From 03514d8f2c63537e1fa5efd91a54916710532e4e Mon Sep 17 00:00:00 2001
From: Christian Ehrlicher <ch.ehrlicher@gmx.de>
Date: Mon, 29 Jan 2024 20:03:37 +0100
Subject: [PATCH] SQL/SQLite: handle option SQLITE_OPEN_NOFOLLOW

Since SQLite 3.31 there is a new open() option SQLITE_OPEN_NOFOLLOW to
disallow a filename with a symlink for security reason. Expose this
option to QSQLite via QSQLITE_OPEN_NOFOLLOW.

[ChangeLog][SQL][SQLite] Add new option QSQLITE_OPEN_NOFOLLOW to expose
open mode SQLITE_OPEN_NOFOLLOW.

Change-Id: I2d6218bde2bf8b4f1bc36125dffa551b52369072
Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io>
(cherry picked from commit 3379fd2322d112af4ef7ce75aafe18c27746acae)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
---
 src/plugins/sqldrivers/sqlite/qsql_sqlite.cpp | 12 ++++++++++++
 src/sql/doc/src/sql-driver.qdoc               |  5 ++++-
 2 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/src/plugins/sqldrivers/sqlite/qsql_sqlite.cpp b/src/plugins/sqldrivers/sqlite/qsql_sqlite.cpp
index 8f4bdaeb1bb..f8a9fe67255 100644
--- a/src/plugins/sqldrivers/sqlite/qsql_sqlite.cpp
+++ b/src/plugins/sqldrivers/sqlite/qsql_sqlite.cpp
@@ -754,6 +754,7 @@ bool QSQLiteDriver::open(const QString & db, const QString &, const QString &, c
     bool useExtendedResultCodes = true;
     bool useQtVfs = false;
     bool useQtCaseFolding = false;
+    bool openNoFollow = false;
 #if QT_CONFIG(regularexpression)
     static const auto regexpConnectOption = "QSQLITE_ENABLE_REGEXP"_L1;
     bool defineRegexp = false;
@@ -783,6 +784,8 @@ bool QSQLiteDriver::open(const QString & db, const QString &, const QString &, c
             useExtendedResultCodes = false;
         } else if (option == "QSQLITE_ENABLE_NON_ASCII_CASE_FOLDING"_L1) {
             useQtCaseFolding = true;
+        } else if (option == "QSQLITE_OPEN_NOFOLLOW"_L1) {
+            openNoFollow = true;
         }
 #if QT_CONFIG(regularexpression)
         else if (option.startsWith(regexpConnectOption)) {
@@ -800,12 +803,21 @@ bool QSQLiteDriver::open(const QString & db, const QString &, const QString &, c
             }
         }
 #endif
+        else
+            qWarning("Unsupported option '%ls'", qUtf16Printable(option.toString()));
     }
 
     int openMode = (openReadOnlyOption ? SQLITE_OPEN_READONLY : (SQLITE_OPEN_READWRITE | SQLITE_OPEN_CREATE));
     openMode |= (sharedCache ? SQLITE_OPEN_SHAREDCACHE : SQLITE_OPEN_PRIVATECACHE);
     if (openUriOption)
         openMode |= SQLITE_OPEN_URI;
+    if (openNoFollow) {
+#if defined(SQLITE_OPEN_NOFOLLOW)
+        openMode |= SQLITE_OPEN_NOFOLLOW;
+#else
+        qWarning("SQLITE_OPEN_NOFOLLOW not supported with the SQLite version %s", sqlite3_libversion());
+#endif
+    }
 
     openMode |= SQLITE_OPEN_NOMUTEX;
 
diff --git a/src/sql/doc/src/sql-driver.qdoc b/src/sql/doc/src/sql-driver.qdoc
index bc1b58b74f1..8593233d1b4 100644
--- a/src/sql/doc/src/sql-driver.qdoc
+++ b/src/sql/doc/src/sql-driver.qdoc
@@ -756,11 +756,14 @@
     \row
       \li QSQLITE_NO_USE_EXTENDED_RESULT_CODES
       \li Disables the usage of the \l {https://www.sqlite.org/c3ref/extended_result_codes.html}
-          {extended result code} feature in SQLite (for backwards compatibility)
+          {extended result code} feature in SQLite
     \row
       \li QSQLITE_ENABLE_NON_ASCII_CASE_FOLDING
       \li If set, the plugin replaces the functions 'lower' and 'upper' with
           QString functions for correct case folding of non-ascii characters
+    \row
+      \li QSQLITE_OPEN_NOFOLLOW
+      \li If set, the database filename is not allowed to contain a symbolic link
     \endtable
 
     \section3 How to Build the QSQLITE Plugin