Differences From Artifact [c9a0fcba1d]:

• File src/codecheck1.c — part of check-in [bb9233a61a] at 2018-06-21 16:40:35 on branch trunk — Strengthen the codecheck1.c utility program to help find cases where query parameters are used in unsafe ways. No unsafe usage of query parameters was detected in the current code. (user: drh size: 17225) [more...]

To Artifact [3da69f1393]:

• File src/codecheck1.c — part of check-in [31be2e17a4] at 2018-06-21 19:10:00 on branch email-alerts — The /subscribe page now creates entries in the subscriber table and sends verification emails. (user: drh size: 17284) [more...]

329
330
331
332
333
334
335
336




337
338
339
340
341
342
343

/*
** Return true if the input is an argument that is never safe for use
** with %s.
*/
static int never_safe(const char *z){
  if( strstr(z,"/*safe-for-%s*/")!=0 ) return 0;
  if( z[0]=='P' ) return 1;  /* CGI macros like P() and PD() */




  if( strncmp(z,"cgi_param",9)==0 ) return 1;
  return 0;
}

/*
** Processing flags
*/

|
>
>
>
>

329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347

/*
** Return true if the input is an argument that is never safe for use
** with %s.
*/
static int never_safe(const char *z){
  if( strstr(z,"/*safe-for-%s*/")!=0 ) return 0;
  if( z[0]=='P' ){
    if( strncmp(z,"PIF(",4)==0 ) return 0;
    if( strncmp(z,"PCK(",4)==0 ) return 0;
    return 1;
  }
  if( strncmp(z,"cgi_param",9)==0 ) return 1;
  return 0;
}

/*
** Processing flags
*/