Issue #21147: sqlite3 now raises an exception if the request contains a null
character instead of truncate it. Based on patch by Victor Stinner.
This commit is contained in:
parent
abf68ce164
commit
42d67af87f
|
@ -336,6 +336,16 @@ class RegressionTests(unittest.TestCase):
|
|||
sqlite.connect, ":memory:", isolation_level=123)
|
||||
|
||||
|
||||
def CheckNullCharacter(self):
|
||||
# Issue #21147
|
||||
con = sqlite.connect(":memory:")
|
||||
self.assertRaises(ValueError, con, "\0select 1")
|
||||
self.assertRaises(ValueError, con, "select 1\0")
|
||||
cur = con.cursor()
|
||||
self.assertRaises(ValueError, cur.execute, " \0select 2")
|
||||
self.assertRaises(ValueError, cur.execute, "select 2\0")
|
||||
|
||||
|
||||
def suite():
|
||||
regression_suite = unittest.makeSuite(RegressionTests, "Check")
|
||||
return unittest.TestSuite((regression_suite,))
|
||||
|
|
|
@ -32,6 +32,9 @@ Core and Builtins
|
|||
Library
|
||||
-------
|
||||
|
||||
- Issue #21147: sqlite3 now raises an exception if the request contains a null
|
||||
character instead of truncate it. Based on patch by Victor Stinner.
|
||||
|
||||
- Issue #21951: Fixed a crash in Tkinter on AIX when called Tcl command with
|
||||
empty string or tuple argument.
|
||||
|
||||
|
|
|
@ -1261,7 +1261,8 @@ PyObject* pysqlite_connection_call(pysqlite_Connection* self, PyObject* args, Py
|
|||
if (rc == PYSQLITE_TOO_MUCH_SQL) {
|
||||
PyErr_SetString(pysqlite_Warning, "You can only execute one statement at a time.");
|
||||
} else if (rc == PYSQLITE_SQL_WRONG_TYPE) {
|
||||
PyErr_SetString(pysqlite_Warning, "SQL is of wrong type. Must be string or unicode.");
|
||||
if (PyErr_ExceptionMatches(PyExc_TypeError))
|
||||
PyErr_SetString(pysqlite_Warning, "SQL is of wrong type. Must be string.");
|
||||
} else {
|
||||
(void)pysqlite_statement_reset(statement);
|
||||
_pysqlite_seterror(self->db, NULL);
|
||||
|
|
|
@ -63,6 +63,10 @@ int pysqlite_statement_create(pysqlite_Statement* self, pysqlite_Connection* con
|
|||
rc = PYSQLITE_SQL_WRONG_TYPE;
|
||||
return rc;
|
||||
}
|
||||
if (strlen(sql_cstr) != (size_t)sql_cstr_len) {
|
||||
PyErr_SetString(PyExc_ValueError, "the query contains a null character");
|
||||
return PYSQLITE_SQL_WRONG_TYPE;
|
||||
}
|
||||
|
||||
self->in_weakreflist = NULL;
|
||||
Py_INCREF(sql);
|
||||
|
|
Loading…
Reference in New Issue