sqlite-defensive-php7.0.patch

index c6bf4af..047b63d 100644
--- a/ext/sqlite3/php_sqlite3.h
+++ b/ext/sqlite3/php_sqlite3.h
@@ -28,6 +28,7 @@
 
 ZEND_BEGIN_MODULE_GLOBALS(sqlite3)
 	char *extension_dir;
+	int dbconfig_defensive;
 ZEND_END_MODULE_GLOBALS(sqlite3)
 
 #ifdef ZTS
diff --git a/ext/sqlite3/sqlite3.c b/ext/sqlite3/sqlite3.c
index a22f455..5e6d9dd 100644
--- a/ext/sqlite3/sqlite3.c
+++ b/ext/sqlite3/sqlite3.c
@@ -81,6 +81,9 @@
 */
 PHP_INI_BEGIN()
 	STD_PHP_INI_ENTRY("sqlite3.extension_dir",  NULL, PHP_INI_SYSTEM, OnUpdateString, extension_dir, zend_sqlite3_globals, sqlite3_globals)
+#if SQLITE_VERSION_NUMBER >= 3026000
+	STD_PHP_INI_ENTRY("sqlite3.defensive",  "1", PHP_INI_SYSTEM, OnUpdateBool, dbconfig_defensive, zend_sqlite3_globals, sqlite3_globals)
+#endif
 PHP_INI_END()
 /* }}} */
 
@@ -178,6 +181,12 @@
 		sqlite3_set_authorizer(db_obj->db, php_sqlite3_authorizer, NULL);
 	}
 
+#if SQLITE_VERSION_NUMBER >= 3026000
+	if (SQLITE3G(dbconfig_defensive)) {
+		sqlite3_db_config(db_obj->db, SQLITE_DBCONFIG_DEFENSIVE, 1, NULL);
+	}
+#endif
+
 	if (fullpath != filename) {
 		efree(fullpath);
 	}
--- /dev/null
+++ b/ext/sqlite3/tests/sqlite3_defensive.phpt
@@ -0,0 +1,40 @@
+--TEST--
+SQLite3 defensive mode ini setting
+--SKIPIF--
+<?php require_once(__DIR__ . '/skipif.inc');
+
+if (SQLite3::version()['versionNumber'] < 3026000) {
+	die("skip: sqlite3 library version < 3.26: no support for defensive mode");
+}
+
+?>
+--INI--
+sqlite3.defensive=On
+--FILE--
+<?php
+
+$db = new SQLite3(':memory:');
+var_dump($db->exec('CREATE TABLE test (a, b);'));
+
+// This does not generate an error!
+var_dump($db->exec('PRAGMA writable_schema = ON;'));
+var_dump($db->querySingle('PRAGMA writable_schema;'));
+
+// Should be 1
+var_dump($db->querySingle('SELECT COUNT(*) FROM sqlite_master;'));
+
+// Should generate an error!
+var_dump($db->querySingle('DELETE FROM sqlite_master;'));
+
+// Should still be 1
+var_dump($db->querySingle('SELECT COUNT(*) FROM sqlite_master;'));
+?>
+--EXPECTF--
+bool(true)
+bool(true)
+int(1)
+int(1)
+
+Warning: SQLite3::querySingle(): Unable to prepare statement: 1, table sqlite_master may not be modified in %s on line %d
+bool(false)
+int(1)
\ No newline at end of file
diff --git a/php.ini-development b/php.ini-development
index 37627ac..5d6a703 100644
--- a/php.ini-development
+++ b/php.ini-development
@@ -975,8 +975,19 @@
 ;intl.use_exceptions = 0
 
 [sqlite3]
+; Directory pointing to SQLite3 extensions
+; http://php.net/sqlite3.extension-dir
 ;sqlite3.extension_dir =
 
+; SQLite defensive mode flag (only available from SQLite 3.26+)
+; When the defensive flag is enabled, language features that allow ordinary
+; SQL to deliberately corrupt the database file are disabled. This forbids
+; writing directly to the schema, shadow tables (eg. FTS data tables), or
+; the sqlite_dbpage virtual table.
+; https://www.sqlite.org/c3ref/c_dbconfig_defensive.html
+; (for older SQLite versions, this flag has no use)
+sqlite3.defensive = 1
+
 [Pcre]
 ;PCRE library backtracking limit.
 ; http://php.net/pcre.backtrack-limit
diff --git a/php.ini-production b/php.ini-production
index c90a856..4501f73 100644
--- a/php.ini-production
+++ b/php.ini-production
@@ -969,8 +969,19 @@
 ;intl.use_exceptions = 0
 
 [sqlite3]
+; Directory pointing to SQLite3 extensions
+; http://php.net/sqlite3.extension-dir
 ;sqlite3.extension_dir =
 
+; SQLite defensive mode flag (only available from SQLite 3.26+)
+; When the defensive flag is enabled, language features that allow ordinary
+; SQL to deliberately corrupt the database file are disabled. This forbids
+; writing directly to the schema, shadow tables (eg. FTS data tables), or
+; the sqlite_dbpage virtual table.
+; https://www.sqlite.org/c3ref/c_dbconfig_defensive.html
+; (for older SQLite versions, this flag has no use)
+sqlite3.defensive = 1
+
 [Pcre]
 ;PCRE library backtracking limit.
 ; http://php.net/pcre.backtrack-limit