From cad810f21b803229eb11403f9209855525a25d57 Mon Sep 17 00:00:00 2001 From: Steve Block Date: Fri, 6 May 2011 11:45:16 +0100 Subject: Merge WebKit at r75315: Initial merge by git. Change-Id: I570314b346ce101c935ed22a626b48c2af266b84 --- Source/WebCore/storage/SQLStatement.cpp | 203 ++++++++++++++++++++++++++++++++ 1 file changed, 203 insertions(+) create mode 100644 Source/WebCore/storage/SQLStatement.cpp (limited to 'Source/WebCore/storage/SQLStatement.cpp') diff --git a/Source/WebCore/storage/SQLStatement.cpp b/Source/WebCore/storage/SQLStatement.cpp new file mode 100644 index 0000000..306f561 --- /dev/null +++ b/Source/WebCore/storage/SQLStatement.cpp @@ -0,0 +1,203 @@ +/* + * Copyright (C) 2007 Apple Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of Apple Computer, Inc. ("Apple") nor the names of + * its contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY + * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY + * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND + * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "config.h" +#include "SQLStatement.h" + +#if ENABLE(DATABASE) + +#include "Database.h" +#include "Logging.h" +#include "SQLError.h" +#include "SQLiteDatabase.h" +#include "SQLiteStatement.h" +#include "SQLStatementCallback.h" +#include "SQLStatementErrorCallback.h" +#include "SQLTransaction.h" +#include "SQLValue.h" +#include + +namespace WebCore { + +PassRefPtr SQLStatement::create(const String& statement, const Vector& arguments, PassRefPtr callback, PassRefPtr errorCallback, int permissions) +{ + return adoptRef(new SQLStatement(statement, arguments, callback, errorCallback, permissions)); +} + +SQLStatement::SQLStatement(const String& statement, const Vector& arguments, PassRefPtr callback, PassRefPtr errorCallback, int permissions) + : m_statement(statement.crossThreadString()) + , m_arguments(arguments) + , m_statementCallback(callback) + , m_statementErrorCallback(errorCallback) + , m_permissions(permissions) +{ +} + +bool SQLStatement::execute(Database* db) +{ + ASSERT(!m_resultSet); + + // If we're re-running this statement after a quota violation, we need to clear that error now + clearFailureDueToQuota(); + + // This transaction might have been marked bad while it was being set up on the main thread, + // so if there is still an error, return false. + if (m_error) + return false; + + db->setAuthorizerPermissions(m_permissions); + + SQLiteDatabase* database = &db->sqliteDatabase(); + + SQLiteStatement statement(*database, m_statement); + int result = statement.prepare(); + + if (result != SQLResultOk) { + LOG(StorageAPI, "Unable to verify correctness of statement %s - error %i (%s)", m_statement.ascii().data(), result, database->lastErrorMsg()); + m_error = SQLError::create(result == SQLResultInterrupt ? SQLError::DATABASE_ERR : SQLError::SYNTAX_ERR, database->lastErrorMsg()); + return false; + } + + // FIXME: If the statement uses the ?### syntax supported by sqlite, the bind parameter count is very likely off from the number of question marks. + // If this is the case, they might be trying to do something fishy or malicious + if (statement.bindParameterCount() != m_arguments.size()) { + LOG(StorageAPI, "Bind parameter count doesn't match number of question marks"); + m_error = SQLError::create(db->isInterrupted() ? SQLError::DATABASE_ERR : SQLError::SYNTAX_ERR, "number of '?'s in statement string does not match argument count"); + return false; + } + + for (unsigned i = 0; i < m_arguments.size(); ++i) { + result = statement.bindValue(i + 1, m_arguments[i]); + if (result == SQLResultFull) { + setFailureDueToQuota(); + return false; + } + + if (result != SQLResultOk) { + LOG(StorageAPI, "Failed to bind value index %i to statement for query '%s'", i + 1, m_statement.ascii().data()); + m_error = SQLError::create(SQLError::DATABASE_ERR, database->lastErrorMsg()); + return false; + } + } + + RefPtr resultSet = SQLResultSet::create(); + + // Step so we can fetch the column names. + result = statement.step(); + if (result == SQLResultRow) { + int columnCount = statement.columnCount(); + SQLResultSetRowList* rows = resultSet->rows(); + + for (int i = 0; i < columnCount; i++) + rows->addColumn(statement.getColumnName(i)); + + do { + for (int i = 0; i < columnCount; i++) + rows->addResult(statement.getColumnValue(i)); + + result = statement.step(); + } while (result == SQLResultRow); + + if (result != SQLResultDone) { + m_error = SQLError::create(SQLError::DATABASE_ERR, database->lastErrorMsg()); + return false; + } + } else if (result == SQLResultDone) { + // Didn't find anything, or was an insert + if (db->lastActionWasInsert()) + resultSet->setInsertId(database->lastInsertRowID()); + } else if (result == SQLResultFull) { + // Return the Quota error - the delegate will be asked for more space and this statement might be re-run + setFailureDueToQuota(); + return false; + } else { + m_error = SQLError::create(SQLError::DATABASE_ERR, database->lastErrorMsg()); + return false; + } + + // FIXME: If the spec allows triggers, and we want to be "accurate" in a different way, we'd use + // sqlite3_total_changes() here instead of sqlite3_changed, because that includes rows modified from within a trigger + // For now, this seems sufficient + resultSet->setRowsAffected(database->lastChanges()); + + m_resultSet = resultSet; + return true; +} + +void SQLStatement::setDatabaseDeletedError() +{ + ASSERT(!m_error && !m_resultSet); + m_error = SQLError::create(SQLError::UNKNOWN_ERR, "unable to execute statement, because the user deleted the database"); +} + +void SQLStatement::setVersionMismatchedError() +{ + ASSERT(!m_error && !m_resultSet); + m_error = SQLError::create(SQLError::VERSION_ERR, "current version of the database and `oldVersion` argument do not match"); +} + +bool SQLStatement::performCallback(SQLTransaction* transaction) +{ + ASSERT(transaction); + + bool callbackError = false; + + // Call the appropriate statement callback and track if it resulted in an error, + // because then we need to jump to the transaction error callback. + if (m_error) { + ASSERT(m_statementErrorCallback); + callbackError = m_statementErrorCallback->handleEvent(transaction, m_error.get()); + } else if (m_statementCallback) + callbackError = !m_statementCallback->handleEvent(transaction, m_resultSet.get()); + + // Now release our callbacks, to break reference cycles. + m_statementCallback = 0; + m_statementErrorCallback = 0; + + return callbackError; +} + +void SQLStatement::setFailureDueToQuota() +{ + ASSERT(!m_error && !m_resultSet); + m_error = SQLError::create(SQLError::QUOTA_ERR, "there was not enough remaining storage space, or the storage quota was reached and the user declined to allow more space"); +} + +void SQLStatement::clearFailureDueToQuota() +{ + if (lastExecutionFailedDueToQuota()) + m_error = 0; +} + +bool SQLStatement::lastExecutionFailedDueToQuota() const +{ + return m_error && m_error->code() == SQLError::QUOTA_ERR; +} + +} // namespace WebCore + +#endif // ENABLE(DATABASE) -- cgit v1.1