diff --git a/Doc/library/sqlite3.rst b/Doc/library/sqlite3.rst index 1da5c7f3ab..869fb59e7e 100644 --- a/Doc/library/sqlite3.rst +++ b/Doc/library/sqlite3.rst @@ -458,7 +458,7 @@ Connection Objects .. versionadded:: 3.3 - .. method:: enable_load_extension(enabled) + .. method:: enable_load_extension(enabled, /) This routine allows/disallows the SQLite engine to load SQLite extensions from shared libraries. SQLite extensions can define new functions, @@ -467,8 +467,14 @@ Connection Objects Loadable extensions are disabled by default. See [#f1]_. + Since Python 3.10, the SQL function ``load_extension()`` is not enabled, + in order to prevent SQL injections attackers to load extensions. + .. versionadded:: 3.2 + .. versionchanged:: 3.10 + The SQL ``load_extension()`` API is no longer enabled. + .. literalinclude:: ../includes/sqlite3/load_extension.py .. method:: load_extension(path) diff --git a/Modules/_sqlite/connection.c b/Modules/_sqlite/connection.c index 9bf2a35ab0..abdf57efd4 100644 --- a/Modules/_sqlite/connection.c +++ b/Modules/_sqlite/connection.c @@ -1143,20 +1143,21 @@ pysqlite_connection_enable_load_extension_impl(pysqlite_Connection *self, int onoff) /*[clinic end generated code: output=9cac37190d388baf input=5c0da5b121121cbc]*/ { - int rc; - if (!pysqlite_check_thread(self) || !pysqlite_check_connection(self)) { return NULL; } - rc = sqlite3_enable_load_extension(self->db, onoff); + int rc = sqlite3_db_config(self->db, + SQLITE_DBCONFIG_ENABLE_LOAD_EXTENSION, + onoff ? 1 : 0, + NULL); if (rc != SQLITE_OK) { - PyErr_SetString(pysqlite_OperationalError, "Error enabling load extension"); + PyErr_SetString(pysqlite_OperationalError, + "Error enabling load extension"); return NULL; - } else { - Py_RETURN_NONE; } + Py_RETURN_NONE; } /*[clinic input]