WebCore: Changing SQLiteStatement::prepare() to return an error when it's
authordumi@chromium.org <dumi@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 1 Apr 2010 22:45:35 +0000 (22:45 +0000)
committerdumi@chromium.org <dumi@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 1 Apr 2010 22:45:35 +0000 (22:45 +0000)
given a string that has more than one statement in it. Currently,
everything past the first statement is silently ignored.

Reviewed by Dimitri Glazkov.

Test: storage/executesql-accepts-only-one-statement.html

* platform/sql/SQLiteStatement.cpp:
(WebCore::SQLiteStatement::prepare):

LayoutTests: Testing that executeSql() accepts only one-statement strings.

Reviewed by Dimitri Glazkov.

* storage/executesql-accepts-only-one-statement-expected.txt: Added.
* storage/executesql-accepts-only-one-statement.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@56943 268f45cc-cd09-0410-ab3c-d52691b4dbfc

LayoutTests/ChangeLog
LayoutTests/storage/executesql-accepts-only-one-statement-expected.txt [new file with mode: 0644]
LayoutTests/storage/executesql-accepts-only-one-statement.html [new file with mode: 0644]
WebCore/ChangeLog
WebCore/platform/sql/SQLiteStatement.cpp

index dd7fb4d..cabddae 100644 (file)
@@ -1,3 +1,12 @@
+2010-03-29  Dumitru Daniliuc  <dumi@chromium.org>
+
+        Reviewed by Dimitri Glazkov.
+
+        Testing that executeSql() accepts only one-statement strings.
+
+        * storage/executesql-accepts-only-one-statement-expected.txt: Added.
+        * storage/executesql-accepts-only-one-statement.html: Added.
+
 2010-04-01  James Robinson  <jamesr@chromium.org>
 
         Reviewed by Simon Fraser.
diff --git a/LayoutTests/storage/executesql-accepts-only-one-statement-expected.txt b/LayoutTests/storage/executesql-accepts-only-one-statement-expected.txt
new file mode 100644 (file)
index 0000000..b95ceee
--- /dev/null
@@ -0,0 +1,3 @@
+This test tests that executeSql() fails when called with a string that has more than one valid statement in it.
+Test passed.
+
diff --git a/LayoutTests/storage/executesql-accepts-only-one-statement.html b/LayoutTests/storage/executesql-accepts-only-one-statement.html
new file mode 100644 (file)
index 0000000..a3860c8
--- /dev/null
@@ -0,0 +1,78 @@
+<html>
+<head>
+<script>
+
+var TOTAL_STATEMENTS = 8;
+var statements = 0;
+var db = null;
+
+function log(message)
+{
+    document.body.innerText += message + "\n";
+}
+
+function terminateTest()
+{
+    if (window.layoutTestController)
+        layoutTestController.notifyDone();
+}
+
+function executeStatement(expectedToPass, statement)
+{
+    db.transaction(function(tx) {
+        tx.executeSql(statement, [],
+            function(tx, data) {
+                if (!expectedToPass) {
+                    log("Statement " + statement + " was expected to fail, but passed.");
+                    terminateTest();
+                }
+                if (++statements == TOTAL_STATEMENTS) {
+                    log("Test passed.");
+                    terminateTest();
+                }
+            }, function(tx, error) {
+                if (expectedToPass) {
+                    log("Statement " + statement + " was expected to pass, but failed.");
+                    terminateTest();
+                }
+                if (++statements == TOTAL_STATEMENTS) {
+                    log("Test passed.");
+                    terminateTest();
+                }
+            });
+    });
+}
+
+function runTest()
+{
+    if (window.layoutTestController) {
+        layoutTestController.clearAllDatabases();
+        layoutTestController.dumpAsText();
+        layoutTestController.waitUntilDone();
+    }
+
+    db = openDatabase("ExecuteSQLAcceptsOnlyOneStatementTest", "1.0", "", 1);
+    db.transaction(function(tx) {
+        tx.executeSql("CREATE TABLE IF NOT EXISTS Test (Foo INT)");
+    }, function(error) {
+        log("Test failed: " + error.message);
+        terminateTest();
+    }, function() {
+        executeStatement(true, "INSERT INTO Test VALUES (1)");
+        executeStatement(true, "INSERT INTO Test VALUES (2);");
+        executeStatement(true, "   INSERT INTO Test VALUES (3)    ");
+        executeStatement(true, "   INSERT INTO Test VALUES (4);   ");
+        executeStatement(true, "INSERT INTO Test VALUES (5)   ;");
+        executeStatement(false, "INSERT INTO Test VALUES (6); garbage");
+        executeStatement(false, "INSERT INTO Test VALUES (7); INSERT INTO Test VALUES (8)");
+        executeStatement(false, "  INSERT INTO Test VALUES (9);   INSERT INTO Test VALUES (10);   ");
+    });
+}
+
+</script>
+</head>
+<body onload="runTest();">
+This test tests that executeSql() fails when called with a string that has more than one valid statement in it.<br>
+</body>
+</body>
+</html>
index 48ac3c0..b69a321 100644 (file)
@@ -1,3 +1,16 @@
+2010-03-29  Dumitru Daniliuc  <dumi@chromium.org>
+
+        Reviewed by Dimitri Glazkov.
+
+        Changing SQLiteStatement::prepare() to return an error when it's
+        given a string that has more than one statement in it. Currently,
+        everything past the first statement is silently ignored.
+
+        Test: storage/executesql-accepts-only-one-statement.html
+
+        * platform/sql/SQLiteStatement.cpp:
+        (WebCore::SQLiteStatement::prepare):
+
 2010-04-01  James Robinson  <jamesr@chromium.org>
 
         Reviewed by Simon Fraser.
index ac96034..4203d4d 100644 (file)
@@ -63,9 +63,12 @@ int SQLiteStatement::prepare()
     ASSERT(!m_isPrepared);
     const void* tail;
     LOG(SQLDatabase, "SQL - prepare - %s", m_query.ascii().data());
-    int error = sqlite3_prepare16_v2(m_database.sqlite3Handle(), m_query.charactersWithNullTermination(), -1, &m_statement, &tail);
+    int error = sqlite3_prepare16_v2(m_database.sqlite3Handle(), m_query.stripWhiteSpace().charactersWithNullTermination(), -1, &m_statement, &tail);
     if (error != SQLITE_OK)
         LOG(SQLDatabase, "sqlite3_prepare16 failed (%i)\n%s\n%s", error, m_query.ascii().data(), sqlite3_errmsg(m_database.sqlite3Handle()));
+    const UChar* ch = static_cast<const UChar*>(tail);
+    if (*ch)
+        error = SQLITE_ERROR;
 #ifndef NDEBUG
     m_isPrepared = error == SQLITE_OK;
 #endif