuthorizer::allowWrite): a new private method that
checks if DatabaseAuthorizer is enabled and if it is in ReadOnly or
NoAccess mode.
(WebCore::DatabaseAuthorizer::setReadOnly):
(WebCore::DatabaseAuthorizer::setPermissions):
* storage/DatabaseAuthorizer.h:
* storage/SQLStatement.cpp:
(WebCore::SQLStatement::create):
(WebCore::SQLStatement::SQLStatement):
(WebCore::SQLStatement::execute):
* storage/SQLStatement.h:
* storage/SQLStatementSync.cpp:
(WebCore::SQLStatementSync::SQLStatementSync):
(WebCore::SQLStatementSync::execute):
* storage/SQLStatementSync.h:
* storage/SQLTransaction.cpp:
(WebCore::SQLTransaction::executeSQL):
* storage/SQLTransactionSync.cpp:
(WebCore::SQLTransactionSync::executeSQL):
* workers/WorkerContext.h:
(WebCore::WorkerContext::allowDatabaseAccess):
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@74093 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/LayoutTests/storage/private-browsing-noread-nowrite-expected.txt b/LayoutTests/storage/private-browsing-noread-nowrite-expected.txt
new file mode 100644
index 0000000..7542ba6
--- /dev/null
+++ b/LayoutTests/storage/private-browsing-noread-nowrite-expected.txt
@@ -0,0 +1,15 @@
+This test makes sure that attempts to change the database during private browsing fail.
+Setup statement 1 completed successfully
+Setup statement 2 completed successfully
+Private browsing statement 1 completed with an error
+not authorized
+Private browsing statement 2 completed with an error
+not authorized
+Private browsing statement 3 completed with an error
+not authorized
+Private browsing statement 4 completed with an error
+not authorized
+Private browsing statement 5 completed with an error
+access to PrivateTest1.randomData is prohibited
+Test ended
+
diff --git a/LayoutTests/storage/private-browsing-noread-nowrite.html b/LayoutTests/storage/private-browsing-noread-nowrite.html
new file mode 100644
index 0000000..b9b5882
--- /dev/null
+++ b/LayoutTests/storage/private-browsing-noread-nowrite.html
@@ -0,0 +1,102 @@
+<html>
+<head>
+<script>
+
+function writeMessageToLog(message)
+{
+ document.getElementById("console").innerText += message + "\n";
+}
+
+var setupStatements = [
+ "CREATE TABLE IF NOT EXISTS PrivateTest1 (randomData)",
+ "INSERT INTO PrivateTest1 VALUES ('somedata')"
+];
+
+var privateBrowsingStatements = [
+ "CREATE TABLE IF NOT EXISTS PrivateTest2 (randomData)",
+ "DELETE FROM PrivateTest1",
+ "DROP TABLE PrivateTest1",
+ "INSERT INTO PrivateTest1 VALUES ('somedata')",
+ "SELECT * FROM PrivateTest1"
+];
+
+var completed = 0;
+var theTransaction;
+
+function setupSuccessFunction(tx, result)
+{
+ ++completed;
+ writeMessageToLog("Setup statement " + completed + " completed successfully");
+ checkSetupComplete();
+}
+
+function setupErrorFunction(tx, error)
+{
+ ++completed;
+ writeMessageToLog("Setup statement " + completed + " completed with an error\n" + error.message);
+ checkSetupComplete();
+}
+
+function privateBrowsingSuccessFunction(tx, result)
+{
+ ++completed;
+ writeMessageToLog("Private browsing statement " + completed + " completed successfully");
+}
+
+function privateBrowsingErrorFunction(tx, error)
+{
+ ++completed;
+ writeMessageToLog("Private browsing statement " + completed + " completed with an error\n" + error.message);
+ return false;
+}
+
+function runSetup(transaction)
+{
+ theTransaction = transaction;
+ for (i in setupStatements)
+ theTransaction.executeSql(setupStatements[i], [], setupSuccessFunction, setupErrorFunction);
+}
+
+function checkSetupComplete()
+{
+ if (completed == setupStatements.length)
+ runPrivateBrowsingTests();
+}
+
+function runPrivateBrowsingTests()
+{
+ completed = 0;
+
+ if (window.layoutTestController)
+ layoutTestController.setPrivateBrowsingEnabled(true);
+
+ for (i in privateBrowsingStatements)
+ theTransaction.executeSql(privateBrowsingStatements[i], [], privateBrowsingSuccessFunction, privateBrowsingErrorFunction);
+}
+
+function endTest()
+{
+ writeMessageToLog("Test ended");
+
+ if (window.layoutTestController)
+ layoutTestController.notifyDone();
+}
+
+function runTest()
+{
+ if (window.layoutTestController) {
+ layoutTestController.dumpAsText();
+ layoutTestController.waitUntilDone();
+ }
+
+ var database = openDatabase("PrivateBrowsingNoReadNoWriteTest", "1.0", "Test private browsing no read/write safety", 1);
+ database.transaction(runSetup, endTest, endTest);
+}
+
+</script>
+</head>
+<body onload="runTest();">
+This test makes sure that attempts to change the database during private browsing fail.<br>
+<div id="console"></div>
+</body>
+</html>
diff --git a/LayoutTests/storage/private-browsing-readonly-expected.txt b/LayoutTests/storage/private-browsing-readonly-expected.txt
deleted file mode 100644
index d5f4e0b..0000000
--- a/LayoutTests/storage/private-browsing-readonly-expected.txt
+++ /dev/null
@@ -1,13 +0,0 @@
-This test makes sure that attempts to change the database during private browsing fail.
-Setup statement 1 completed successfully
-Setup statement 2 completed successfully
-Private browsing statement 1 completed with an error
-not authorized
-Private browsing statement 2 completed with an error
-not authorized
-Private browsing statement 3 completed with an error
-not authorized
-Private browsing statement 4 completed with an error
-not authorized
-Test ended
-
diff --git a/LayoutTests/storage/private-browsing-readonly.html b/LayoutTests/storage/private-browsing-readonly.html
deleted file mode 100644
index 972b123..0000000
--- a/LayoutTests/storage/private-browsing-readonly.html
+++ /dev/null
@@ -1,101 +0,0 @@
-<html>
-<head>
-<script>
-
-function writeMessageToLog(message)
-{
- document.getElementById("console").innerText += message + "\n";
-}
-
-var setupStatements = [
- "CREATE TABLE IF NOT EXISTS PrivateTest1 (randomData)",
- "INSERT INTO PrivateTest1 VALUES ('somedata')"
-];
-
-var privateBrowsingStatements = [
- "CREATE TABLE IF NOT EXISTS PrivateTest2 (randomData)",
- "DELETE FROM PrivateTest1",
- "DROP TABLE PrivateTest1",
- "INSERT INTO PrivateTest1 VALUES ('somedata')"
-];
-
-var completed = 0;
-var theTransaction;
-
-function setupSuccessFunction(tx, result)
-{
- ++completed;
- writeMessageToLog("Setup statement " + completed + " completed successfully");
- checkSetupComplete();
-}
-
-function setupErrorFunction(tx, error)
-{
- ++completed;
- writeMessageToLog("Setup statement " + completed + " completed with an error\n" + error.message);
- checkSetupComplete();
-}
-
-function privateBrowsingSuccessFunction(tx, result)
-{
- ++completed;
- writeMessageToLog("Private browsing statement " + completed + " completed successfully");
-}
-
-function privateBrowsingErrorFunction(tx, error)
-{
- ++completed;
- writeMessageToLog("Private browsing statement " + completed + " completed with an error\n" + error.message);
- return false;
-}
-
-function runSetup(transaction)
-{
- theTransaction = transaction;
- for (i in setupStatements)
- theTransaction.executeSql(setupStatements[i], [], setupSuccessFunction, setupErrorFunction);
-}
-
-function checkSetupComplete()
-{
- if (completed == setupStatements.length)
- runPrivateBrowsingTests();
-}
-
-function runPrivateBrowsingTests()
-{
- completed = 0;
-
- if (window.layoutTestController)
- layoutTestController.setPrivateBrowsingEnabled(true);
-
- for (i in privateBrowsingStatements)
- theTransaction.executeSql(privateBrowsingStatements[i], [], privateBrowsingSuccessFunction, privateBrowsingErrorFunction);
-}
-
-function endTest()
-{
- writeMessageToLog("Test ended");
-
- if (window.layoutTestController)
- layoutTestController.notifyDone();
-}
-
-function runTest()
-{
- if (window.layoutTestController) {
- layoutTestController.dumpAsText();
- layoutTestController.waitUntilDone();
- }
-
- var database = openDatabase("PrivateBrowsingReadOnlyTest", "1.0", "Test private browsing read-only safety", 1);
- database.transaction(runSetup, endTest, endTest);
-}
-
-</script>
-</head>
-<body onload="runTest();">
-This test makes sure that attempts to change the database during private browsing fail.<br>
-<div id="console"></div>
-</body>
-</html>
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index 7ea9da0..2fbd30f 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,79 @@
+2010-12-14 Anton D'Auria <adauria at apple.com>
+
+ Reviewed by Darin Adler.
+
+ Do not allow access to existing HTML5 databases in private browsing
+ mode https://bugs.webkit.org/show_bug.cgi?id=49332
+
+ Test: storage/private-browsing-noread-nowrite.html
+
+ Previously, read-only transactions and private browsing mode were
+ represented by the same SQLStatement and DatabaseAuthorizer states.
+ This patch removes the m_readOnly member variable from SQLStatement and
+ DatabaseAuthorizer, and replaces it with m_permissions whose bit fields
+ are initialized by a DatabaseAuthorizer enum Permissions (ReadWrite,
+ ReadOnly, NoAccess). A read-only transaction sets permissions to
+ ReadOnly, and if !m_database->scriptExecutionContext()->allowDatabaseAccess(),
+ then permissions also set to NoAccess.
+
+ * dom/Document.cpp:
+ (WebCore::Document::allowDatabaseAccess): this method was previously
+ called isDatabaseReadOnly. It checks if private browsing preference is
+ set. This method is renamed because it is used to check if private
+ browsing restricts access to databases.
+ * dom/Document.h:
+ * dom/ScriptExecutionContext.h:
+ * storage/AbstractDatabase.cpp:
+ (WebCore::AbstractDatabase::setAuthorizerPermissions):
+ * storage/AbstractDatabase.h:
+ * storage/DatabaseAuthorizer.cpp:
+ (WebCore::DatabaseAuthorizer::reset):
+ (WebCore::DatabaseAuthorizer::createTable):
+ (WebCore::DatabaseAuthorizer::createTempTable):
+ (WebCore::DatabaseAuthorizer::dropTable):
+ (WebCore::DatabaseAuthorizer::dropTempTable):
+ (WebCore::DatabaseAuthorizer::allowAlterTable):
+ (WebCore::DatabaseAuthorizer::createIndex):
+ (WebCore::DatabaseAuthorizer::createTempIndex):
+ (WebCore::DatabaseAuthorizer::dropIndex):
+ (WebCore::DatabaseAuthorizer::dropTempIndex):
+ (WebCore::DatabaseAuthorizer::createTrigger):
+ (WebCore::DatabaseAuthorizer::createTempTrigger):
+ (WebCore::DatabaseAuthorizer::dropTrigger):
+ (WebCore::DatabaseAuthorizer::dropTempTrigger):
+ (WebCore::DatabaseAuthorizer::createView):
+ (WebCore::DatabaseAuthorizer::createTempView):
+ (WebCore::DatabaseAuthorizer::dropView):
+ (WebCore::DatabaseAuthorizer::dropTempView):
+ (WebCore::DatabaseAuthorizer::createVTable):
+ (WebCore::DatabaseAuthorizer::dropVTable):
+ (WebCore::DatabaseAuthorizer::allowDelete):
+ (WebCore::DatabaseAuthorizer::allowInsert):
+ (WebCore::DatabaseAuthorizer::allowUpdate):
+ (WebCore::DatabaseAuthorizer::allowRead):
+ (WebCore::DatabaseAuthorizer::allowReindex):
+ (WebCore::DatabaseAuthorizer::allowWrite): a new private method that
+ checks if DatabaseAuthorizer is enabled and if it is in ReadOnly or
+ NoAccess mode.
+ (WebCore::DatabaseAuthorizer::setReadOnly):
+ (WebCore::DatabaseAuthorizer::setPermissions):
+ * storage/DatabaseAuthorizer.h:
+ * storage/SQLStatement.cpp:
+ (WebCore::SQLStatement::create):
+ (WebCore::SQLStatement::SQLStatement):
+ (WebCore::SQLStatement::execute):
+ * storage/SQLStatement.h:
+ * storage/SQLStatementSync.cpp:
+ (WebCore::SQLStatementSync::SQLStatementSync):
+ (WebCore::SQLStatementSync::execute):
+ * storage/SQLStatementSync.h:
+ * storage/SQLTransaction.cpp:
+ (WebCore::SQLTransaction::executeSQL):
+ * storage/SQLTransactionSync.cpp:
+ (WebCore::SQLTransactionSync::executeSQL):
+ * workers/WorkerContext.h:
+ (WebCore::WorkerContext::allowDatabaseAccess):
+
2010-12-02 MORITA Hajime <morrita at google.com>
Reviewed by Dimitri Glazkov.
diff --git a/WebCore/dom/Document.cpp b/WebCore/dom/Document.cpp
index f286d9d..87a40d6 100644
--- a/WebCore/dom/Document.cpp
+++ b/WebCore/dom/Document.cpp
@@ -4496,11 +4496,11 @@ void Document::setSecurityOrigin(SecurityOrigin* securityOrigin)
#if ENABLE(DATABASE)
-bool Document::isDatabaseReadOnly() const
+bool Document::allowDatabaseAccess() const
{
if (!page() || page()->settings()->privateBrowsingEnabled())
- return true;
- return false;
+ return false;
+ return true;
}
void Document::databaseExceededQuota(const String& name)
diff --git a/WebCore/dom/Document.h b/WebCore/dom/Document.h
index 54aed24..7df0f8e 100644
--- a/WebCore/dom/Document.h
+++ b/WebCore/dom/Document.h
@@ -1006,7 +1006,7 @@ public:
bool processingLoadEvent() const { return m_processingLoadEvent; }
#if ENABLE(DATABASE)
- virtual bool isDatabaseReadOnly() const;
+ virtual bool allowDatabaseAccess() const;
virtual void databaseExceededQuota(const String& name);
#endif
diff --git a/WebCore/dom/ScriptExecutionContext.h b/WebCore/dom/ScriptExecutionContext.h
index b46a0f4..12eb776 100644
--- a/WebCore/dom/ScriptExecutionContext.h
+++ b/WebCore/dom/ScriptExecutionContext.h
@@ -70,7 +70,7 @@ namespace WebCore {
virtual bool isWorkerContext() const { return false; }
#if ENABLE(DATABASE)
- virtual bool isDatabaseReadOnly() const = 0;
+ virtual bool allowDatabaseAccess() const = 0;
virtual void databaseExceededQuota(const String& name) = 0;
DatabaseThread* databaseThread();
void setHasOpenDatabases() { m_hasOpenDatabases = true; }
diff --git a/WebCore/storage/AbstractDatabase.cpp b/WebCore/storage/AbstractDatabase.cpp
index c8b8894..951b621 100644
--- a/WebCore/storage/AbstractDatabase.cpp
+++ b/WebCore/storage/AbstractDatabase.cpp
@@ -432,6 +432,12 @@ void AbstractDatabase::setAuthorizerReadOnly()
m_databaseAuthorizer->setReadOnly();
}
+void AbstractDatabase::setAuthorizerPermissions(int permissions)
+{
+ ASSERT(m_databaseAuthorizer);
+ m_databaseAuthorizer->setPermissions(permissions);
+}
+
bool AbstractDatabase::lastActionChangedDatabase()
{
ASSERT(m_databaseAuthorizer);
diff --git a/WebCore/storage/AbstractDatabase.h b/WebCore/storage/AbstractDatabase.h
index 3d8d363..bd5d0db 100644
--- a/WebCore/storage/AbstractDatabase.h
+++ b/WebCore/storage/AbstractDatabase.h
@@ -80,6 +80,7 @@ public:
void disableAuthorizer();
void enableAuthorizer();
void setAuthorizerReadOnly();
+ void setAuthorizerPermissions(int permissions);
bool lastActionChangedDatabase();
bool lastActionWasInsert();
void resetDeletes();
diff --git a/WebCore/storage/DatabaseAuthorizer.cpp b/WebCore/storage/DatabaseAuthorizer.cpp
index e287dee..b90565c 100644
--- a/WebCore/storage/DatabaseAuthorizer.cpp
+++ b/WebCore/storage/DatabaseAuthorizer.cpp
@@ -53,7 +53,7 @@ void DatabaseAuthorizer::reset()
{
m_lastActionWasInsert = false;
m_lastActionChangedDatabase = false;
- m_readOnly = false;
+ m_permissions = ReadWriteMask;
}
void DatabaseAuthorizer::resetDeletes()
@@ -127,7 +127,7 @@ void DatabaseAuthorizer::addWhitelistedFunctions()
int DatabaseAuthorizer::createTable(const String& tableName)
{
- if (m_readOnly && m_securityEnabled)
+ if (!allowWrite())
return SQLAuthDeny;
m_lastActionChangedDatabase = true;
@@ -139,7 +139,7 @@ int DatabaseAuthorizer::createTempTable(const String& tableName)
// SQLITE_CREATE_TEMP_TABLE results in a UPDATE operation, which is not
// allowed in read-only transactions or private browsing, so we might as
// well disallow SQLITE_CREATE_TEMP_TABLE in these cases
- if (m_readOnly && m_securityEnabled)
+ if (!allowWrite())
return SQLAuthDeny;
return denyBasedOnTableName(tableName);
@@ -147,7 +147,7 @@ int DatabaseAuthorizer::createTempTable(const String& tableName)
int DatabaseAuthorizer::dropTable(const String& tableName)
{
- if (m_readOnly && m_securityEnabled)
+ if (!allowWrite())
return SQLAuthDeny;
return updateDeletesBasedOnTableName(tableName);
@@ -158,7 +158,7 @@ int DatabaseAuthorizer::dropTempTable(const String& tableName)
// SQLITE_DROP_TEMP_TABLE results in a DELETE operation, which is not
// allowed in read-only transactions or private browsing, so we might as
// well disallow SQLITE_DROP_TEMP_TABLE in these cases
- if (m_readOnly && m_securityEnabled)
+ if (!allowWrite())
return SQLAuthDeny;
return updateDeletesBasedOnTableName(tableName);
@@ -166,7 +166,7 @@ int DatabaseAuthorizer::dropTempTable(const String& tableName)
int DatabaseAuthorizer::allowAlterTable(const String&, const String& tableName)
{
- if (m_readOnly && m_securityEnabled)
+ if (!allowWrite())
return SQLAuthDeny;
m_lastActionChangedDatabase = true;
@@ -175,7 +175,7 @@ int DatabaseAuthorizer::allowAlterTable(const String&, const String& tableName)
int DatabaseAuthorizer::createIndex(const String&, const String& tableName)
{
- if (m_readOnly && m_securityEnabled)
+ if (!allowWrite())
return SQLAuthDeny;
m_lastActionChangedDatabase = true;
@@ -187,7 +187,7 @@ int DatabaseAuthorizer::createTempIndex(const String&, const String& tableName)
// SQLITE_CREATE_TEMP_INDEX should result in a UPDATE or INSERT operation,
// which is not allowed in read-only transactions or private browsing,
// so we might as well disallow SQLITE_CREATE_TEMP_INDEX in these cases
- if (m_readOnly && m_securityEnabled)
+ if (!allowWrite())
return SQLAuthDeny;
return denyBasedOnTableName(tableName);
@@ -195,7 +195,7 @@ int DatabaseAuthorizer::createTempIndex(const String&, const String& tableName)
int DatabaseAuthorizer::dropIndex(const String&, const String& tableName)
{
- if (m_readOnly && m_securityEnabled)
+ if (!allowWrite())
return SQLAuthDeny;
return updateDeletesBasedOnTableName(tableName);
@@ -206,7 +206,7 @@ int DatabaseAuthorizer::dropTempIndex(const String&, const String& tableName)
// SQLITE_DROP_TEMP_INDEX should result in a DELETE operation, which is
// not allowed in read-only transactions or private browsing, so we might
// as well disallow SQLITE_DROP_TEMP_INDEX in these cases
- if (m_readOnly && m_securityEnabled)
+ if (!allowWrite())
return SQLAuthDeny;
return updateDeletesBasedOnTableName(tableName);
@@ -214,7 +214,7 @@ int DatabaseAuthorizer::dropTempIndex(const String&, const String& tableName)
int DatabaseAuthorizer::createTrigger(const String&, const String& tableName)
{
- if (m_readOnly && m_securityEnabled)
+ if (!allowWrite())
return SQLAuthDeny;
m_lastActionChangedDatabase = true;
@@ -226,7 +226,7 @@ int DatabaseAuthorizer::createTempTrigger(const String&, const String& tableName
// SQLITE_CREATE_TEMP_TRIGGER results in a INSERT operation, which is not
// allowed in read-only transactions or private browsing, so we might as
// well disallow SQLITE_CREATE_TEMP_TRIGGER in these cases
- if (m_readOnly && m_securityEnabled)
+ if (!allowWrite())
return SQLAuthDeny;
return denyBasedOnTableName(tableName);
@@ -234,7 +234,7 @@ int DatabaseAuthorizer::createTempTrigger(const String&, const String& tableName
int DatabaseAuthorizer::dropTrigger(const String&, const String& tableName)
{
- if (m_readOnly && m_securityEnabled)
+ if (!allowWrite())
return SQLAuthDeny;
return updateDeletesBasedOnTableName(tableName);
@@ -245,7 +245,7 @@ int DatabaseAuthorizer::dropTempTrigger(const String&, const String& tableName)
// SQLITE_DROP_TEMP_TRIGGER results in a DELETE operation, which is not
// allowed in read-only transactions or private browsing, so we might as
// well disallow SQLITE_DROP_TEMP_TRIGGER in these cases
- if (m_readOnly && m_securityEnabled)
+ if (!allowWrite())
return SQLAuthDeny;
return updateDeletesBasedOnTableName(tableName);
@@ -253,7 +253,7 @@ int DatabaseAuthorizer::dropTempTrigger(const String&, const String& tableName)
int DatabaseAuthorizer::createView(const String&)
{
- return (m_readOnly && m_securityEnabled ? SQLAuthDeny : SQLAuthAllow);
+ return (!allowWrite() ? SQLAuthDeny : SQLAuthAllow);
}
int DatabaseAuthorizer::createTempView(const String&)
@@ -261,12 +261,12 @@ int DatabaseAuthorizer::createTempView(const String&)
// SQLITE_CREATE_TEMP_VIEW results in a UPDATE operation, which is not
// allowed in read-only transactions or private browsing, so we might as
// well disallow SQLITE_CREATE_TEMP_VIEW in these cases
- return (m_readOnly && m_securityEnabled ? SQLAuthDeny : SQLAuthAllow);
+ return (!allowWrite() ? SQLAuthDeny : SQLAuthAllow);
}
int DatabaseAuthorizer::dropView(const String&)
{
- if (m_readOnly && m_securityEnabled)
+ if (!allowWrite())
return SQLAuthDeny;
m_hadDeletes = true;
@@ -278,7 +278,7 @@ int DatabaseAuthorizer::dropTempView(const String&)
// SQLITE_DROP_TEMP_VIEW results in a DELETE operation, which is not
// allowed in read-only transactions or private browsing, so we might as
// well disallow SQLITE_DROP_TEMP_VIEW in these cases
- if (m_readOnly && m_securityEnabled)
+ if (!allowWrite())
return SQLAuthDeny;
m_hadDeletes = true;
@@ -287,7 +287,7 @@ int DatabaseAuthorizer::dropTempView(const String&)
int DatabaseAuthorizer::createVTable(const String& tableName, const String& moduleName)
{
- if (m_readOnly && m_securityEnabled)
+ if (!allowWrite())
return SQLAuthDeny;
// Allow only the FTS3 extension
@@ -300,7 +300,7 @@ int DatabaseAuthorizer::createVTable(const String& tableName, const String& modu
int DatabaseAuthorizer::dropVTable(const String& tableName, const String& moduleName)
{
- if (m_readOnly && m_securityEnabled)
+ if (!allowWrite())
return SQLAuthDeny;
// Allow only the FTS3 extension
@@ -312,7 +312,7 @@ int DatabaseAuthorizer::dropVTable(const String& tableName, const String& module
int DatabaseAuthorizer::allowDelete(const String& tableName)
{
- if (m_readOnly && m_securityEnabled)
+ if (!allowWrite())
return SQLAuthDeny;
return updateDeletesBasedOnTableName(tableName);
@@ -320,7 +320,7 @@ int DatabaseAuthorizer::allowDelete(const String& tableName)
int DatabaseAuthorizer::allowInsert(const String& tableName)
{
- if (m_readOnly && m_securityEnabled)
+ if (!allowWrite())
return SQLAuthDeny;
m_lastActionChangedDatabase = true;
@@ -330,7 +330,7 @@ int DatabaseAuthorizer::allowInsert(const String& tableName)
int DatabaseAuthorizer::allowUpdate(const String& tableName, const String&)
{
- if (m_readOnly && m_securityEnabled)
+ if (!allowWrite())
return SQLAuthDeny;
m_lastActionChangedDatabase = true;
@@ -344,12 +344,15 @@ int DatabaseAuthorizer::allowTransaction()
int DatabaseAuthorizer::allowRead(const String& tableName, const String&)
{
+ if (m_permissions & NoAccessMask && m_securityEnabled)
+ return SQLAuthDeny;
+
return denyBasedOnTableName(tableName);
}
int DatabaseAuthorizer::allowReindex(const String&)
{
- return (m_readOnly && m_securityEnabled ? SQLAuthDeny : SQLAuthAllow);
+ return (!allowWrite() ? SQLAuthDeny : SQLAuthAllow);
}
int DatabaseAuthorizer::allowAnalyze(const String& tableName)
@@ -390,9 +393,19 @@ void DatabaseAuthorizer::enable()
m_securityEnabled = true;
}
+bool DatabaseAuthorizer::allowWrite()
+{
+ return !(m_securityEnabled && (m_permissions & ReadOnlyMask || m_permissions & NoAccessMask));
+}
+
void DatabaseAuthorizer::setReadOnly()
{
- m_readOnly = true;
+ m_permissions |= ReadOnlyMask;
+}
+
+void DatabaseAuthorizer::setPermissions(int permissions)
+{
+ m_permissions = permissions;
}
int DatabaseAuthorizer::denyBasedOnTableName(const String& tableName) const
diff --git a/WebCore/storage/DatabaseAuthorizer.h b/WebCore/storage/DatabaseAuthorizer.h
index e7c3922..da7761d 100644
--- a/WebCore/storage/DatabaseAuthorizer.h
+++ b/WebCore/storage/DatabaseAuthorizer.h
@@ -42,6 +42,13 @@ extern const int SQLAuthDeny;
class DatabaseAuthorizer : public ThreadSafeShared<DatabaseAuthorizer> {
public:
+
+ enum Permissions {
+ ReadWriteMask = 0,
+ ReadOnlyMask = 1 << 1,
+ NoAccessMask = 1 << 2
+ };
+
static PassRefPtr<DatabaseAuthorizer> create(const String& databaseInfoTableName);
int createTable(const String& tableName);
@@ -87,6 +94,7 @@ public:
void disable();
void enable();
void setReadOnly();
+ void setPermissions(int permissions);
void reset();
void resetDeletes();
@@ -100,11 +108,12 @@ private:
void addWhitelistedFunctions();
int denyBasedOnTableName(const String&) const;
int updateDeletesBasedOnTableName(const String&);
+ bool allowWrite();
+ int m_permissions;
bool m_securityEnabled : 1;
bool m_lastActionWasInsert : 1;
bool m_lastActionChangedDatabase : 1;
- bool m_readOnly : 1;
bool m_hadDeletes : 1;
const String m_databaseInfoTableName;
diff --git a/WebCore/storage/SQLStatement.cpp b/WebCore/storage/SQLStatement.cpp
index 19e9e38..306f561 100644
--- a/WebCore/storage/SQLStatement.cpp
+++ b/WebCore/storage/SQLStatement.cpp
@@ -43,17 +43,17 @@
namespace WebCore {
-PassRefPtr<SQLStatement> SQLStatement::create(const String& statement, const Vector<SQLValue>& arguments, PassRefPtr<SQLStatementCallback> callback, PassRefPtr<SQLStatementErrorCallback> errorCallback, bool readOnly)
+PassRefPtr<SQLStatement> SQLStatement::create(const String& statement, const Vector<SQLValue>& arguments, PassRefPtr<SQLStatementCallback> callback, PassRefPtr<SQLStatementErrorCallback> errorCallback, int permissions)
{
- return adoptRef(new SQLStatement(statement, arguments, callback, errorCallback, readOnly));
+ return adoptRef(new SQLStatement(statement, arguments, callback, errorCallback, permissions));
}
-SQLStatement::SQLStatement(const String& statement, const Vector<SQLValue>& arguments, PassRefPtr<SQLStatementCallback> callback, PassRefPtr<SQLStatementErrorCallback> errorCallback, bool readOnly)
+SQLStatement::SQLStatement(const String& statement, const Vector<SQLValue>& arguments, PassRefPtr<SQLStatementCallback> callback, PassRefPtr<SQLStatementErrorCallback> errorCallback, int permissions)
: m_statement(statement.crossThreadString())
, m_arguments(arguments)
, m_statementCallback(callback)
, m_statementErrorCallback(errorCallback)
- , m_readOnly(readOnly)
+ , m_permissions(permissions)
{
}
@@ -69,8 +69,7 @@ bool SQLStatement::execute(Database* db)
if (m_error)
return false;
- if (m_readOnly)
- db->setAuthorizerReadOnly();
+ db->setAuthorizerPermissions(m_permissions);
SQLiteDatabase* database = &db->sqliteDatabase();
diff --git a/WebCore/storage/SQLStatement.h b/WebCore/storage/SQLStatement.h
index 89af377..afd605a 100644
--- a/WebCore/storage/SQLStatement.h
+++ b/WebCore/storage/SQLStatement.h
@@ -46,7 +46,7 @@ class SQLTransaction;
class SQLStatement : public ThreadSafeShared<SQLStatement> {
public:
- static PassRefPtr<SQLStatement> create(const String&, const Vector<SQLValue>&, PassRefPtr<SQLStatementCallback>, PassRefPtr<SQLStatementErrorCallback>, bool readOnly);
+ static PassRefPtr<SQLStatement> create(const String&, const Vector<SQLValue>&, PassRefPtr<SQLStatementCallback>, PassRefPtr<SQLStatementErrorCallback>, int permissions);
bool execute(Database*);
bool lastExecutionFailedDueToQuota() const;
@@ -61,7 +61,7 @@ public:
SQLError* sqlError() const { return m_error.get(); }
private:
- SQLStatement(const String& statement, const Vector<SQLValue>& arguments, PassRefPtr<SQLStatementCallback>, PassRefPtr<SQLStatementErrorCallback>, bool readOnly);
+ SQLStatement(const String& statement, const Vector<SQLValue>& arguments, PassRefPtr<SQLStatementCallback>, PassRefPtr<SQLStatementErrorCallback>, int permissions);
void setFailureDueToQuota();
void clearFailureDueToQuota();
@@ -74,7 +74,7 @@ private:
RefPtr<SQLError> m_error;
RefPtr<SQLResultSet> m_resultSet;
- bool m_readOnly;
+ int m_permissions;
};
} // namespace WebCore
diff --git a/WebCore/storage/SQLStatementSync.cpp b/WebCore/storage/SQLStatementSync.cpp
index e47919f..673d50d 100644
--- a/WebCore/storage/SQLStatementSync.cpp
+++ b/WebCore/storage/SQLStatementSync.cpp
@@ -43,18 +43,17 @@
namespace WebCore {
-SQLStatementSync::SQLStatementSync(const String& statement, const Vector<SQLValue>& arguments, bool readOnly)
+SQLStatementSync::SQLStatementSync(const String& statement, const Vector<SQLValue>& arguments, int permissions)
: m_statement(statement)
, m_arguments(arguments)
- , m_readOnly(readOnly)
+ , m_permissions(permissions)
{
ASSERT(!m_statement.isEmpty());
}
PassRefPtr<SQLResultSet> SQLStatementSync::execute(DatabaseSync* db, ExceptionCode& ec)
{
- if (m_readOnly)
- db->setAuthorizerReadOnly();
+ db->setAuthorizerPermissions(m_permissions);
SQLiteDatabase* database = &db->sqliteDatabase();
diff --git a/WebCore/storage/SQLStatementSync.h b/WebCore/storage/SQLStatementSync.h
index dc0394c..d807e55 100644
--- a/WebCore/storage/SQLStatementSync.h
+++ b/WebCore/storage/SQLStatementSync.h
@@ -46,14 +46,14 @@ class SQLResultSet;
class SQLStatementSync {
public:
- SQLStatementSync(const String& statement, const Vector<SQLValue>& arguments, bool readOnly);
+ SQLStatementSync(const String& statement, const Vector<SQLValue>& arguments, int permissions);
PassRefPtr<SQLResultSet> execute(DatabaseSync*, ExceptionCode&);
private:
String m_statement;
Vector<SQLValue> m_arguments;
- bool m_readOnly;
+ int m_permissions;
};
} // namespace WebCore
diff --git a/WebCore/storage/SQLTransaction.cpp b/WebCore/storage/SQLTransaction.cpp
index feaa46e..dea9d97 100644
--- a/WebCore/storage/SQLTransaction.cpp
+++ b/WebCore/storage/SQLTransaction.cpp
@@ -32,6 +32,7 @@
#if ENABLE(DATABASE)
#include "Database.h"
+#include "DatabaseAuthorizer.h"
#include "DatabaseThread.h"
#include "Logging.h"
#include "PlatformString.h"
@@ -93,13 +94,13 @@ void SQLTransaction::executeSQL(const String& sqlStatement, const Vector<SQLValu
return;
}
- bool readOnlyMode = m_readOnly;
- if (!readOnlyMode) {
- if (m_database->scriptExecutionContext()->isDatabaseReadOnly())
- readOnlyMode = true;
- }
+ int permissions = DatabaseAuthorizer::ReadWriteMask;
+ if (!m_database->scriptExecutionContext()->allowDatabaseAccess())
+ permissions |= DatabaseAuthorizer::NoAccessMask;
+ else if (m_readOnly)
+ permissions |= DatabaseAuthorizer::ReadOnlyMask;
- RefPtr<SQLStatement> statement = SQLStatement::create(sqlStatement, arguments, callback, callbackError, readOnlyMode);
+ RefPtr<SQLStatement> statement = SQLStatement::create(sqlStatement, arguments, callback, callbackError, permissions);
if (m_database->deleted())
statement->setDatabaseDeletedError();
diff --git a/WebCore/storage/SQLTransactionSync.cpp b/WebCore/storage/SQLTransactionSync.cpp
index 87f1eff..97a5cc5 100644
--- a/WebCore/storage/SQLTransactionSync.cpp
+++ b/WebCore/storage/SQLTransactionSync.cpp
@@ -33,6 +33,7 @@
#if ENABLE(DATABASE)
+#include "DatabaseAuthorizer.h"
#include "DatabaseSync.h"
#include "PlatformString.h"
#include "SQLException.h"
@@ -86,8 +87,13 @@ PassRefPtr<SQLResultSet> SQLTransactionSync::executeSQL(const String& sqlStateme
if (sqlStatement.isEmpty())
return 0;
- bool readOnlyMode = m_readOnly || m_database->scriptExecutionContext()->isDatabaseReadOnly();
- SQLStatementSync statement(sqlStatement, arguments, readOnlyMode);
+ int permissions = DatabaseAuthorizer::ReadWriteMask;
+ if (!m_database->scriptExecutionContext()->allowDatabaseAccess())
+ permissions |= DatabaseAuthorizer::NoAccessMask;
+ else if (m_readOnly)
+ permissions |= DatabaseAuthorizer::ReadOnlyMask;
+
+ SQLStatementSync statement(sqlStatement, arguments, permissions);
m_database->resetAuthorizer();
bool retryStatement = true;
diff --git a/WebCore/workers/WorkerContext.h b/WebCore/workers/WorkerContext.h
index 5d15d94..7b6c9a2 100644
--- a/WebCore/workers/WorkerContext.h
+++ b/WebCore/workers/WorkerContext.h
@@ -113,7 +113,7 @@ namespace WebCore {
PassRefPtr<DatabaseSync> openDatabaseSync(const String& name, const String& version, const String& displayName, unsigned long estimatedSize, PassRefPtr<DatabaseCallback> creationCallback, ExceptionCode&);
// Not implemented yet.
- virtual bool isDatabaseReadOnly() const { return false; }
+ virtual bool allowDatabaseAccess() const { return true; }
// Not implemented for real yet.
virtual void databaseExceededQuota(const String&);
#endif
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list