Birthday Fossil

Changes On Branch release
Login
Patch Side-by-Side Diff

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Changes In Branch branch-2.14 Excluding Merge-Ins

This is equivalent to a diff from 487776dc45 to 4de59089c2

2021-04-08
01:07
Version 2.14.1 ... (Leaf check-in: 4de59089c2 user: drh tags: release, version-2.14.1, branch-2.14)
01:07
But, do not allow access to private columns of fx_ tables unless the user has "Email" privilege (letter "e"). ... (check-in: 96b0c1ffac user: drh tags: branch-2.14)
00:22
Bug fix: Restore access to tables whose names start with "fx_" in ticket reports. ... (check-in: 3cea3a02ac user: drh tags: branch-2.14)
2021-01-21
23:33
Add the --list option to the "tarball", "zip", and "sqlar" commands. Also rig those commands so that if the output filename is an empty string or "/dev/null" then they do not actually form the output archive. ... (check-in: c88880fa8a user: drh tags: trunk)
2021-01-20
19:19
Merge version-2.14 ... (check-in: 0e31c8d258 user: george tags: wiki-history)
15:34
Version 2.14 ... (check-in: 487776dc45 user: drh tags: trunk, release, version-2.14)
12:16
Enhancements to the change log. Mention SQLite 3.35 and Fossil performance optimizations. ... (check-in: fc8452b13f user: drh tags: trunk)

Changes to VERSION. 
1



1

-
+

2.14
2.14.1
Changes to src/report.c. 
197
198
199
200
201
202
203
204

205
206
207
208
209
210
211
212

213
214
215


216
217

218
219
220
221
222
223





224
225
226

227
228
229
230
231
232
233

197
198
199
200
201
202
203

204
205
206
207
208
209
210
211

212
213


214
215
216

217
218
219
220
221
222

223
224
225
226
227
228
229

230
231
232
233
234
235
236
237








-
+







-
+

-
-
+
+

-
+





-
+
+
+
+
+


-
+








         "tagxref",
         "ticket",
         "ticketchng",
         "unversioned",
      };
      int lwr = 0;
      int upr = count(azAllowed) - 1;
      int rc = 0;
      int cmp = 0;
      if( zArg1==0 ){
        /* Some legacy versions of SQLite will sometimes send spurious
        ** READ authorizations that have no table name.  These can be
        ** ignored. */
        rc = SQLITE_IGNORE;
        break;
      }
      while( lwr<upr ){
      while( lwr<=upr ){
        int i = (lwr+upr)/2;
        int rc = fossil_stricmp(zArg1, azAllowed[i]);
        if( rc<0 ){
        cmp = fossil_stricmp(zArg1, azAllowed[i]);
        if( cmp<0 ){
          upr = i - 1;
        }else if( rc>0 ){
        }else if( cmp>0 ){
          lwr = i + 1;
        }else{
          break;
        }
      }
      if( rc ){
      if( cmp ){
        /* Always ok to access tables whose names begin with "fx_" */
        cmp = sqlite3_strnicmp(zArg1, "fx_", 3);
      }
      if( cmp ){
        *(char**)pError = mprintf("access to table \"%s\" is restricted",zArg1);
        rc = SQLITE_DENY;
      }else if( !g.perm.RdAddr && strncmp(zArg2, "private_", 8)==0 ){
      }else if( !g.perm.RdAddr && sqlite3_strnicmp(zArg2, "private_", 8)==0 ){
        rc = SQLITE_IGNORE;
      }
      break;
    }
    default: {
      *(char**)pError = mprintf("only SELECT statements are allowed");
      rc = SQLITE_DENY;