Fossil

Check-in [0211e8c4]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Automatically disapprove pending moderation requests when deleting a user. This makes it easier to deal with spam-robots.
Downloads: Tarball | ZIP archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: 0211e8c45c76e7196298d4cbd9c58f214f6ae25f4cf2e1f3dd0ef49e128d894e
User & Date: drh 2019-05-17 11:52:13.692
Context
2019-05-17
12:04
Fix the openssl-1.1.1b build procedures. ... (check-in: 00328177 user: drh tags: trunk)
11:52
Automatically disapprove pending moderation requests when deleting a user. This makes it easier to deal with spam-robots. ... (check-in: 0211e8c4 user: drh tags: trunk)
09:41
Added missing nonce to script tags in the bootstrap skin, one of which caused the submenus to not be properly displayed. ... (check-in: 6b47b08e user: stephan tags: trunk)
07:27
When deleting a user via /setup_uedit, also disapprove any pending-moderation entries for users which are no longer in the user table. This is programmatically simpler than only removing entries for the removed user but (potential corner case) would also disapprove pending modreq entries if a user account is renamed while moderation of their content is pending. ... (Closed-Leaf check-in: b14cf3bc user: stephan tags: moderate-disapprove-on-user-delete)
Changes
Unified Diff Ignore Whitespace Patch
Changes to src/moderate.c.
187
188
189
190
191
192
193

































    );
    db_prepare(&q, "%s", blob_sql_text(&sql));
    www_print_timeline(&q, 0, 0, 0, 0, 0);
    db_finalize(&q);
  }
  style_footer();
}








































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
    );
    db_prepare(&q, "%s", blob_sql_text(&sql));
    www_print_timeline(&q, 0, 0, 0, 0, 0);
    db_finalize(&q);
  }
  style_footer();
}

/*
** Disapproves any entries in the modreq table which belong to any
** user whose name is no longer found in the user table. This is only
** intended to be called after user deletion via /setup_uedit.
**
** To figure out whether a name exists it cross-references
** coalesce(event.euser, event.user) with user.login, limiting the
** selection to event entries where objid matches an entry in the
** modreq table.
**
** This is a no-op if called without g.perm.Admin permissions or if
** moderation_table_exists() returns false.
*/
void moderation_disapprove_for_missing_users(){
  Stmt q;
  if( !g.perm.Admin || !moderation_table_exists() ){
    return;
  }
  db_begin_transaction();
  db_prepare(&q,
    "SELECT objid FROM event WHERE objid IN "
    "(SELECT objid FROM modreq) "
    "AND coalesce(euser,user) NOT IN "
    "(SELECT login FROM user)"
  );
  while( db_step(&q)==SQLITE_ROW ){
    int const objid = db_column_int(&q, 0);
    moderation_disapprove(objid);
  }
  db_finalize(&q);
  db_end_transaction(0);
}
Changes to src/setupuser.c.
295
296
297
298
299
300
301

302
303
304
305
306
307
308

  /* Check for requests to delete the user */
  if( P("delete") && cgi_csrf_safe(1) ){
    int n;
    if( P("verifydelete") ){
      /* Verified delete user request */
      db_multi_exec("DELETE FROM user WHERE uid=%d", uid);

      admin_log("Deleted user [%s] (uid %d).",
                PD("login","???")/*safe-for-%s*/, uid);
      cgi_redirect(cgi_referer("setup_ulist"));
      return;
    }
    n = db_int(0, "SELECT count(*) FROM event"
                  " WHERE user=%Q AND objid NOT IN private",







>







295
296
297
298
299
300
301
302
303
304
305
306
307
308
309

  /* Check for requests to delete the user */
  if( P("delete") && cgi_csrf_safe(1) ){
    int n;
    if( P("verifydelete") ){
      /* Verified delete user request */
      db_multi_exec("DELETE FROM user WHERE uid=%d", uid);
      moderation_disapprove_for_missing_users();
      admin_log("Deleted user [%s] (uid %d).",
                PD("login","???")/*safe-for-%s*/, uid);
      cgi_redirect(cgi_referer("setup_ulist"));
      return;
    }
    n = db_int(0, "SELECT count(*) FROM event"
                  " WHERE user=%Q AND objid NOT IN private",