Fossil

Check-in [e1ea6c26]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Disallow creating users with empty login. Ticket [66ce1088].
Downloads: Tarball | ZIP archive
Timelines: family | ancestors | descendants | both | dmitry-fixes
Files: files | file ages | folders
SHA1: e1ea6c26d05317f2fbd50e873512f8574544b6b2
User & Date: dmitry 2011-09-11 12:27:38.969
References
2011-09-12
19:44 Fixed ticket [66ce1088]: It is possible for the empty string to be a user id plus 2 other changes ... (artifact: 026637e9 user: dmitry)
Context
2011-09-11
13:57
Fix three remaining instances of printing rebuild progress in CGI mode. Ticket [19be0265ff]. ... (Closed-Leaf check-in: 2cd21f8d user: dmitry tags: dmitry-fixes)
12:27
Disallow creating users with empty login. Ticket [66ce1088]. ... (check-in: e1ea6c26 user: dmitry tags: dmitry-fixes)
12:26
Fix typos in documentation. Tickets [09310d1a] and [806c4358]. ... (check-in: 9150a8a2 user: dmitry tags: dmitry-fixes)
Changes
Unified Diff Ignore Whitespace Patch
Changes to src/setup.c.
333
334
335
336
337
338
339








340
341
342
343
344
345
346
    if( aw ){ zCap[i++] = 'w'; }
    if( ax ){ zCap[i++] = 'x'; }
    if( az ){ zCap[i++] = 'z'; }

    zCap[i] = 0;
    zPw = P("pw");
    zLogin = P("login");








    if( isValidPwString(zPw) ){
      zPw = sha1_shared_secret(zPw, zLogin, 0);
    }else{
      zPw = db_text(0, "SELECT pw FROM user WHERE uid=%d", uid);
    }
    zOldLogin = db_text(0, "SELECT login FROM user WHERE uid=%d", uid);
    if( uid>0 &&







>
>
>
>
>
>
>
>







333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
    if( aw ){ zCap[i++] = 'w'; }
    if( ax ){ zCap[i++] = 'x'; }
    if( az ){ zCap[i++] = 'z'; }

    zCap[i] = 0;
    zPw = P("pw");
    zLogin = P("login");
    if( strlen(zLogin)==0 ){
      style_header("User Creation Error");
      @ <span class="loginError">Empty login not allowed.</span>
      @
      @ <p><a href="setup_uedit?id=%d(uid)">[Bummer]</a></p>
      style_footer();
      return;      
    }
    if( isValidPwString(zPw) ){
      zPw = sha1_shared_secret(zPw, zLogin, 0);
    }else{
      zPw = db_text(0, "SELECT pw FROM user WHERE uid=%d", uid);
    }
    zOldLogin = db_text(0, "SELECT login FROM user WHERE uid=%d", uid);
    if( uid>0 &&