The function has existed for a long time, but remained unused, AFAIK. I
don't think it should be, and it should be swutched to file-private.
On Apr 11, 2011 10:41 PM, "Greg Stein" <gstein_at_gmail.com> wrote:
> Woah. When did svn_sqlite__prepare arrive?
>
> I'm basically -1 on that.
>
> The whole idea behind static statements was to avoid SQL injection
attacks.
> Allowing the *code* to construct statements opens us up.
>
> This is Not Good.
> On Apr 11, 2011 8:31 PM, <hwright_at_apache.org> wrote:
>> Author: hwright
>> Date: Tue Apr 12 00:31:00 2011
>> New Revision: 1091262
>>
>> URL: http://svn.apache.org/viewvc?rev=1091262&view=rev
>> Log:
>> * subversion/libsvn_wc/wc_db.c
>> (set_changelist_txn): Special case the with-changelist case, to avoid
some
>> confusion by interleaving if-statements.
>>
>> Modified:
>> subversion/trunk/subversion/libsvn_wc/wc_db.c
>>
>> Modified: subversion/trunk/subversion/libsvn_wc/wc_db.c
>> URL:
>
http://svn.apache.org/viewvc/subversion/trunk/subversion/libsvn_wc/wc_db.c?rev=1091262&r1=1091261&r2=1091262&view=diff
>>
>
==============================================================================
>> --- subversion/trunk/subversion/libsvn_wc/wc_db.c (original)
>> +++ subversion/trunk/subversion/libsvn_wc/wc_db.c Tue Apr 12 00:31:00
2011
>> @@ -3460,37 +3460,34 @@ set_changelist_txn(void *baton,
>> svn_relpath_dirname(local_relpath,
>> scratch_pool)));
>> }
>> - else
>> + else if (scb->changelists && scb->changelists->nelts)
>> {
>> - const char *stmt_text = statements[STMT_UPDATE_ACTUAL_CHANGELIST];
>> - const char *filter = construct_filter("changelist",
>> - scb->changelists,
>> - scratch_pool);
>> -
>> - if (*filter)
>> - stmt_text = apr_pstrcat(scratch_pool, stmt_text, " AND ", filter,
>> - NULL);
>> + int i;
>> + const char *stmt_text = apr_pstrcat(scratch_pool,
>> + statements[STMT_UPDATE_ACTUAL_CHANGELIST],
>> + " AND ",
>> + construct_filter("changelist",
>> + scb->changelists,
>> + scratch_pool),
>> + NULL);
>>
>> SVN_ERR(svn_sqlite__prepare(&stmt, wcroot->sdb, stmt_text,
>> scratch_pool));
>>
>> - /* If we have a filter, it means we need to bind the changelist
>> - params. */
>> - if (*filter)
>> + for (i = 0; i < scb->changelists->nelts; i++)
>> {
>> - int i;
>> + const char *cl = APR_ARRAY_IDX(scb->changelists, i, const char *);
>>
>> - for (i = 0; i < scb->changelists->nelts; i++)
>> - {
>> - const char *cl = APR_ARRAY_IDX(scb->changelists, i,
>> - const char *);
>> -
>> - /* The magic number '4' here is the number of existing params,
>> - plus 1, in the statement, which will be bound below. */
>> - SVN_ERR(svn_sqlite__bind_text(stmt, i+4, cl));
>> - }
>> + /* The magic number '4' here is the number of existing params,
>> + plus 1, in the statement, which will be bound below. */
>> + SVN_ERR(svn_sqlite__bind_text(stmt, i+4, cl));
>> }
>> }
>> + else
>> + {
>> + SVN_ERR(svn_sqlite__get_statement(&stmt, wcroot->sdb,
>> + STMT_UPDATE_ACTUAL_CHANGELIST));
>> + }
>>
>> /* Run the update or insert query */
>> SVN_ERR(svn_sqlite__bindf(stmt, "iss", wcroot->wc_id, local_relpath,
>>
>>
Received on 2011-04-12 04:58:07 CEST