Fossil

Check-in [09e6fc3d]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Fixes to login checking for the skin editor.
Downloads: Tarball | ZIP archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: 09e6fc3df383db287298ef7953a422e8c6abb2aebb3b02cf1d7ed33943421e45
User & Date: drh 2018-07-14 19:57:42.112
Context
2018-07-14
20:07
Fix display text typo on the skin editor page for non-administrators. ... (check-in: 3a903bfd user: drh tags: trunk)
19:57
Fixes to login checking for the skin editor. ... (check-in: 09e6fc3d user: drh tags: trunk)
16:22
Add missing option to diff option summary ... (check-in: 9b733276 user: andygoth tags: trunk)
Changes
Unified Diff Ignore Whitespace Patch
Changes to src/login.c.
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
         style_load_one_js_file("login.js");
      }
      @ </div>
      free(zCaptcha);
    }
    @ </form>
  }
  if( g.zLogin && g.perm.Password ){
    if( email_enabled() ){
      @ <hr>
      @ <p>Configure <a href="%R/alerts">Email Alerts</a>
      @ for user <b>%h(g.zLogin)</b></p>
    }
    @ <hr />
    @ <p>Change Password for user <b>%h(g.zLogin)</b>:</p>







|







727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
         style_load_one_js_file("login.js");
      }
      @ </div>
      free(zCaptcha);
    }
    @ </form>
  }
  if( login_is_individual() && g.perm.Password ){
    if( email_enabled() ){
      @ <hr>
      @ <p>Configure <a href="%R/alerts">Email Alerts</a>
      @ for user <b>%h(g.zLogin)</b></p>
    }
    @ <hr />
    @ <p>Change Password for user <b>%h(g.zLogin)</b>:</p>
Changes to src/skins.c.
720
721
722
723
724
725
726

727
728
729



730
731
732
733
734
735
736
737
738
739
740
  iSkin = atoi(PD("sk","1"));
  if( iSkin<1 || iSkin>9 ) iSkin = 1;

  /* Check that the user is authorized to edit this skin. */
  if( !g.perm.Setup ){
    char *zAllowedEditors = db_get_mprintf("", "draft%d-users", iSkin);
    Glob *pAllowedEditors;

    if( zAllowedEditors[0] ){
      pAllowedEditors = glob_create(zAllowedEditors);
      if( !glob_match(pAllowedEditors, zAllowedEditors) ){



        login_needed(0);
        return;
      }
      glob_free(pAllowedEditors);
    }
  }

  /* figure out which file is to be edited */
  ii = atoi(PD("w","0"));
  if( ii<0 || ii>count(aSkinAttr) ) ii = 0;
  zFile = aSkinAttr[ii].zFile;







>


|
>
>
>
|
|
<
<







720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735


736
737
738
739
740
741
742
  iSkin = atoi(PD("sk","1"));
  if( iSkin<1 || iSkin>9 ) iSkin = 1;

  /* Check that the user is authorized to edit this skin. */
  if( !g.perm.Setup ){
    char *zAllowedEditors = db_get_mprintf("", "draft%d-users", iSkin);
    Glob *pAllowedEditors;
    int isMatch = 0;
    if( zAllowedEditors[0] ){
      pAllowedEditors = glob_create(zAllowedEditors);
      isMatch = glob_match(pAllowedEditors, zAllowedEditors);
      glob_free(pAllowedEditors);
    }
    if( isMatch==0 ){
      login_needed(0);
      return;


    }
  }

  /* figure out which file is to be edited */
  ii = atoi(PD("w","0"));
  if( ii<0 || ii>count(aSkinAttr) ) ii = 0;
  zFile = aSkinAttr[ii].zFile;
872
873
874
875
876
877
878




879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
  iSkin = atoi(PD("sk","1"));
  if( iSkin<1 || iSkin>9 ) iSkin = 1;

  /* Figure out if the current user is allowed to make administrative
  ** changes and/or edits
  */
  login_check_credentials();




  zAllowedEditors = db_get_mprintf("", "draft%d-users", iSkin);
  if( g.perm.Setup ){
    isSetup = isEditor = 1;
  }else{
    Glob *pAllowedEditors;
    isSetup = isEditor = 0;
    if( zAllowedEditors[0] ){
      pAllowedEditors = glob_create(zAllowedEditors);
      isEditor = glob_match(pAllowedEditors, zAllowedEditors);
      glob_free(pAllowedEditors);
    }
  }

  /* Initialize the skin, if requested and authorized. */
  if( P("init3")!=0 && isEditor ){
    skin_initialize_draft(iSkin, P("initskin"));







>
>
>
>








|







874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
  iSkin = atoi(PD("sk","1"));
  if( iSkin<1 || iSkin>9 ) iSkin = 1;

  /* Figure out if the current user is allowed to make administrative
  ** changes and/or edits
  */
  login_check_credentials();
  if( !login_is_individual() ){
    login_needed(0);
    return;
  }
  zAllowedEditors = db_get_mprintf("", "draft%d-users", iSkin);
  if( g.perm.Setup ){
    isSetup = isEditor = 1;
  }else{
    Glob *pAllowedEditors;
    isSetup = isEditor = 0;
    if( zAllowedEditors[0] ){
      pAllowedEditors = glob_create(zAllowedEditors);
      isEditor = glob_match(pAllowedEditors, g.zLogin);
      glob_free(pAllowedEditors);
    }
  }

  /* Initialize the skin, if requested and authorized. */
  if( P("init3")!=0 && isEditor ){
    skin_initialize_draft(iSkin, P("initskin"));