Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | Extend the user capability system to allow the use of upper-case ASCII letters for new capabilities. |
|---|---|
| Downloads: | Tarball | ZIP archive | SQL archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA3-256: |
e45cfde7aa17ab642a962f6fcd2cda48 |
| User & Date: | drh 2018-06-25 14:26:49 |
Context
|
2018-06-25
| ||
| 14:45 | Enhancements to administrator access to the subscriber list. check-in: b7b877ef user: drh tags: trunk | |
| 14:26 | Extend the user capability system to allow the use of upper-case ASCII letters for new capabilities. check-in: e45cfde7 user: drh tags: trunk | |
| 13:47 | Add information about the server error log to the security audit page. Provide the new /errorlog page for viewing the server logfile online. check-in: a9e74eb3 user: drh tags: trunk | |
Changes
Changes to src/setup.c.
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
...
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
|
/* If we have all the necessary information, write the new or
** modified user record. After writing the user record, redirect
** to the page that displays a list of users.
*/
doWrite = cgi_all("login","info","pw") && !higherUser && cgi_csrf_safe(1);
if( doWrite ){
char c;
char zCap[60], zNm[4];
zNm[0] = 'a';
zNm[2] = 0;
for(i=0, c='a'; c<='z'; c++){
zNm[1] = c;
a[c&0x7f] = (c!='s' || g.perm.Setup) && P(zNm)!=0;
if( a[c&0x7f] ) zCap[i++] = c;
}
for(c='0'; c<='9'; c++){
zNm[1] = c;
a[c&0x7f] = (c!='s' || g.perm.Setup) && P(zNm)!=0;
if( a[c&0x7f] ) zCap[i++] = c;
}
zCap[i] = 0;
zPw = P("pw");
zLogin = P("login");
if( strlen(zLogin)==0 ){
................................................................................
*/
zLogin = "";
zInfo = "";
zCap = "";
zPw = "";
for(i='a'; i<='z'; i++) oa[i] = "";
for(i='0'; i<='9'; i++) oa[i] = "";
if( uid ){
zLogin = db_text("", "SELECT login FROM user WHERE uid=%d", uid);
zInfo = db_text("", "SELECT info FROM user WHERE uid=%d", uid);
zCap = db_text("", "SELECT cap FROM user WHERE uid=%d", uid);
zPw = db_text("", "SELECT pw FROM user WHERE uid=%d", uid);
for(i=0; zCap[i]; i++){
char c = zCap[i];
if( (c>='a' && c<='z') || (c>='0' && c<='9') ){
oa[c&0x7f] = " checked=\"checked\"";
}
}
}
/* figure out inherited permissions */
memset((char *)inherit, 0, sizeof(inherit));
|
|
|
>
>
>
>
>
>
|
|
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
...
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
|
/* If we have all the necessary information, write the new or
** modified user record. After writing the user record, redirect
** to the page that displays a list of users.
*/
doWrite = cgi_all("login","info","pw") && !higherUser && cgi_csrf_safe(1);
if( doWrite ){
char c;
char zCap[70], zNm[4];
zNm[0] = 'a';
zNm[2] = 0;
for(i=0, c='a'; c<='z'; c++){
zNm[1] = c;
a[c&0x7f] = (c!='s' || g.perm.Setup) && P(zNm)!=0;
if( a[c&0x7f] ) zCap[i++] = c;
}
for(c='0'; c<='9'; c++){
zNm[1] = c;
a[c&0x7f] = P(zNm)!=0;
if( a[c&0x7f] ) zCap[i++] = c;
}
for(c='A'; c<='Z'; c++){
zNm[1] = c;
a[c&0x7f] = P(zNm)!=0;
if( a[c&0x7f] ) zCap[i++] = c;
}
zCap[i] = 0;
zPw = P("pw");
zLogin = P("login");
if( strlen(zLogin)==0 ){
................................................................................
*/
zLogin = "";
zInfo = "";
zCap = "";
zPw = "";
for(i='a'; i<='z'; i++) oa[i] = "";
for(i='0'; i<='9'; i++) oa[i] = "";
for(i='A'; i<='Z'; i++) oa[i] = "";
if( uid ){
zLogin = db_text("", "SELECT login FROM user WHERE uid=%d", uid);
zInfo = db_text("", "SELECT info FROM user WHERE uid=%d", uid);
zCap = db_text("", "SELECT cap FROM user WHERE uid=%d", uid);
zPw = db_text("", "SELECT pw FROM user WHERE uid=%d", uid);
for(i=0; zCap[i]; i++){
char c = zCap[i];
if( (c>='a' && c<='z') || (c>='0' && c<='9') || (c>='A' && c<='Z') ){
oa[c&0x7f] = " checked=\"checked\"";
}
}
}
/* figure out inherited permissions */
memset((char *)inherit, 0, sizeof(inherit));
|