Refactor names of flags for improved legibility.

FossilOrigin-Name: 411e8ec2219bb4181aaf2209fb1e7baf5e8df8b8c8adb82a69b48cf7e8e7e7d4

src/sqlite.h.in

@@ -2265,19 +2265,24 @@ struct sqlite3_mem_methods {
 ** compile-time option.
 ** </dd>
 **
-** [[SQLITE_DBCONFIG_INDIRECT_UNSAFE]]
-** <dt>SQLITE_DBCONFIG_INDIRECT_UNSAFE</td>
-** <dd>The SQLITE_DBCONFIG_INDIRECT_UNSAFE option activates or deactivates
-** the ability to use "unsafe" SQL functions and virtual tables in the
-** schema of the database.  Using an SQL function or virtual table "in the
-** schema" means using the rsource in a
-** trigger, view, CHECK constraint, INDEX definition, generated column,
-** default value, or in any other context that is part of the DDL for the
-** database file.  "Unsafe" SQL functions are SQL functions that are not
-** tagged with [SQLITE_INNOCUOUS]. 
-** <p>For legacy compatibility, the SQLITE_DBCONFIG_INDIRECT_UNSAFE setting
-** defaults to "on". Applications that are operating on untrusted database
-** files are advised to change this setting to "off".
+** [[SQLITE_DBCONFIG_UNTRUSTED_SCHEMA]]
+** <dt>SQLITE_DBCONFIG_UNTRUSTED_SCHEMA</td>
+** <dd>The SQLITE_DBCONFIG_UNTRUSTED_SCHEMA option tells the SQLite 
+** database connection that the schemas of the database files it reads
+** might contain malicious corruption intended to harm the application.
+** When the SQLITE_DBCONFIG_UNTRUSTED_SCHEMA option is enabled, SQLite
+** takes additional defensive steps including, but not limited to, the
+** following:
+** <ul>
+** <li> Prohibit the use of SQL functions inside triggers, views,
+** CHECK constraints, DEFAULT VALUEs, index definitions, and/or
+** generated columns unless those functions are tagged
+** with [SQLITE_INNOCUOUS].
+** <li> Pohibit the use of virtual tables inside of triggers and/or views
+** unless those virtual tables are tagged with [SQLITE_VTAB_INNOCUOUS].
+** </ul>
+** This setting defaults to "off" for legacy compatibility, however
+** all applications are advised to turn it on if possible.
 ** </dd>
 **
 ** [[SQLITE_DBCONFIG_LEGACY_FILE_FORMAT]]
@@ -2320,7 +2325,7 @@ struct sqlite3_mem_methods {
 #define SQLITE_DBCONFIG_DQS_DDL               1014 /* int int* */
 #define SQLITE_DBCONFIG_ENABLE_VIEW           1015 /* int int* */
 #define SQLITE_DBCONFIG_LEGACY_FILE_FORMAT    1016 /* int int* */
-#define SQLITE_DBCONFIG_ENABLE_UNSAFE_DDL     1017 /* int int* */
+#define SQLITE_DBCONFIG_UNTRUSTED_SCHEMA      1017 /* int int* */
 #define SQLITE_DBCONFIG_MAX                   1017 /* Largest DBCONFIG */
 
 /*
@@ -8899,7 +8904,7 @@ int sqlite3_vtab_config(sqlite3*, int op, ...);
 **
 ** <dl>
 ** [[SQLITE_VTAB_CONSTRAINT_SUPPORT]]
-** <dt>SQLITE_VTAB_CONSTRAINT_SUPPORT
+** <dt>SQLITE_VTAB_CONSTRAINT_SUPPORT</dt>
 ** <dd>Calls of the form
 ** [sqlite3_vtab_config](db,SQLITE_VTAB_CONSTRAINT_SUPPORT,X) are supported,
 ** where X is an integer.  If X is zero, then the [virtual table] whose
@@ -8928,9 +8933,31 @@ int sqlite3_vtab_config(sqlite3*, int op, ...);
 ** return SQLITE_OK. Or, if this is not possible, it may return
 ** SQLITE_CONSTRAINT, in which case SQLite falls back to OR ABORT 
 ** constraint handling.
+** </dd>
+**
+** [[SQLITE_VTAB_INNOCUOUS]]<dt>SQLITE_VTAB_INNOCUOUS</dt>
+** <dd>Calls of the form
+** [sqlite3_vtab_config](db,SQLITE_VTAB_INNOCUOUS) from within the
+** the [xConnect] or [xCreate] methods of a [virtual table] implmentation
+** identify that virtual table as being safe to use from within triggers
+** and views.  Conceptually, the SQLITE_VTAB_INNOCUOUS tag means that the
+** virtual table can do no serious harm even if it is controlled by a
+** malicious hacker.  Developers should avoid setting the SQLITE_VTAB_INNOCUOUS
+** flag unless absolutely necessary.
+** </dd>
+**
+** [[SQLITE_VTAB_DIRECTONLY]]<dt>SQLITE_VTAB_DIRECTONLY</dt>
+** <dd>Calls of the form
+** [sqlite3_vtab_config](db,SQLITE_VTAB_DIRECTONLY) from within the
+** the [xConnect] or [xCreate] methods of a [virtual table] implmentation
+** prohibits that virtual table from being used from within triggers and
+** views.
+** </dd>
 ** </dl>
 */
 #define SQLITE_VTAB_CONSTRAINT_SUPPORT 1
+#define SQLITE_VTAB_INNOCUOUS          2
+#define SQLITE_VTAB_DIRECTONLY         3
 
 /*
 ** CAPI3REF: Determine The Virtual Table Conflict Policy