Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
Comment: | Disable all access to the /fileedit page and its associated AJAX entry points if the user lacks write privilege or if file editing is not enabled. |
---|---|
Downloads: | Tarball | ZIP archive | SQL archive |
Timelines: | family | ancestors | descendants | both | trunk |
Files: | files | file ages | folders |
SHA3-256: |
f2312397802722a2276f7944b6d6f933 |
User & Date: | drh 2020-05-28 11:49:28 |
Context
2020-05-28
| ||
12:02 | Removed fileedit-glob from the list of syncable config options. It must be explicitly set on each repo where it is desired. ... (check-in: d6341b3a user: stephan tags: trunk) | |
11:49 | Disable all access to the /fileedit page and its associated AJAX entry points if the user lacks write privilege or if file editing is not enabled. ... (check-in: f2312397 user: drh tags: trunk) | |
09:47 | Added /fileedit to changes.wiki. ... (check-in: 2c9aa1b9 user: stephan tags: trunk) | |
Changes
Changes to src/fileedit.c.
︙ | ︙ | |||
1765 1766 1767 1768 1769 1770 1771 | end. This content will be combined into a single JS function call, thus each entry must end with a semicolon. */ const char *zAjax = P("name"); | > > > > > > > > > > > > > > > > > > > > > > > > > > | < < < < < | 1765 1766 1767 1768 1769 1770 1771 1772 1773 1774 1775 1776 1777 1778 1779 1780 1781 1782 1783 1784 1785 1786 1787 1788 1789 1790 1791 1792 1793 1794 1795 1796 1797 1798 1799 1800 1801 1802 1803 1804 1805 1806 1807 1808 1809 1810 1811 1812 1813 1814 1815 1816 1817 1818 1819 1820 | end. This content will be combined into a single JS function call, thus each entry must end with a semicolon. */ const char *zAjax = P("name"); /* Allow no access to this page without check-in privilege */ login_check_credentials(); if( !g.perm.Write ){ login_needed(g.anon.Write); return; } /* No access to anything on this page if the fileedit_glob is empty */ if( fileedit_glob()==0 ){ style_header("File Editor (disabled)"); CX("<h1>Online File Editing Is Disabled</h1>\n"); if( g.perm.Admin ){ CX("<p>To enable online editing, the " "<a href='%R/setup_settings'>" "<code>fileedit-glob</code> repository setting</a>\n" "must be set to a comma- and/or newine-delimited list of glob\n" "values matching files which may be edited online." "</p>\n"); }else{ CX("<p>Online editing is disabled for this repository.</p>\n"); } style_footer(); return; } /* Dispatch AJAX methods based tail of the request URI */ if( 0!=zAjax ){ if(0==strcmp("content",zAjax)){ fileedit_ajax_content(); }else if(0==strcmp("preview",zAjax)){ fileedit_ajax_preview(); }else if(0==strcmp("filelist",zAjax)){ fileedit_ajax_filelist(); }else if(0==strcmp("diff",zAjax)){ fileedit_ajax_diff(); }else if(0==strcmp("commit",zAjax)){ fileedit_ajax_commit(); }else{ fileedit_ajax_error(500, "Unhandled ajax route name."); } return; } db_begin_transaction(); CheckinMiniInfo_init(&cimi); style_header("File Editor"); /* As of this point, don't use return or fossil_fatal(). Write any ** error in (&err) and goto end_footer instead so that we can be ** sure to do any cleanup and end the transaction cleanly. */ |
︙ | ︙ | |||
1828 1829 1830 1831 1832 1833 1834 | ** selectors, but we do have the BODY, which we can decorate with ** whatever CSS we wish... */ style_emit_script_tag(0,0); CX("document.body.classList.add('fileedit');\n"); style_emit_script_tag(1,0); } | < < < < < < < < | 1849 1850 1851 1852 1853 1854 1855 1856 1857 1858 1859 1860 1861 1862 | ** selectors, but we do have the BODY, which we can decorate with ** whatever CSS we wish... */ style_emit_script_tag(0,0); CX("document.body.classList.add('fileedit');\n"); style_emit_script_tag(1,0); } /* Status bar */ CX("<div id='fossil-status-bar' " "title='Status message area. Double-click to clear them.'>" "Status messages will go here.</div>\n" /* will be moved into the tab container via JS */); |
︙ | ︙ |