Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Changes In Branch email-alerts Excluding Merge-Ins
This is equivalent to a diff from bb9233a6 to c2566260
2018-06-23
| ||
00:53 | Merge in support for email notifications. Munch more work is needed, but it seems ready to begin functional testing. ... (check-in: b77f1aae user: drh tags: trunk) | |
00:49 | Fix some minor problems with email notification support ... (Closed-Leaf check-in: c2566260 user: drh tags: email-alerts) | |
2018-06-22
| ||
19:48 | Improvements to on-line subscription management. ... (check-in: e649820b user: drh tags: email-alerts) | |
01:37 | Add the --nocompress option to the "fossil clone" command. ... (check-in: 96d0a4be user: drh tags: trunk) | |
2018-06-21
| ||
17:07 | Merge codecheck1 enhancements from trunk. ... (check-in: 4d13d948 user: drh tags: email-alerts) | |
16:40 | Strengthen the codecheck1.c utility program to help find cases where query parameters are used in unsafe ways. No unsafe usage of query parameters was detected in the current code. ... (check-in: bb9233a6 user: drh tags: trunk) | |
15:02 | Provide an implementation for popen() and pclose() on Windows to fix the build. ... (check-in: 565b5ff0 user: drh tags: trunk) | |
Changes to src/attach.c.
︙ | ︙ | |||
375 376 377 378 379 380 381 | zTargetType = mprintf("Ticket <a href=\"%R/tktview/%s\">%S</a>", zTkt, zTkt); } if( zFrom==0 ) zFrom = mprintf("%s/home", g.zTop); if( P("cancel") ){ cgi_redirect(zFrom); } | | | 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 | zTargetType = mprintf("Ticket <a href=\"%R/tktview/%s\">%S</a>", zTkt, zTkt); } if( zFrom==0 ) zFrom = mprintf("%s/home", g.zTop); if( P("cancel") ){ cgi_redirect(zFrom); } if( P("ok") && szContent>0 && (goodCaptcha = captcha_is_correct(0)) ){ int needModerator = (zTkt!=0 && ticket_need_moderation(0)) || (zPage!=0 && wiki_need_moderation(0)); const char *zComment = PD("comment", ""); attach_commit(zName, zTarget, aContent, szContent, needModerator, zComment); cgi_redirect(zFrom); } style_header("Add Attachment"); |
︙ | ︙ |
Changes to src/blob.c.
︙ | ︙ | |||
478 479 480 481 482 483 484 485 486 487 488 489 490 491 | /* ** Rewind the cursor on a blob back to the beginning. */ void blob_rewind(Blob *p){ p->iCursor = 0; } /* ** Seek the cursor in a blob to the indicated offset. */ int blob_seek(Blob *p, int offset, int whence){ if( whence==BLOB_SEEK_SET ){ p->iCursor = offset; | > > > > > > > | 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 | /* ** Rewind the cursor on a blob back to the beginning. */ void blob_rewind(Blob *p){ p->iCursor = 0; } /* ** Truncate a blob back to zero length */ void blob_truncate(Blob *p){ p->nUsed = 0; } /* ** Seek the cursor in a blob to the indicated offset. */ int blob_seek(Blob *p, int offset, int whence){ if( whence==BLOB_SEEK_SET ){ p->iCursor = offset; |
︙ | ︙ | |||
651 652 653 654 655 656 657 658 659 660 661 662 663 664 | i++; } if( pTo ){ blob_append(pTo, &pFrom->aData[pFrom->iCursor], i - pFrom->iCursor); } pFrom->iCursor = i; } /* ** Return true if the blob contains a valid base16 identifier artifact hash. ** ** The value returned is actually one of HNAME_SHA1 OR HNAME_K256 if the ** hash is valid. Both of these are non-zero and therefore "true". ** If the hash is not valid, then HNAME_ERROR is returned, which is zero or | > > > > > > > > > > | 658 659 660 661 662 663 664 665 666 667 668 669 670 671 672 673 674 675 676 677 678 679 680 681 | i++; } if( pTo ){ blob_append(pTo, &pFrom->aData[pFrom->iCursor], i - pFrom->iCursor); } pFrom->iCursor = i; } /* ** Ensure that the text in pBlob ends with '\n' */ void blob_add_final_newline(Blob *pBlob){ if( pBlob->nUsed<=0 ) return; if( pBlob->aData[pBlob->nUsed-1]!='\n' ){ blob_append(pBlob, "\n", 1); } } /* ** Return true if the blob contains a valid base16 identifier artifact hash. ** ** The value returned is actually one of HNAME_SHA1 OR HNAME_K256 if the ** hash is valid. Both of these are non-zero and therefore "true". ** If the hash is not valid, then HNAME_ERROR is returned, which is zero or |
︙ | ︙ |
Changes to src/captcha.c.
︙ | ︙ | |||
495 496 497 498 499 500 501 | ** ** If no captcha is required or if the correct captcha is supplied, return ** true (non-zero). ** ** The query parameters examined are "captchaseed" for the seed value and ** "captcha" for text that the user types in response to the captcha prompt. */ | | | | 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 | ** ** If no captcha is required or if the correct captcha is supplied, return ** true (non-zero). ** ** The query parameters examined are "captchaseed" for the seed value and ** "captcha" for text that the user types in response to the captcha prompt. */ int captcha_is_correct(int bAlwaysNeeded){ const char *zSeed; const char *zEntered; const char *zDecode; char z[30]; int i; if( !bAlwaysNeeded && !captcha_needed() ){ return 1; /* No captcha needed */ } zSeed = P("captchaseed"); if( zSeed==0 ) return 0; zEntered = P("captcha"); if( zEntered==0 || strlen(zEntered)!=8 ) return 0; zDecode = captcha_decode((unsigned int)atoi(zSeed)); |
︙ | ︙ | |||
591 592 593 594 595 596 597 | return 0; } } #endif zCookieName = mprintf("fossil-cc-%.10s", db_get("project-code","x")); zCookieValue = P(zCookieName); if( zCookieValue && atoi(zCookieValue)==1 ) return 0; | | | 591 592 593 594 595 596 597 598 599 600 601 602 603 604 605 | return 0; } } #endif zCookieName = mprintf("fossil-cc-%.10s", db_get("project-code","x")); zCookieValue = P(zCookieName); if( zCookieValue && atoi(zCookieValue)==1 ) return 0; if( captcha_is_correct(0) ){ cgi_set_cookie(zCookieName, "1", login_cookie_path(), 8*3600); return 0; } /* This appears to be a spider. Offer the captcha */ style_header("Verification"); @ <form method='POST' action='%s(g.zPath)'> |
︙ | ︙ |
Changes to src/cgi.c.
︙ | ︙ | |||
54 55 56 57 58 59 60 61 62 63 64 65 66 67 | ** does the same except "y" is returned in place of NULL if there is not match. */ #define P(x) cgi_parameter((x),0) #define PD(x,y) cgi_parameter((x),(y)) #define PT(x) cgi_parameter_trimmed((x),0) #define PDT(x,y) cgi_parameter_trimmed((x),(y)) #define PB(x) cgi_parameter_boolean(x) /* ** Destinations for output text. */ #define CGI_HEADER 0 #define CGI_BODY 1 | > > | 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 | ** does the same except "y" is returned in place of NULL if there is not match. */ #define P(x) cgi_parameter((x),0) #define PD(x,y) cgi_parameter((x),(y)) #define PT(x) cgi_parameter_trimmed((x),0) #define PDT(x,y) cgi_parameter_trimmed((x),(y)) #define PB(x) cgi_parameter_boolean(x) #define PCK(x) cgi_parameter_checked(x,1) #define PIF(x,y) cgi_parameter_checked(x,y) /* ** Destinations for output text. */ #define CGI_HEADER 0 #define CGI_BODY 1 |
︙ | ︙ | |||
1116 1117 1118 1119 1120 1121 1122 1123 1124 1125 1126 1127 1128 1129 | ** or "no" or "off". */ int cgi_parameter_boolean(const char *zName){ const char *zIn = cgi_parameter(zName, 0); if( zIn==0 ) return 0; return zIn[0]==0 || is_truth(zIn); } /* ** Return the name of the i-th CGI parameter. Return NULL if there ** are fewer than i registered CGI parameters. */ const char *cgi_parameter_name(int i){ if( i>=0 && i<nUsedQP ){ | > > > > > > > > > > > > > > > > > > > > > > > | 1118 1119 1120 1121 1122 1123 1124 1125 1126 1127 1128 1129 1130 1131 1132 1133 1134 1135 1136 1137 1138 1139 1140 1141 1142 1143 1144 1145 1146 1147 1148 1149 1150 1151 1152 1153 1154 | ** or "no" or "off". */ int cgi_parameter_boolean(const char *zName){ const char *zIn = cgi_parameter(zName, 0); if( zIn==0 ) return 0; return zIn[0]==0 || is_truth(zIn); } /* ** Return either an empty string "" or the string "checked" depending ** on whether or not parameter zName has value iValue. If parameter ** zName does not exist, that is assumed to be the same as value 0. ** ** This routine implements the PCK(x) and PIF(x,y) macros. The PIF(x,y) ** macro generateds " checked" if the value of parameter x equals integer y. ** PCK(x) is the same as PIF(x,1). These macros are used to generate ** the "checked" attribute on checkbox and radio controls of forms. */ const char *cgi_parameter_checked(const char *zName, int iValue){ const char *zIn = cgi_parameter(zName,0); int x; if( zIn==0 ){ x = 0; }else if( !fossil_isdigit(zIn[0]) ){ x = is_truth(zIn); }else{ x = atoi(zIn); } return x==iValue ? "checked" : ""; } /* ** Return the name of the i-th CGI parameter. Return NULL if there ** are fewer than i registered CGI parameters. */ const char *cgi_parameter_name(int i){ if( i>=0 && i<nUsedQP ){ |
︙ | ︙ |
Changes to src/codecheck1.c.
︙ | ︙ | |||
329 330 331 332 333 334 335 | /* ** Return true if the input is an argument that is never safe for use ** with %s. */ static int never_safe(const char *z){ if( strstr(z,"/*safe-for-%s*/")!=0 ) return 0; | | > > > > | 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 | /* ** Return true if the input is an argument that is never safe for use ** with %s. */ static int never_safe(const char *z){ if( strstr(z,"/*safe-for-%s*/")!=0 ) return 0; if( z[0]=='P' ){ if( strncmp(z,"PIF(",4)==0 ) return 0; if( strncmp(z,"PCK(",4)==0 ) return 0; return 1; } if( strncmp(z,"cgi_param",9)==0 ) return 1; return 0; } /* ** Processing flags */ |
︙ | ︙ |
Changes to src/db.c.
︙ | ︙ | |||
308 309 310 311 312 313 314 315 316 317 318 319 320 321 | pStmt->pPrev = 0; if( db.pAllStmt ) db.pAllStmt->pPrev = pStmt; db.pAllStmt = pStmt; va_end(ap); } return rc; } /* ** Return the index of a bind parameter */ static int paramIdx(Stmt *pStmt, const char *zParamName){ int i = sqlite3_bind_parameter_index(pStmt->pStmt, zParamName); if( i==0 ){ | > > > > > > > > > > > > > > > > > > > > > | 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 | pStmt->pPrev = 0; if( db.pAllStmt ) db.pAllStmt->pPrev = pStmt; db.pAllStmt = pStmt; va_end(ap); } return rc; } /* Prepare a statement using text placed inside a Blob ** using blob_append_sql(). */ int db_prepare_blob(Stmt *pStmt, Blob *pSql){ int rc; char *zSql; pStmt->sql = *pSql; blob_init(pSql, 0, 0); zSql = blob_sql_text(&pStmt->sql); db.nPrepare++; rc = sqlite3_prepare_v3(g.db, zSql, -1, 0, &pStmt->pStmt, 0); if( rc!=0 ){ db_err("%s\n%s", sqlite3_errmsg(g.db), zSql); } pStmt->pNext = pStmt->pPrev = 0; pStmt->nStep = 0; pStmt->rc = rc; return rc; } /* ** Return the index of a bind parameter */ static int paramIdx(Stmt *pStmt, const char *zParamName){ int i = sqlite3_bind_parameter_index(pStmt->pStmt, zParamName); if( i==0 ){ |
︙ | ︙ | |||
873 874 875 876 877 878 879 880 881 882 883 884 885 886 887 888 889 890 891 892 893 894 895 896 897 898 899 900 901 902 903 904 | if( g.fTimeFormat==1 ){ sqlite3_result_text(context, "0 seconds", -1, SQLITE_STATIC); }else{ sqlite3_result_text(context, "utc", -1, SQLITE_STATIC); } } /* ** Register the SQL functions that are useful both to the internal ** representation and to the "fossil sql" command. */ void db_add_aux_functions(sqlite3 *db){ sqlite3_create_function(db, "checkin_mtime", 2, SQLITE_UTF8, 0, db_checkin_mtime_function, 0, 0); sqlite3_create_function(db, "symbolic_name_to_rid", 1, SQLITE_UTF8, 0, db_sym2rid_function, 0, 0); sqlite3_create_function(db, "symbolic_name_to_rid", 2, SQLITE_UTF8, 0, db_sym2rid_function, 0, 0); sqlite3_create_function(db, "now", 0, SQLITE_UTF8, 0, db_now_function, 0, 0); sqlite3_create_function(db, "toLocal", 0, SQLITE_UTF8, 0, db_tolocal_function, 0, 0); sqlite3_create_function(db, "fromLocal", 0, SQLITE_UTF8, 0, db_fromlocal_function, 0, 0); } #if USE_SEE /* ** This is a pointer to the saved database encryption key string. */ static char *zSavedKey = 0; | > > > > > > > > > > > > > > > > > > > > > > > > > | 894 895 896 897 898 899 900 901 902 903 904 905 906 907 908 909 910 911 912 913 914 915 916 917 918 919 920 921 922 923 924 925 926 927 928 929 930 931 932 933 934 935 936 937 938 939 940 941 942 943 944 945 946 947 948 949 950 | if( g.fTimeFormat==1 ){ sqlite3_result_text(context, "0 seconds", -1, SQLITE_STATIC); }else{ sqlite3_result_text(context, "utc", -1, SQLITE_STATIC); } } /* ** If the input is a hexadecimal string, convert that string into a BLOB. ** If the input is not a hexadecimal string, return NULL. */ void db_hextoblob( sqlite3_context *context, int argc, sqlite3_value **argv ){ const unsigned char *zIn = sqlite3_value_text(argv[0]); int nIn = sqlite3_value_bytes(argv[0]); unsigned char *zOut; if( zIn==0 ) return; if( nIn&1 ) return; if( !validate16((const char*)zIn, nIn) ) return; zOut = sqlite3_malloc64( nIn/2 ); if( zOut==0 ){ sqlite3_result_error_nomem(context); return; } decode16(zIn, zOut, nIn); sqlite3_result_blob(context, zOut, nIn/2, sqlite3_free); } /* ** Register the SQL functions that are useful both to the internal ** representation and to the "fossil sql" command. */ void db_add_aux_functions(sqlite3 *db){ sqlite3_create_function(db, "checkin_mtime", 2, SQLITE_UTF8, 0, db_checkin_mtime_function, 0, 0); sqlite3_create_function(db, "symbolic_name_to_rid", 1, SQLITE_UTF8, 0, db_sym2rid_function, 0, 0); sqlite3_create_function(db, "symbolic_name_to_rid", 2, SQLITE_UTF8, 0, db_sym2rid_function, 0, 0); sqlite3_create_function(db, "now", 0, SQLITE_UTF8, 0, db_now_function, 0, 0); sqlite3_create_function(db, "toLocal", 0, SQLITE_UTF8, 0, db_tolocal_function, 0, 0); sqlite3_create_function(db, "fromLocal", 0, SQLITE_UTF8, 0, db_fromlocal_function, 0, 0); sqlite3_create_function(db, "hextoblob", 1, SQLITE_UTF8, 0, db_hextoblob, 0, 0); } #if USE_SEE /* ** This is a pointer to the saved database encryption key string. */ static char *zSavedKey = 0; |
︙ | ︙ |
Changes to src/email.c.
︙ | ︙ | |||
17 18 19 20 21 22 23 24 25 26 27 28 29 30 | ** ** Email notification features */ #include "config.h" #include "email.h" #include <assert.h> /* ** SQL code to implement the tables needed by the email notification ** system. */ static const char zEmailInit[] = @ -- Subscribers are distinct from users. A person can have a log-in in @ -- the USER table without being a subscriber. Or a person can be a | > > > > > | 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 | ** ** Email notification features */ #include "config.h" #include "email.h" #include <assert.h> /* ** Maximum size of the subscriberCode blob, in bytes */ #define SUBSCRIBER_CODE_SZ 32 /* ** SQL code to implement the tables needed by the email notification ** system. */ static const char zEmailInit[] = @ -- Subscribers are distinct from users. A person can have a log-in in @ -- the USER table without being a subscriber. Or a person can be a |
︙ | ︙ | |||
40 41 42 43 44 45 46 | @ -- w - Wiki changes @ -- Probably different codes will be added in the future. In the future @ -- we might also add a separate table that allows subscribing to email @ -- notifications for specific branches or tags or tickets. @ -- @ CREATE TABLE repository.subscriber( @ subscriberId INTEGER PRIMARY KEY, -- numeric subscriber ID. Internal use | | | | < | < | > > | | | | | | > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > | > > > > > > > > > > > > > > > > > > > > > > > > > > > > > | | > > | | | | | | < < < < < < < < | | > > > > > > > > > > > > > > > > > > > > > > | 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 | @ -- w - Wiki changes @ -- Probably different codes will be added in the future. In the future @ -- we might also add a separate table that allows subscribing to email @ -- notifications for specific branches or tags or tickets. @ -- @ CREATE TABLE repository.subscriber( @ subscriberId INTEGER PRIMARY KEY, -- numeric subscriber ID. Internal use @ subscriberCode BLOB UNIQUE, -- UUID for subscriber. External use @ semail TEXT UNIQUE COLLATE nocase,-- email address @ suname TEXT, -- corresponding USER entry @ sverified BOOLEAN, -- email address verified @ sdonotcall BOOLEAN, -- true for Do Not Call @ sdigest BOOLEAN, -- true for daily digests only @ ssub TEXT, -- baseline subscriptions @ sctime DATE, -- When this entry was created. JulianDay @ smtime DATE, -- Last change. JulianDay @ smip TEXT -- IP address of last change @ ); @ CREATE INDEX repository.subscriberUname @ ON subscriber(suname) WHERE suname IS NOT NULL; @ @ -- Email notifications that need to be sent. @ -- @ -- The first character of the eventid determines the event type. @ -- Remaining characters determine the specific event. For example, @ -- 'c4413' means check-in with rid=4413. @ -- @ CREATE TABLE repository.pending_alert( @ eventid TEXT PRIMARY KEY, -- Object that changed @ sentSep BOOLEAN DEFAULT false, -- individual emails sent @ sendDigest BOOLEAN DEFAULT false -- digest emails sent @ ) WITHOUT ROWID; @ @ -- Record bounced emails. If too many bounces are received within @ -- some defined time range, then cancel the subscription. Older @ -- entries are periodically purged. @ -- @ CREATE TABLE repository.email_bounce( @ subscriberId INTEGER, -- to whom the email was sent. @ sendTime INTEGER, -- seconds since 1970 when email was sent @ rcvdTime INTEGER -- seconds since 1970 when bounce was received @ ); ; /* ** Make sure the unversioned table exists in the repository. */ void email_schema(void){ if( !db_table_exists("repository", "subscriber") ){ db_multi_exec(zEmailInit/*works-like:""*/); email_triggers_enable(); } } /* ** Enable triggers that automatically populate the event_pending ** table. */ void email_triggers_enable(void){ if( !db_table_exists("repository","pending_alert") ) return; db_multi_exec( "CREATE TRIGGER IF NOT EXISTS repository.email_trigger1\n" "AFTER INSERT ON event BEGIN\n" " INSERT INTO pending_alert(eventid,mtime)\n" " SELECT printf('%%.1c%%d',new.type,new.objid)," " julianday('now') WHERE true\n" " ON CONFLICT(eventId) DO NOTHING;\n" "END;" ); } /* ** Disable triggers the event_pending triggers. ** ** This must be called before rebuilding the EVENT table, for example ** via the "fossil rebuild" command. */ void email_triggers_disable(void){ db_multi_exec( "DROP TRIGGER IF EXISTS repository.email_trigger1;\n" ); } /* ** Return true if email alerts are active. */ int email_enabled(void){ if( !db_table_exists("repository", "subscriber") ) return 0; if( fossil_strcmp(db_get("email-send-method","off"),"off")==0 ) return 0; return 1; } /* ** Insert a "Subscriber List" submenu link if the current user ** is an administrator. */ void email_submenu_common(void){ if( g.perm.Admin ){ if( fossil_strcmp(g.zPath,"subscribers") ){ style_submenu_element("List Subscribers","%R/subscribers"); } if( fossil_strcmp(g.zPath,"subscribe") ){ style_submenu_element("Add New Subscriber","%R/subscribe"); } } } /* ** WEBPAGE: setup_email ** ** Administrative page for configuring and controlling email notification */ void setup_email(void){ static const char *const azSendMethods[] = { "off", "Disabled", "pipe", "Pipe to a command", "db", "Store in a database", "dir", "Store in a directory" }; login_check_credentials(); if( !g.perm.Setup ){ login_needed(0); return; } db_begin_transaction(); email_submenu_common(); style_header("Email Notification Setup"); @ <form action="%R/setup_email" method="post"><div> @ <input type="submit" name="submit" value="Apply Changes" /><hr> login_insert_csrf_secret(); entry_attribute("Canonical Server URL", 40, "email-url", "eurl", "", 0); @ <p><b>Required.</b> @ This is URL used as the basename for hyperlinks included in @ email alert text. Omit the trailing "/". @ Suggested value: "%h(g.zBaseURL)" @ (Property: "email-url")</p> @ <hr> entry_attribute("\"From\" email address", 20, "email-self", "eself", "", 0); @ <p><b>Required.</b> @ This is the email from which email notifications are sent. The @ system administrator should arrange for emails sent to this address @ to be handed off to the "fossil email incoming" command so that Fossil @ can handle bounces. (Property: "email-self")</p> @ <hr> entry_attribute("Repository Nickname", 16, "email-subname", "enn", "", 0); @ <p><b>Required.</b> @ This is short name used to identifies the repository in the @ Subject: line of email alerts. Traditionally this name is @ included in square brackets. Examples: "[fossil-src]", "[sqlite-src]". @ (Property: "email-subname")</p> @ <hr> multiple_choice_attribute("Email Send Method", "email-send-method", "esm", "off", count(azSendMethods)/2, azSendMethods); @ <p>How to send email. The "Pipe to a command" @ method is the usual choice in production. @ (Property: "email-send-method")</p> @ <hr> entry_attribute("Command To Pipe Email To", 80, "email-send-command", "ecmd", "sendmail -t", 0); @ <p>When the send method is "pipe to a command", this is the command @ that is run. Email messages are piped into the standard input of this @ command. The command is expected to extract the sender address, @ recepient addresses, and subject from the header of the piped email @ text. (Property: "email-send-command")</p> entry_attribute("Database In Which To Store Email", 60, "email-send-db", "esdb", "", 0); @ <p>When the send method is "store in a databaes", each email message is @ stored in an SQLite database file with the name given here. @ (Property: "email-send-db")</p> entry_attribute("Directory In Which To Store Email", 60, "email-send-dir", "esdir", "", 0); @ <p>When the send method is "store in a directory", each email message is @ stored as a separate file in the directory shown here. @ (Property: "email-send-dir")</p> @ <hr> entry_attribute("Administrator email address", 40, "email-admin", "eadmin", "", 0); @ <p>This is the email for the human administrator for the system. @ Abuse and trouble reports are send here. @ (Property: "email-admin")</p> @ <hr> entry_attribute("Inbound email directory", 40, "email-receive-dir", "erdir", "", 0); @ <p>Inbound emails can be stored in a directory for analysis as @ a debugging aid. Put the name of that directory in this entry box. @ Disable saving of inbound email by making this an empty string. @ Abuse and trouble reports are send here. @ (Property: "email-receive-dir")</p> @ <hr> @ <p><input type="submit" name="submit" value="Apply Changes" /></p> @ </div></form> db_end_transaction(0); style_footer(); } /* ** Encode pMsg as MIME base64 and append it to pOut */ static void append_base64(Blob *pOut, Blob *pMsg){ int n, i, k; char zBuf[100]; n = blob_size(pMsg); for(i=0; i<n; i+=54){ k = translateBase64(blob_buffer(pMsg)+i, i+54<n ? 54 : n-i, zBuf); blob_append(pOut, zBuf, k); blob_append(pOut, "\r\n", 2); } } /* ** Come up with a unique filename in the zDir directory. ** ** Space to hold the filename is obtained from mprintf() and must ** be freed using fossil_free() by the caller. */ static char *emailTempFilename(const char *zDir){ char *zFile = db_text(0, "SELECT %Q||strftime('/%%Y%%m%%d%%H%%M%%S-','now')||hex(randomblob(8))", zDir); return zFile; } #if defined(_WIN32) || defined(WIN32) # undef popen # define popen _popen # undef pclose # define pclose _pclose #endif |
︙ | ︙ | |||
229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 | if( pPlain && pHtml ){ blob_appendf(&all, "MIME-Version: 1.0\r\n"); zBoundary = db_text(0, "SELECT hex(randomblob(20))"); blob_appendf(&all, "Content-Type: multipart/alternative;" " boundary=\"%s\"\r\n", zBoundary); } if( pPlain ){ if( zBoundary ){ blob_appendf(&all, "\r\n--%s\r\n", zBoundary); } blob_appendf(&all,"Content-Type: text/plain\r\n"); blob_appendf(&all, "Content-Transfer-Encoding: base64\r\n\r\n"); append_base64(&all, pPlain); } if( pHtml ){ if( zBoundary ){ blob_appendf(&all, "--%s\r\n", zBoundary); } blob_appendf(&all,"Content-Type: text/html\r\n"); blob_appendf(&all, "Content-Transfer-Encoding: base64\r\n\r\n"); append_base64(&all, pHtml); } | > > | 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 | if( pPlain && pHtml ){ blob_appendf(&all, "MIME-Version: 1.0\r\n"); zBoundary = db_text(0, "SELECT hex(randomblob(20))"); blob_appendf(&all, "Content-Type: multipart/alternative;" " boundary=\"%s\"\r\n", zBoundary); } if( pPlain ){ blob_add_final_newline(pPlain); if( zBoundary ){ blob_appendf(&all, "\r\n--%s\r\n", zBoundary); } blob_appendf(&all,"Content-Type: text/plain\r\n"); blob_appendf(&all, "Content-Transfer-Encoding: base64\r\n\r\n"); append_base64(&all, pPlain); } if( pHtml ){ blob_add_final_newline(pHtml); if( zBoundary ){ blob_appendf(&all, "--%s\r\n", zBoundary); } blob_appendf(&all,"Content-Type: text/html\r\n"); blob_appendf(&all, "Content-Transfer-Encoding: base64\r\n\r\n"); append_base64(&all, pHtml); } |
︙ | ︙ | |||
279 280 281 282 283 284 285 | if( out ){ fwrite(blob_buffer(&all), 1, blob_size(&all), out); fclose(out); } } }else if( strcmp(zDest, "dir")==0 ){ const char *zDir = db_get("email-send-dir","./"); | | < < > > > > > > > > > > > > > > | 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 | if( out ){ fwrite(blob_buffer(&all), 1, blob_size(&all), out); fclose(out); } } }else if( strcmp(zDest, "dir")==0 ){ const char *zDir = db_get("email-send-dir","./"); char *zFile = emailTempFilename(zDir); blob_write_to_file(&all, zFile); fossil_free(zFile); }else if( strcmp(zDest, "stdout")==0 ){ fossil_print("%s\n", blob_str(&all)); } blob_zero(&all); } /* ** Analyze and act on a received email. ** ** This routine takes ownership of the Blob parameter and is responsible ** for freeing that blob when it is done with it. ** ** This routine acts on all email messages received from the ** "fossil email inbound" command. */ void email_receive(Blob *pMsg){ /* To Do: Look for bounce messages and possibly disable subscriptions */ blob_zero(pMsg); } /* ** SETTING: email-send-method width=5 default=off ** Determine the method used to send email. Allowed values are ** "off", "pipe", "dir", "db", and "stdout". The "off" value means ** no email is ever sent. The "pipe" value means email messages are ** piped into a command determined by the email-send-command setting. |
︙ | ︙ | |||
324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 | ** if the email-send-method is set to "db". */ /* ** SETTING: email-self width=40 ** This is the email address for the repository. Outbound emails add ** this email address as the "From:" field. */ /* ** COMMAND: email ** ** Usage: %fossil email SUBCOMMAND ARGS... ** ** Subcommands: ** ** reset Hard reset of all email notification tables ** in the repository. This erases all subscription ** information. Use with extreme care. ** ** send TO [OPTIONS] Send a single email message using whatever ** email sending mechanism is currently configured. ** Use this for testing the email configuration. ** Options: ** ** --body FILENAME ** --html ** --stdout ** --subject|-S SUBJECT ** ** settings [NAME VALUE] With no arguments, list all email settings. ** Or change the value of a single email setting. */ void email_cmd(void){ const char *zCmd; int nCmd; db_find_and_open_repository(0, 0); email_schema(); zCmd = g.argc>=3 ? g.argv[2] : "x"; nCmd = (int)strlen(zCmd); | > > > > > > > > > > > > > > > > > > > > > > | > > > > > > | > > > > > > > > > > > > > > > > > > > > | | | | | | > > > | > > | < | 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 | ** if the email-send-method is set to "db". */ /* ** SETTING: email-self width=40 ** This is the email address for the repository. Outbound emails add ** this email address as the "From:" field. */ /* ** SETTING: email-receive-dir width=40 ** Inbound email messages are saved as separate files in this directory, ** for debugging analysis. Disable saving of inbound emails omitting ** this setting, or making it an empty string. */ /* ** COMMAND: email ** ** Usage: %fossil email SUBCOMMAND ARGS... ** ** Subcommands: ** ** exec Compose and send pending email alerts. ** Some installations may want to do this via ** a cron-job to make sure alerts are sent ** in a timely manner. ** Options: ** ** --digest Send digests ** ** inbound [FILE] Receive an inbound email message. This message ** is analyzed to see if it is a bounce, and if ** necessary, subscribers may be disabled. ** ** reset Hard reset of all email notification tables ** in the repository. This erases all subscription ** information. Use with extreme care. ** ** send TO [OPTIONS] Send a single email message using whatever ** email sending mechanism is currently configured. ** Use this for testing the email configuration. ** Options: ** ** --body FILENAME ** --html ** --stdout ** --subject|-S SUBJECT ** ** settings [NAME VALUE] With no arguments, list all email settings. ** Or change the value of a single email setting. ** ** subscribers [PATTERN] List all subscribers matching PATTERN. ** ** unsubscribe EMAIL Remove a single subscriber with the given EMAIL. */ void email_cmd(void){ const char *zCmd; int nCmd; db_find_and_open_repository(0, 0); email_schema(); zCmd = g.argc>=3 ? g.argv[2] : "x"; nCmd = (int)strlen(zCmd); if( strncmp(zCmd, "exec", nCmd)==0 ){ u32 eFlags = 0; if( find_option("digest",0,0)!=0 ) eFlags |= SENDALERT_DIGEST; verify_all_options(); email_send_alerts(eFlags); }else if( strncmp(zCmd, "inbound", nCmd)==0 ){ Blob email; const char *zInboundDir = db_get("email-receive-dir",""); verify_all_options(); if( g.argc!=3 && g.argc!=4 ){ usage("inbound [FILE]"); } blob_read_from_file(&email, g.argc==3 ? "-" : g.argv[3], ExtFILE); if( zInboundDir[0] ){ char *zFN = emailTempFilename(zInboundDir); blob_write_to_file(&email, zFN); fossil_free(zFN); } email_receive(&email); }else if( strncmp(zCmd, "reset", nCmd)==0 ){ int c; int bForce = find_option("force","f",0)!=0; verify_all_options(); if( bForce ){ c = 'y'; }else{ Blob yn; fossil_print( "This will erase all content in the repository tables, thus\n" "deleting all subscriber information. The information will be\n" "unrecoverable.\n"); prompt_user("Continue? (y/N) ", &yn); c = blob_str(&yn)[0]; blob_zero(&yn); } if( c=='y' ){ email_triggers_disable(); db_multi_exec( "DROP TABLE IF EXISTS subscriber;\n" "DROP TABLE IF EXISTS pending_alert;\n" "DROP TABLE IF EXISTS email_bounce;\n" /* Legacy */ "DROP TABLE IF EXISTS email_pending;\n" "DROP TABLE IF EXISTS subscription;\n" ); email_schema(); } }else if( strncmp(zCmd, "send", nCmd)==0 ){ Blob prompt, body, hdr; int sendAsBoth = find_option("both",0,0)!=0; int sendAsHtml = find_option("html",0,0)!=0; const char *zDest = find_option("stdout",0,0)!=0 ? "stdout" : 0; int i; |
︙ | ︙ | |||
400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 | blob_appendf(&hdr, "Subject: %s\n", zSubject); } if( zSource ){ blob_read_from_file(&body, zSource, ExtFILE); }else{ prompt_for_user_comment(&body, &prompt); } if( sendAsHtml ){ email_send(&hdr, 0, &body, zDest); }else if( sendAsBoth ){ Blob html; blob_init(&html, 0, 0); blob_appendf(&html, "<pre>\n%h</pre>\n", blob_str(&body)); email_send(&hdr, &body, &html, zDest); blob_zero(&html); }else{ email_send(&hdr, &body, 0, zDest); } blob_zero(&hdr); blob_zero(&body); blob_zero(&prompt); | > | | < > > > > > > > > > > > > > > > > > | > > > > | > > > > > > > | > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > | > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > | < < > > > > > > > > > > | > | > < > | > > | | | < < < < | > | > | > | | | | | | > > > > > > > > > > > | > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > | 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598 599 600 601 602 603 604 605 606 607 608 609 610 611 612 613 614 615 616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631 632 633 634 635 636 637 638 639 640 641 642 643 644 645 646 647 648 649 650 651 652 653 654 655 656 657 658 659 660 661 662 663 664 665 666 667 668 669 670 671 672 673 674 675 676 677 678 679 680 681 682 683 684 685 686 687 688 689 690 691 692 693 694 695 696 697 698 699 700 701 702 703 704 705 706 707 708 709 710 711 712 713 714 715 716 717 718 719 720 721 722 723 724 725 726 727 728 729 730 731 732 733 734 735 736 737 738 739 740 741 742 743 744 745 746 747 748 749 750 751 752 753 754 755 756 757 758 759 760 761 762 763 764 765 766 767 768 769 770 771 772 773 774 775 776 777 778 779 780 781 782 783 784 785 786 787 788 789 790 791 792 793 794 795 796 797 798 799 800 801 802 803 804 805 806 807 808 809 810 811 812 813 814 815 816 817 818 819 820 821 822 823 824 825 826 827 828 829 830 831 832 833 834 835 836 837 838 839 840 841 842 843 844 845 846 847 848 849 850 851 852 853 854 855 856 857 858 859 860 861 862 863 864 865 866 867 868 869 870 871 872 873 874 875 876 877 878 879 880 881 882 883 884 885 886 887 888 889 890 891 892 893 894 895 896 897 898 899 900 901 902 903 904 905 906 907 908 909 910 911 912 913 914 915 916 917 918 919 920 921 922 923 924 925 926 927 928 929 930 931 932 933 934 935 936 937 938 939 940 941 942 943 944 945 946 947 948 949 950 951 952 953 954 955 956 957 958 959 960 961 962 963 964 965 966 967 968 969 970 971 972 973 974 975 976 977 978 979 980 981 982 983 984 985 986 987 988 989 990 991 992 993 994 995 996 997 998 999 1000 1001 1002 1003 1004 1005 1006 1007 1008 1009 1010 1011 1012 1013 1014 1015 1016 1017 1018 1019 1020 1021 1022 1023 1024 1025 1026 1027 1028 1029 1030 1031 1032 1033 1034 1035 1036 1037 1038 1039 1040 1041 1042 1043 1044 1045 1046 1047 1048 1049 1050 1051 1052 1053 1054 1055 1056 1057 1058 1059 1060 1061 1062 1063 1064 1065 1066 1067 1068 1069 1070 1071 1072 1073 1074 1075 1076 1077 1078 1079 1080 1081 1082 1083 1084 1085 1086 1087 1088 1089 1090 1091 1092 1093 1094 1095 1096 1097 1098 1099 1100 1101 1102 1103 1104 1105 1106 1107 1108 1109 1110 1111 1112 1113 1114 1115 1116 1117 1118 1119 1120 1121 1122 1123 1124 1125 1126 1127 1128 1129 1130 1131 1132 1133 1134 1135 1136 1137 1138 1139 1140 1141 1142 1143 1144 1145 1146 1147 1148 1149 1150 1151 1152 1153 1154 1155 1156 1157 1158 1159 1160 1161 1162 1163 1164 1165 1166 1167 1168 1169 1170 1171 1172 1173 1174 1175 1176 1177 1178 1179 1180 1181 1182 1183 1184 1185 1186 1187 1188 1189 1190 1191 1192 1193 1194 1195 1196 1197 1198 1199 1200 1201 1202 1203 1204 1205 1206 1207 1208 1209 1210 1211 1212 1213 1214 1215 1216 1217 1218 1219 1220 1221 1222 1223 1224 1225 1226 1227 1228 1229 1230 1231 1232 1233 1234 1235 1236 1237 1238 1239 1240 1241 1242 1243 1244 1245 1246 1247 1248 1249 1250 1251 1252 1253 1254 1255 1256 1257 1258 1259 1260 1261 1262 1263 1264 1265 1266 1267 1268 1269 1270 1271 1272 1273 1274 1275 1276 1277 1278 1279 1280 1281 1282 1283 1284 1285 1286 1287 1288 1289 1290 1291 1292 1293 1294 1295 1296 1297 1298 1299 1300 1301 1302 1303 1304 1305 1306 1307 1308 1309 1310 1311 1312 1313 1314 1315 1316 1317 1318 1319 1320 1321 1322 1323 1324 1325 1326 1327 1328 1329 1330 1331 1332 1333 1334 1335 1336 1337 1338 1339 1340 1341 1342 1343 1344 1345 1346 1347 1348 1349 1350 1351 1352 1353 1354 1355 1356 1357 1358 1359 1360 1361 1362 1363 1364 1365 1366 1367 1368 1369 1370 1371 1372 1373 1374 1375 1376 1377 1378 1379 1380 1381 1382 1383 1384 1385 1386 1387 1388 1389 1390 1391 1392 1393 1394 1395 1396 1397 1398 1399 1400 1401 1402 1403 1404 1405 1406 1407 1408 1409 1410 1411 1412 1413 1414 1415 1416 1417 1418 1419 1420 1421 1422 1423 1424 1425 1426 1427 1428 1429 1430 1431 1432 1433 1434 1435 1436 1437 1438 1439 1440 1441 1442 1443 1444 1445 1446 1447 1448 1449 1450 1451 1452 1453 1454 1455 1456 1457 1458 1459 1460 1461 1462 1463 1464 1465 1466 1467 1468 1469 1470 1471 1472 1473 1474 1475 1476 1477 1478 1479 1480 1481 1482 1483 1484 1485 1486 1487 1488 1489 1490 1491 1492 1493 1494 1495 1496 1497 1498 1499 1500 1501 1502 1503 1504 1505 1506 1507 1508 1509 1510 1511 1512 1513 1514 1515 1516 1517 1518 1519 1520 1521 1522 1523 1524 1525 1526 1527 1528 1529 1530 1531 1532 1533 1534 1535 1536 1537 1538 1539 1540 1541 1542 1543 1544 1545 1546 1547 1548 1549 1550 1551 1552 1553 1554 1555 1556 1557 1558 1559 1560 1561 1562 1563 1564 1565 1566 1567 1568 1569 1570 1571 1572 1573 1574 1575 1576 1577 1578 1579 1580 1581 1582 1583 1584 1585 1586 1587 1588 1589 1590 1591 1592 1593 1594 1595 1596 1597 1598 1599 1600 1601 1602 1603 1604 1605 1606 1607 | blob_appendf(&hdr, "Subject: %s\n", zSubject); } if( zSource ){ blob_read_from_file(&body, zSource, ExtFILE); }else{ prompt_for_user_comment(&body, &prompt); } blob_add_final_newline(&body); if( sendAsHtml ){ email_send(&hdr, 0, &body, zDest); }else if( sendAsBoth ){ Blob html; blob_init(&html, 0, 0); blob_appendf(&html, "<pre>\n%h</pre>\n", blob_str(&body)); email_send(&hdr, &body, &html, zDest); blob_zero(&html); }else{ email_send(&hdr, &body, 0, zDest); } blob_zero(&hdr); blob_zero(&body); blob_zero(&prompt); }else if( strncmp(zCmd, "settings", nCmd)==0 ){ int isGlobal = find_option("global",0,0)!=0; int nSetting; const Setting *pSetting = setting_info(&nSetting); db_open_config(1, 0); verify_all_options(); if( g.argc!=3 && g.argc!=5 ) usage("setting [NAME VALUE]"); if( g.argc==5 ){ const char *zLabel = g.argv[3]; if( strncmp(zLabel, "email-", 6)!=0 || (pSetting = db_find_setting(zLabel, 1))==0 ){ fossil_fatal("not a valid email setting: \"%s\"", zLabel); } db_set(pSetting->name, g.argv[4], isGlobal); g.argc = 3; } pSetting = setting_info(&nSetting); for(; nSetting>0; nSetting--, pSetting++ ){ if( strncmp(pSetting->name,"email-",6)!=0 ) continue; print_setting(pSetting); } }else if( strncmp(zCmd, "subscribers", nCmd)==0 ){ Stmt q; verify_all_options(); if( g.argc!=3 && g.argc!=4 ) usage("subscribers [PATTERN]"); if( g.argc==4 ){ char *zPattern = g.argv[3]; db_prepare(&q, "SELECT semail FROM subscriber" " WHERE semail LIKE '%%%q%%' OR suname LIKE '%%%q%%'" " OR semail GLOB '*%q*' or suname GLOB '*%q*'" " ORDER BY semail", zPattern, zPattern, zPattern, zPattern); }else{ db_prepare(&q, "SELECT semail FROM subscriber" " ORDER BY semail"); } while( db_step(&q)==SQLITE_ROW ){ fossil_print("%s\n", db_column_text(&q, 0)); } db_finalize(&q); }else if( strncmp(zCmd, "unsubscribe", nCmd)==0 ){ verify_all_options(); if( g.argc!=4 ) usage("unsubscribe EMAIL"); db_multi_exec( "DELETE FROM subscriber WHERE semail=%Q", g.argv[3]); }else { usage("exec|inbound|reset|send|setting|subscribers|unsubscribe"); } } /* ** Do error checking on a submitted subscription form. Return TRUE ** if the submission is valid. Return false if any problems are seen. */ static int subscribe_error_check( int *peErr, /* Type of error */ char **pzErr, /* Error message text */ int needCaptcha /* True if captcha check needed */ ){ const char *zEAddr; int i, j, n; char c; *peErr = 0; *pzErr = 0; /* Check the validity of the email address. ** ** (1) Exactly one '@' character. ** (2) No other characters besides [a-zA-Z0-9._-] */ zEAddr = P("e"); if( zEAddr==0 ) return 0; for(i=j=0; (c = zEAddr[i])!=0; i++){ if( c=='@' ){ n = i; j++; continue; } if( !fossil_isalnum(c) && c!='.' && c!='_' && c!='-' ){ *peErr = 1; *pzErr = mprintf("illegal character in email address: 0x%x '%c'", c, c); return 0; } } if( j!=1 ){ *peErr = 1; *pzErr = mprintf("email address should contain exactly one '@'"); return 0; } if( n<1 ){ *peErr = 1; *pzErr = mprintf("name missing before '@' in email address"); return 0; } if( n>i-5 ){ *peErr = 1; *pzErr = mprintf("email domain too short"); return 0; } /* Verify the captcha */ if( needCaptcha && !captcha_is_correct(1) ){ *peErr = 2; *pzErr = mprintf("incorrect security code"); return 0; } /* Check to make sure the email address is available for reuse */ if( db_exists("SELECT 1 FROM subscriber WHERE semail=%Q", zEAddr) ){ *peErr = 1; *pzErr = mprintf("this email address is used by someone else"); return 0; } /* If we reach this point, all is well */ return 1; } /* ** Text of email message sent in order to confirm a subscription. */ static const char zConfirmMsg[] = @ Someone has signed you up for email alerts on the Fossil repository @ at %s. @ @ To confirm your subscription and begin receiving alerts, click on @ the following hyperlink: @ @ %s/alerts/%s @ @ Save the hyperlink above! You can reuse this same hyperlink to @ unsubscribe or to change the kinds of alerts you receive. @ @ If you do not want to subscribe, you can simply ignore this message. @ You will not be contacted again. @ ; /* ** WEBPAGE: subscribe ** ** Allow users to subscribe to email notifications, or to change or ** verify their subscription. */ void subscribe_page(void){ int needCaptcha; unsigned int uSeed; const char *zDecoded; char *zCaptcha = 0; char *zErr = 0; int eErr = 0; login_check_credentials(); if( !g.perm.EmailAlert ){ login_needed(g.anon.EmailAlert); return; } if( login_is_individual() && db_exists("SELECT 1 FROM subscriber WHERE suname=%Q",g.zLogin) ){ /* This person is already signed up for email alerts. Jump ** to the screen that lets them edit their alert preferences. ** Except, administrators can create subscriptions for others so ** do not jump for them. */ if( g.perm.Admin ){ /* Admins get a link to admin their own account, but they ** stay on this page so that they can create subscriptions ** for other people. */ style_submenu_element("My Subscription","%R/alerts"); }else{ /* Everybody else jumps to the page to administer their own ** account only. */ cgi_redirectf("%R/alerts"); return; } } email_submenu_common(); needCaptcha = !login_is_individual(); if( P("submit") && cgi_csrf_safe(1) && subscribe_error_check(&eErr,&zErr,needCaptcha) ){ /* A validated request for a new subscription has been received. */ char ssub[20]; const char *zEAddr = P("e"); sqlite3_int64 id; /* New subscriber Id */ const char *zCode; /* New subscriber code (in hex) */ int nsub = 0; const char *suname = PT("suname"); if( suname==0 && needCaptcha==0 && !g.perm.Admin ) suname = g.zLogin; if( suname && suname[0]==0 ) suname = 0; if( PB("sa") ) ssub[nsub++] = 'a'; if( PB("sc") ) ssub[nsub++] = 'c'; if( PB("st") ) ssub[nsub++] = 't'; if( PB("sw") ) ssub[nsub++] = 'w'; ssub[nsub] = 0; db_multi_exec( "INSERT INTO subscriber(subscriberCode,semail,suname," " sverified,sdonotcall,sdigest,ssub,sctime,smtime,smip)" "VALUES(randomblob(32),%Q,%Q,%d,0,%d,%Q," " julianday('now'),julianday('now'),%Q)", /* semail */ zEAddr, /* suname */ suname, /* sverified */ needCaptcha==0, /* sdigest */ PB("di"), /* ssub */ ssub, /* smip */ g.zIpAddr ); id = db_last_insert_rowid(); zCode = db_text(0, "SELECT hex(subscriberCode) FROM subscriber WHERE subscriberId=%lld", id); if( !needCaptcha ){ /* The new subscription has been added on behalf of a logged-in user. ** No verification is required. Jump immediately to /alerts page. */ cgi_redirectf("%R/alerts/%s", zCode); return; }else{ /* We need to send a verification email */ Blob hdr, body; blob_init(&hdr,0,0); blob_init(&body,0,0); blob_appendf(&hdr, "To: %s\n", zEAddr); blob_appendf(&hdr, "Subject: Subscription verification\n"); blob_appendf(&body, zConfirmMsg/*works-like:"%s%s%s"*/, g.zBaseURL, g.zBaseURL, zCode); email_send(&hdr, &body, 0, 0); style_header("Email Alert Verification"); @ <p>An email has been sent to "%h(zEAddr)". That email contains a @ hyperlink that you must click on in order to activate your @ subscription.</p> style_footer(); } return; } style_header("Signup For Email Alerts"); @ <p>To receive email notifications for changes to this @ repository, fill out the form below and press "Submit" button.</p> form_begin(0, "%R/subscribe"); @ <table class="subscribe"> @ <tr> @ <td class="form_label">Email Address:</td> @ <td><input type="text" name="e" value="%h(PD("e",""))" size="30"></td> if( eErr==1 ){ @ <td><span class="loginError">← %h(zErr)</span></td> } @ </tr> if( needCaptcha ){ uSeed = captcha_seed(); zDecoded = captcha_decode(uSeed); zCaptcha = captcha_render(zDecoded); @ <tr> @ <td class="form_label">Security Code:</td> @ <td><input type="text" name="captcha" value="" size="30"> @ <input type="hidden" name="captchaseed" value="%u(uSeed)"></td> if( eErr==2 ){ @ <td><span class="loginError">← %h(zErr)</span></td> } @ </tr> } if( g.perm.Admin ){ @ <tr> @ <td class="form_label">User:</td> @ <td><input type="text" name="suname" value="%h(PD("suname",g.zLogin))" \ @ size="30"></td> if( eErr==3 ){ @ <td><span class="loginError">← %h(zErr)</span></td> } @ </tr> } @ <tr> @ <td class="form_label">Options:</td> @ <td><label><input type="checkbox" name="sa" %s(PCK("sa"))> \ @ Announcements</label><br> @ <label><input type="checkbox" name="sc" %s(PCK("sc"))> \ @ Check-ins</label><br> @ <label><input type="checkbox" name="st" %s(PCK("st"))> \ @ Ticket changes</label><br> @ <label><input type="checkbox" name="sw" %s(PCK("sw"))> \ @ Wiki</label><br> @ <label><input type="checkbox" name="di" %s(PCK("di"))> \ @ Daily digest only</label><br> if( g.perm.Admin ){ @ <label><input type="checkbox" name="vi" %s(PCK("vi"))> \ @ Verified</label><br> @ <label><input type="checkbox" name="dnc" %s(PCK("dnc"))> \ @ Do not call</label><br> } @ </td> @ </tr> @ <tr> @ <td></td> if( needCaptcha && !email_enabled() ){ @ <td><input type="submit" name="submit" value="Submit" disabled> @ (Email current disabled)</td> }else{ @ <td><input type="submit" name="submit" value="Submit"></td> } @ </tr> @ </table> if( needCaptcha ){ @ <div class="captcha"><table class="captcha"><tr><td><pre> @ %h(zCaptcha) @ </pre> @ Enter the 8 characters above in the "Security Code" box @ </td></tr></table></div> } @ </form> fossil_free(zErr); style_footer(); } /* ** Either shutdown or completely delete a subscription entry given ** by the hex value zName. Then paint a webpage that explains that ** the entry has been removed. */ static void email_unsubscribe(const char *zName){ char *zEmail; zEmail = db_text(0, "SELECT semail FROM subscriber" " WHERE subscriberCode=hextoblob(%Q)", zName); if( zEmail==0 ){ style_header("Unsubscribe Fail"); @ <p>Unable to locate a subscriber with the requested key</p> }else{ db_multi_exec( "DELETE FROM subscriber WHERE subscriberCode=hextoblob(%Q)", zName ); style_header("Unsubscribed"); @ <p>The "%h(zEmail)" email address has been delisted. @ All traces of that email address have been removed</p> } style_footer(); return; } /* ** WEBPAGE: alerts ** ** Edit email alert and notification settings. ** ** The subscriber entry is identified in either of two ways: ** ** (1) The name= query parameter contains the subscriberCode. ** ** (2) The user is logged into an account other than "nobody" or ** "anonymous". In that case the notification settings ** associated with that account can be edited without needing ** to know the subscriber code. */ void alerts_page(void){ const char *zName = P("name"); Stmt q; int sa, sc, st, sw; int sdigest, sdonotcall, sverified; const char *ssub; const char *semail; const char *smip; const char *suname; int eErr = 0; char *zErr = 0; login_check_credentials(); if( !g.perm.EmailAlert ){ cgi_redirect("subscribe"); return; } if( zName==0 && login_is_individual() ){ zName = db_text(0, "SELECT hex(subscriberCode) FROM subscriber" " WHERE suname=%Q", g.zLogin); } if( zName==0 || !validate16(zName, -1) ){ cgi_redirect("subscribe"); return; } email_submenu_common(); if( P("submit")!=0 && cgi_csrf_safe(1) ){ int sdonotcall = PB("sdonotcall"); int sdigest = PB("sdigest"); char ssub[10]; int nsub = 0; if( PB("sa") ) ssub[nsub++] = 'a'; if( PB("sc") ) ssub[nsub++] = 'c'; if( PB("st") ) ssub[nsub++] = 't'; if( PB("sw") ) ssub[nsub++] = 'w'; ssub[nsub] = 0; if( g.perm.Admin ){ const char *suname = PT("suname"); if( suname && suname[0]==0 ) suname = 0; int sverified = PB("sverified"); db_multi_exec( "UPDATE subscriber SET" " sdonotcall=%d," " sdigest=%d," " ssub=%Q," " smtime=julianday('now')," " smip=%Q," " suname=%Q," " sverified=%d" " WHERE subscriberCode=hextoblob(%Q)", sdonotcall, sdigest, ssub, g.zIpAddr, suname, sverified, zName ); }else{ db_multi_exec( "UPDATE subscriber SET" " sdonotcall=%d," " sdigest=%d," " ssub=%Q," " smtime=julianday('now')," " smip=%Q," " WHERE subscriberCode=hextoblob(%Q)", sdonotcall, sdigest, ssub, g.zIpAddr, zName ); } } if( P("delete")!=0 && cgi_csrf_safe(1) ){ if( !PB("dodelete") ){ eErr = 9; zErr = mprintf("Select this checkbox and press \"Unsubscribe\" to" " unsubscribe"); }else{ email_unsubscribe(zName); return; } } db_prepare(&q, "SELECT" " semail," " sverified," " sdonotcall," " sdigest," " ssub," " smip," " suname" " FROM subscriber WHERE subscriberCode=hextoblob(%Q)", zName); if( db_step(&q)!=SQLITE_ROW ){ db_finalize(&q); cgi_redirect("subscribe"); return; } style_header("Update Subscription"); semail = db_column_text(&q, 0); sverified = db_column_int(&q, 1); sdonotcall = db_column_int(&q, 2); sdigest = db_column_int(&q, 3); ssub = db_column_text(&q, 4); sa = strchr(ssub,'a')!=0; sc = strchr(ssub,'c')!=0; st = strchr(ssub,'t')!=0; sw = strchr(ssub,'w')!=0; smip = db_column_text(&q, 5); suname = db_column_text(&q, 6); if( !g.perm.Admin && !sverified ){ db_multi_exec( "UPDATE subscriber SET sverified=1 WHERE subscriberCode=hextoblob(%Q)", zName); @ <h1>Your email alert subscription has been verified!</h1> @ <p>Use the form below to update your subscription information.</p> @ <p>Hint: Bookmark this page so that you can more easily update @ your subscription information in the future</p> }else{ @ <p>Make changes to the email subscription shown below and @ press "Submit".</p> } form_begin(0, "%R/alerts"); @ <input type="hidden" name="name" value="%h(zName)"> @ <table class="subscribe"> @ <tr> @ <td class="form_label">Email Address:</td> @ <td>%h(semail)</td> @ </tr> if( g.perm.Admin ){ @ <tr> @ <td class='form_label'>IP Address:</td> @ <td>%h(smip)</td> @ </tr> @ <tr> @ <td class="form_label">User:</td> @ <td><input type="text" name="suname" value="%h(suname?suname:"")" \ @ size="30"></td> @ </tr> } @ <tr> @ <td class="form_label">Options:</td> @ <td><label><input type="checkbox" name="sa" %s(sa?"checked":"")>\ @ Announcements</label><br> @ <label><input type="checkbox" name="sc" %s(sc?"checked":"")>\ @ Check-ins</label><br> @ <label><input type="checkbox" name="st" %s(st?"checked":"")>\ @ Ticket changes</label><br> @ <label><input type="checkbox" name="sw" %s(sw?"checked":"")>\ @ Wiki</label><br> @ <label><input type="checkbox" name="sdigest" %s(sdigest?"checked":"")>\ @ Daily digest only</label><br> if( g.perm.Admin ){ @ <label><input type="checkbox" name="sdonotcall" \ @ %s(sdonotcall?"checked":"")> Do not call</label><br> @ <label><input type="checkbox" name="sverified" \ @ %s(sverified?"checked":"")>\ @ Verified</label><br> } @ <label><input type="checkbox" name="dodelete"> @ Unsubscribe</label> \ if( eErr==9 ){ @ <span class="loginError">← %h(zErr)</span>\ } @ <br> @ </td></tr> @ <tr> @ <td></td> @ <td><input type="submit" name="submit" value="Submit"> @ <input type="submit" name="delete" value="Unsubscribe"> @ </tr> @ </table> @ </form> fossil_free(zErr); db_finalize(&q); style_footer(); } /* This is the message that gets sent to describe how to change ** or modify a subscription */ static const char zUnsubMsg[] = @ To changes your subscription settings at %s visit this link: @ @ %s/alerts/%s @ @ To completely unsubscribe from %s, visit the following link: @ @ %s/unsubscribe/%s ; /* ** WEBPAGE: unsubscribe ** ** Users visit this page to be delisted from email alerts. ** ** If a valid subscriber code is supplied in the name= query parameter, ** then that subscriber is delisted. ** ** Otherwise, If the users is logged in, then they are redirected ** to the /alerts page where they have an unsubscribe button. ** ** Non-logged-in users with no name= query parameter are invited to enter ** an email address to which will be sent the unsubscribe link that ** contains the correct subscriber code. */ void unsubscribe_page(void){ const char *zName = P("name"); char *zErr = 0; int eErr = 0; unsigned int uSeed; const char *zDecoded; char *zCaptcha = 0; int dx; int bSubmit; const char *zEAddr; char *zCode = 0; /* If a valid subscriber code is supplied, then unsubscribe immediately. */ if( zName && db_exists("SELECT 1 FROM subscriber WHERE subscriberCode=hextoblob(%Q)", zName) ){ email_unsubscribe(zName); return; } /* Logged in users are redirected to the /alerts page */ login_check_credentials(); if( login_is_individual() ){ cgi_redirectf("%R/alerts"); return; } zEAddr = PD("e",""); dx = atoi(PD("dx","0")); bSubmit = P("submit")!=0 && P("e")!=0 && cgi_csrf_safe(1); if( bSubmit ){ if( !captcha_is_correct(1) ){ eErr = 2; zErr = mprintf("enter the security code shown below"); bSubmit = 0; } } if( bSubmit ){ zCode = db_text(0,"SELECT hex(subscriberCode) FROM subscriber" " WHERE semail=%Q", zEAddr); if( zCode==0 ){ eErr = 1; zErr = mprintf("not a valid email address"); bSubmit = 0; } } if( bSubmit ){ /* If we get this far, it means that a valid unsubscribe request has ** been submitted. Send the appropriate email. */ Blob hdr, body; blob_init(&hdr,0,0); blob_init(&body,0,0); blob_appendf(&hdr, "To: %s\n", zEAddr); blob_appendf(&hdr, "Subject: Unsubscribe Instructions\n"); blob_appendf(&body, zUnsubMsg/*works-like:"%s%s%s%s%s%s"*/, g.zBaseURL, g.zBaseURL, zCode, g.zBaseURL, g.zBaseURL, zCode); email_send(&hdr, &body, 0, 0); style_header("Unsubscribe Instructions Sent"); @ <p>An email has been sent to "%h(zEAddr)" that explains how to @ unsubscribe and/or modify your subscription settings</p> style_footer(); return; } /* Non-logged-in users have to enter an email address to which is ** sent a message containing the unsubscribe link. */ style_header("Unsubscribe Request"); @ <p>Fill out the form below to request an email message that will @ explain how to unsubscribe and/or change your subscription settings.</p> @ form_begin(0, "%R/unsubscribe"); @ <table class="subscribe"> @ <tr> @ <td class="form_label">Email Address:</td> @ <td><input type="text" name="e" value="%h(zEAddr)" size="30"></td> if( eErr==1 ){ @ <td><span class="loginError">← %h(zErr)</span></td> } @ </tr> uSeed = captcha_seed(); zDecoded = captcha_decode(uSeed); zCaptcha = captcha_render(zDecoded); @ <tr> @ <td class="form_label">Security Code:</td> @ <td><input type="text" name="captcha" value="" size="30"> @ <input type="hidden" name="captchaseed" value="%u(uSeed)"></td> if( eErr==2 ){ @ <td><span class="loginError">← %h(zErr)</span></td> } @ </tr> @ <tr> @ <td class="form_label">Options:</td> @ <td><label><input type="radio" name="dx" value="0" %s(dx?"":"checked")>\ @ Modify subscription</label><br> @ <label><input type="radio" name="dx" value="1" %s(dx?"checked":"")>\ @ Completely unsubscribe</label><br> @ <tr> @ <td></td> @ <td><input type="submit" name="submit" value="Submit"></td> @ </tr> @ </table> @ <div class="captcha"><table class="captcha"><tr><td><pre> @ %h(zCaptcha) @ </pre> @ Enter the 8 characters above in the "Security Code" box @ </td></tr></table></div> @ </form> fossil_free(zErr); style_footer(); } /* ** WEBPAGE: subscribers ** ** This page, accessible to administrators only, ** shows a list of email notification email addresses with ** links to facilities for editing. */ void subscriber_list_page(void){ Blob sql; Stmt q; login_check_credentials(); if( !g.perm.Admin ){ fossil_redirect_home(); return; } email_submenu_common(); style_header("Subscriber List"); blob_init(&sql, 0, 0); blob_append_sql(&sql, "SELECT hex(subscriberCode)," " semail," " ssub," " suname," " sverified," " sdigest" " FROM subscriber" ); db_prepare_blob(&q, &sql); @ <table border="1"> @ <tr> @ <th>Email @ <th>Events @ <th>Digest-Only? @ <th>User @ <th>Verified? @ </tr> while( db_step(&q)==SQLITE_ROW ){ @ <tr> @ <td><a href='%R/alerts/%s(db_column_text(&q,0))'>\ @ %h(db_column_text(&q,1))</a></td> @ <td>%h(db_column_text(&q,2))</td> @ <td>%s(db_column_int(&q,5)?"digest":"")</td> @ <td>%h(db_column_text(&q,3))</td> @ <td>%s(db_column_int(&q,4)?"yes":"pending")</td> @ </tr> } @ </table> db_finalize(&q); style_footer(); } #if LOCAL_INTERFACE /* ** A single event that might appear in an alert is recorded as an ** instance of the following object. */ struct EmailEvent { int type; /* 'c', 't', 'w', etc. */ Blob txt; /* Text description to appear in an alert */ EmailEvent *pNext; /* Next in chronological order */ }; #endif /* ** Free a linked list of EmailEvent objects */ void email_free_eventlist(EmailEvent *p){ while( p ){ EmailEvent *pNext = p->pNext; blob_zero(&p->txt); fossil_free(p); p = pNext; } } /* ** Compute and return a linked list of EmailEvent objects ** corresponding to the current content of the temp.wantalert ** table which should be defined as follows: ** ** CREATE TEMP TABLE wantalert(eventId TEXT); */ EmailEvent *email_compute_event_text(int *pnEvent){ Stmt q; EmailEvent *p; EmailEvent anchor; EmailEvent *pLast; const char *zUrl = db_get("email-url","http://localhost:8080"); db_prepare(&q, "SELECT" " blob.uuid," /* 0 */ " datetime(event.mtime)," /* 1 */ " coalesce(ecomment,comment)" " || ' (user: ' || coalesce(euser,user,'?')" " || (SELECT case when length(x)>0 then ' tags: ' || x else '' end" " FROM (SELECT group_concat(substr(tagname,5), ', ') AS x" " FROM tag, tagxref" " WHERE tagname GLOB 'sym-*' AND tag.tagid=tagxref.tagid" " AND tagxref.rid=blob.rid AND tagxref.tagtype>0))" " || ')' as comment," /* 2 */ " tagxref.value AS branch," /* 3 */ " wantalert.eventId" /* 4 */ " FROM temp.wantalert JOIN tag CROSS JOIN event CROSS JOIN blob" " LEFT JOIN tagxref ON tagxref.tagid=tag.tagid" " AND tagxref.tagtype>0" " AND tagxref.rid=blob.rid" " WHERE blob.rid=event.objid" " AND tag.tagname='branch'" " AND event.objid=substr(wantalert.eventId,2)+0" " ORDER BY event.mtime" ); memset(&anchor, 0, sizeof(anchor)); pLast = &anchor; *pnEvent = 0; while( db_step(&q)==SQLITE_ROW ){ const char *zType = ""; p = fossil_malloc( sizeof(EmailEvent) ); pLast->pNext = p; pLast = p; p->type = db_column_text(&q, 4)[0]; p->pNext = 0; switch( p->type ){ case 'c': zType = "Check-In"; break; case 't': zType = "Wiki Edit"; break; case 'w': zType = "Ticket Change"; break; } blob_init(&p->txt, 0, 0); blob_appendf(&p->txt,"== %s %s ==\n%s\n%s/info/%.20s\n", db_column_text(&q,1), zType, db_column_text(&q,2), zUrl, db_column_text(&q,0) ); (*pnEvent)++; } db_finalize(&q); return anchor.pNext; } /* ** Put a header on an alert email */ void email_header(Blob *pOut){ blob_appendf(pOut, "This is an automated email reporting changes " "on Fossil repository %s (%s/timeline)\n", db_get("email-subname","(unknown)"), db_get("email-url","http://localhost:8080")); } /* ** Append the "unsubscribe" notification and other footer text to ** the end of an email alert being assemblied in pOut. */ void email_footer(Blob *pOut){ blob_appendf(pOut, "\n%.72c\nTo unsubscribe: %s/unsubscribe\n", '-', db_get("email-url","http://localhost:8080")); } /* ** COMMAND: test-generate-alert ** ** Usage: %fossil test-generate-alert [--html] [--actual] EVENTID ... ** ** Generate the text of an email alert for all of the EVENTIDs ** listed on the command-line. Write that text to standard ** output. If the --actual flag is present, then the EVENTIDs are ** the actual event-ids in the pending_alert table. ** ** This command is intended for testing and debugging the logic ** that generates email alert text. */ void test_generate_alert_cmd(void){ int bActual = find_option("actual",0,0)!=0; Blob out; int nEvent; EmailEvent *pEvent, *p; db_find_and_open_repository(0, 0); verify_all_options(); db_begin_transaction(); email_schema(); db_multi_exec("CREATE TEMP TABLE wantalert(eventid TEXT)"); if( bActual ){ db_multi_exec("INSERT INTO wantalert SELECT eventid FROM pending_alert"); }else{ int i; for(i=2; i<g.argc; i++){ db_multi_exec("INSERT INTO wantalert VALUES(%Q)", g.argv[i]); } } blob_init(&out, 0, 0); email_header(&out); pEvent = email_compute_event_text(&nEvent); for(p=pEvent; p; p=p->pNext){ blob_append(&out, "\n", 1); blob_append(&out, blob_buffer(&p->txt), blob_size(&p->txt)); } email_free_eventlist(pEvent); email_footer(&out); fossil_print("%s", blob_str(&out)); blob_zero(&out); db_end_transaction(0); } /* ** COMMAND: test-add-alerts ** ** Usage: %fossil test-add-alerts EVENTID ... ** ** Add one or more events to the pending_alert queue. Use this ** command during testing to force email notifications for specific ** events. */ void test_add_alert_cmd(void){ int i; db_find_and_open_repository(0, 0); verify_all_options(); db_begin_transaction(); email_schema(); for(i=2; i<g.argc; i++){ db_multi_exec("INSERT INTO pending_alert(eventId) VALUES(%Q)", g.argv[i]); } db_end_transaction(0); } #if INTERFACE /* ** Flags for email_send_alerts() */ #define SENDALERT_DIGEST 0x0001 /* Send a digest */ #define SENDALERT_PRESERVE 0x0002 /* Do not mark the task as done */ #endif /* INTERFACE */ /* ** Send alert emails to all subscribers */ void email_send_alerts(u32 flags){ EmailEvent *pEvents, *p; int nEvent = 0; Stmt q; const char *zDigest = "false"; Blob hdr, body; const char *zUrl; const char *zRepoName; const char *zFrom; db_begin_transaction(); if( !email_enabled() ) goto send_alerts_done; zUrl = db_get("email-url",0); if( zUrl==0 ) goto send_alerts_done; zRepoName = db_get("email-subname",0); if( zRepoName==0 ) goto send_alerts_done; zFrom = db_get("email-self",0); if( zFrom==0 ) goto send_alerts_done; db_multi_exec( "DROP TABLE IF EXISTS temp.wantalert;" "CREATE TEMP TABLE wantalert(eventId TEXT);" ); if( flags & SENDALERT_DIGEST ){ db_multi_exec( "INSERT INTO wantalert SELECT eventid FROM pending_alert" " WHERE sentDigest IS FALSE" ); zDigest = "true"; }else{ db_multi_exec( "INSERT INTO wantalert SELECT eventid FROM pending_alert" " WHERE sentSep IS FALSE" ); } pEvents = email_compute_event_text(&nEvent); if( nEvent==0 ) return; blob_init(&hdr, 0, 0); blob_init(&body, 0, 0); db_prepare(&q, "SELECT" " subscriberCode," /* 0 */ " semail," /* 1 */ " ssub" /* 2 */ " FROM subscriber" " WHERE sverified AND NOT sdonotcall" " AND sdigest IS %s", zDigest/*safe-for-%s*/ ); while( db_step(&q)==SQLITE_ROW ){ const char *zCode = db_column_text(&q, 0); const char *zSub = db_column_text(&q, 2); const char *zEmail = db_column_text(&q, 1); int nHit = 0; for(p=pEvents; p; p=p->pNext){ if( strchr(zSub,p->type)==0 ) continue; if( nHit==0 ){ blob_appendf(&hdr,"To: %s\n", zEmail); blob_appendf(&hdr,"From: %s\n", zFrom); blob_appendf(&hdr,"Subject: %s activity alert\n", zRepoName); blob_appendf(&body, "This is an automated email sent by the Fossil repository " "at %s to alert you to changes.\n", zUrl ); } nHit++; blob_append(&body, "\n", 1); blob_append(&body, blob_buffer(&p->txt), blob_size(&p->txt)); } if( nHit==0 ) continue; blob_appendf(&body,"\n%.72c\nSubscription info: %s/alerts/%s\n", '-', zUrl, zCode); email_send(&hdr,&body,0,0); blob_truncate(&hdr); blob_truncate(&body); } blob_zero(&hdr); blob_zero(&body); db_finalize(&q); email_free_eventlist(pEvents); if( (flags & SENDALERT_PRESERVE)==0 ){ if( flags & SENDALERT_DIGEST ){ db_multi_exec("UPDATE pending_alert SET sentDigest=true"); }else{ db_multi_exec("UPDATE pending_alert SET sentSep=true"); } db_multi_exec("DELETE FROM pending_alert WHERE sentDigest AND sentSep"); } send_alerts_done: db_end_transaction(0); } |
Changes to src/encode.c.
︙ | ︙ | |||
632 633 634 635 636 637 638 639 640 641 642 643 644 645 | /* ** Return true if the input string contains only valid base-16 digits. ** If any invalid characters appear in the string, return false. */ int validate16(const char *zIn, int nIn){ int i; for(i=0; i<nIn; i++, zIn++){ if( zDecode[zIn[0]&0xff]>63 ){ return zIn[0]==0; } } return 1; } | > | 632 633 634 635 636 637 638 639 640 641 642 643 644 645 646 | /* ** Return true if the input string contains only valid base-16 digits. ** If any invalid characters appear in the string, return false. */ int validate16(const char *zIn, int nIn){ int i; if( nIn<0 ) nIn = (int)strlen(zIn); for(i=0; i<nIn; i++, zIn++){ if( zDecode[zIn[0]&0xff]>63 ){ return zIn[0]==0; } } return 1; } |
︙ | ︙ |
Changes to src/forum.c.
︙ | ︙ | |||
99 100 101 102 103 104 105 | " ORDER BY xdepth DESC, xtime ASC" ") SELECT * FROM post;", itemId ); while( db_step(&q)==SQLITE_ROW ){ int id = db_column_int(&q, 0); const char *zUser = db_column_text(&q, 1); | < < | 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 | " ORDER BY xdepth DESC, xtime ASC" ") SELECT * FROM post;", itemId ); while( db_step(&q)==SQLITE_ROW ){ int id = db_column_int(&q, 0); const char *zUser = db_column_text(&q, 1); const char *zMime = db_column_text(&q, 3); int iDepth = db_column_int(&q, 7); double rMTime = db_column_double(&q, 8); char *zAge = db_timespan_name(rNow - rMTime); Blob body; @ <!-- Forum post %d(id) --> @ <table class="forum_post"> @ <tr> |
︙ | ︙ | |||
255 256 257 258 259 260 261 | ** p Preview changes */ void forum_edit_page(void){ int itemId; int parentId; char *zErr = 0; login_check_credentials(); | < | 253 254 255 256 257 258 259 260 261 262 263 264 265 266 | ** p Preview changes */ void forum_edit_page(void){ int itemId; int parentId; char *zErr = 0; login_check_credentials(); const char *zMime; const char *zSub; if( !g.perm.WrForum ){ login_needed(g.anon.WrForum); return; } forum_verify_schema(); itemId = atoi(PD("item","0")); parentId = atoi(PD("replyto","0")); if( P("cancel")!=0 ){ |
︙ | ︙ |
Changes to src/login.c.
︙ | ︙ | |||
728 729 730 731 732 733 734 735 736 737 738 739 740 741 | } @ </div> free(zCaptcha); } @ </form> } if( g.zLogin && g.perm.Password ){ @ <hr /> @ <p>Change Password for user <b>%h(g.zLogin)</b>:</p> form_begin(0, "%R/login"); @ <table> @ <tr><td class="form_label">Old Password:</td> @ <td><input type="password" name="p" size="30" /></td></tr> @ <tr><td class="form_label">New Password:</td> | > > > > > | 728 729 730 731 732 733 734 735 736 737 738 739 740 741 742 743 744 745 746 | } @ </div> free(zCaptcha); } @ </form> } if( g.zLogin && g.perm.Password ){ if( email_enabled() ){ @ <hr> @ <p>Configure <a href="%R/alerts">Email Alerts</a> @ for user <b>%h(g.zLogin)</b></p> } @ <hr /> @ <p>Change Password for user <b>%h(g.zLogin)</b>:</p> form_begin(0, "%R/login"); @ <table> @ <tr><td class="form_label">Old Password:</td> @ <td><input type="password" name="p" size="30" /></td></tr> @ <tr><td class="form_label">New Password:</td> |
︙ | ︙ | |||
1346 1347 1348 1349 1350 1351 1352 1353 1354 1355 1356 1357 1358 1359 | /* ** Return true if the user is "nobody" */ int login_is_nobody(void){ return g.zLogin==0 || g.zLogin[0]==0 || fossil_strcmp(g.zLogin,"nobody")==0; } /* ** Return the login name. If no login name is specified, return "nobody". */ const char *login_name(void){ return (g.zLogin && g.zLogin[0]) ? g.zLogin : "nobody"; } | > > > > > > > > > | 1351 1352 1353 1354 1355 1356 1357 1358 1359 1360 1361 1362 1363 1364 1365 1366 1367 1368 1369 1370 1371 1372 1373 | /* ** Return true if the user is "nobody" */ int login_is_nobody(void){ return g.zLogin==0 || g.zLogin[0]==0 || fossil_strcmp(g.zLogin,"nobody")==0; } /* ** Return true if the user is a specific individual, not "nobody" or ** "anonymous". */ int login_is_individual(void){ return g.zLogin!=0 && g.zLogin[0]!=0 && fossil_strcmp(g.zLogin,"nobody")!=0 && fossil_strcmp(g.zLogin,"anonymous")!=0; } /* ** Return the login name. If no login name is specified, return "nobody". */ const char *login_name(void){ return (g.zLogin && g.zLogin[0]) ? g.zLogin : "nobody"; } |
︙ | ︙ |
Changes to src/rebuild.c.
︙ | ︙ | |||
142 143 144 145 146 147 148 | /* ** Update the repository schema for Fossil version 2.0. (2017-02-28) ** (1) Change the CHECK constraint on BLOB.UUID so that the length ** is greater than or equal to 40, not exactly equal to 40. */ void rebuild_schema_update_2_0(void){ | | > | 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 | /* ** Update the repository schema for Fossil version 2.0. (2017-02-28) ** (1) Change the CHECK constraint on BLOB.UUID so that the length ** is greater than or equal to 40, not exactly equal to 40. */ void rebuild_schema_update_2_0(void){ char *z = db_text(0, "SELECT sql FROM repository.sqlite_master" " WHERE name='blob'"); if( z ){ /* Search for: length(uuid)==40 ** 0123456789 12345 */ int i; for(i=10; z[i]; i++){ if( z[i]=='=' && strncmp(&z[i-6],"(uuid)==40",10)==0 ){ z[i] = '>'; |
︙ | ︙ | |||
355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 | bag_init(&bagDone); ttyOutput = doOut; processCnt = 0; if (ttyOutput && !g.fQuiet) { percent_complete(0); } rebuild_update_schema(); blob_init(&sql, 0, 0); db_prepare(&q, "SELECT name FROM sqlite_master /*scan*/" " WHERE type='table'" " AND name NOT IN ('admin_log', 'blob','delta','rcvfrom','user','alias'," "'config','shun','private','reportfmt'," "'concealed','accesslog','modreq'," | > | > | 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 | bag_init(&bagDone); ttyOutput = doOut; processCnt = 0; if (ttyOutput && !g.fQuiet) { percent_complete(0); } email_triggers_disable(); rebuild_update_schema(); blob_init(&sql, 0, 0); db_prepare(&q, "SELECT name FROM sqlite_master /*scan*/" " WHERE type='table'" " AND name NOT IN ('admin_log', 'blob','delta','rcvfrom','user','alias'," "'config','shun','private','reportfmt'," "'concealed','accesslog','modreq'," "'purgeevent','purgeitem','unversioned'," "'subscriber','pending_alert','email_bounce')" " AND name NOT GLOB 'sqlite_*'" " AND name NOT GLOB 'fx_*'" ); while( db_step(&q)==SQLITE_ROW ){ blob_appendf(&sql, "DROP TABLE IF EXISTS \"%w\";\n", db_column_text(&q,0)); } db_finalize(&q); |
︙ | ︙ | |||
444 445 446 447 448 449 450 451 452 453 454 455 456 457 | percent_complete((processCnt*1000)/totalSize); } if( doClustering ) create_cluster(); if( ttyOutput && !g.fQuiet && totalSize>0 ){ processCnt += incrSize; percent_complete((processCnt*1000)/totalSize); } if(!g.fQuiet && ttyOutput ){ percent_complete(1000); fossil_print("\n"); } return errCnt; } | > | 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 | percent_complete((processCnt*1000)/totalSize); } if( doClustering ) create_cluster(); if( ttyOutput && !g.fQuiet && totalSize>0 ){ processCnt += incrSize; percent_complete((processCnt*1000)/totalSize); } email_triggers_enable(); if(!g.fQuiet && ttyOutput ){ percent_complete(1000); fossil_print("\n"); } return errCnt; } |
︙ | ︙ |
Changes to src/setup.c.
︙ | ︙ | |||
1020 1021 1022 1023 1024 1025 1026 | login_verify_csrf_secret(); db_set(zVar, zQ, 0); admin_log("Set entry_attribute %Q to: %.*s%s", zVar, 20, zQ, (nZQ>20 ? "..." : "")); zVal = zQ; } @ <input type="text" id="%s(zQParm)" name="%s(zQParm)" value="%h(zVal)" \ | | | | 1020 1021 1022 1023 1024 1025 1026 1027 1028 1029 1030 1031 1032 1033 1034 1035 1036 | login_verify_csrf_secret(); db_set(zVar, zQ, 0); admin_log("Set entry_attribute %Q to: %.*s%s", zVar, 20, zQ, (nZQ>20 ? "..." : "")); zVal = zQ; } @ <input type="text" id="%s(zQParm)" name="%s(zQParm)" value="%h(zVal)" \ @ size="%d(width)" \ if( disabled ){ @ disabled="disabled" \ } @ /> <b>%s(zLabel)</b> } /* ** Generate a text box for an attribute. */ |
︙ | ︙ |
Changes to src/timeline.c.
︙ | ︙ | |||
2334 2335 2336 2337 2338 2339 2340 2341 2342 2343 2344 2345 2346 2347 | ** Options: ** -n|--limit N If N is positive, output the first N entries. If ** N is negative, output the first -N lines. If N is ** zero, no limit. Default is -20 meaning 20 lines. ** -p|--path PATH Output items affecting PATH only. ** PATH can be a file or a sub directory. ** --offset P skip P changes ** -t|--type TYPE Output items from the given types only, such as: ** ci = file commits only ** e = technical notes only ** t = tickets only ** w = wiki commits only ** -v|--verbose Output the list of files changed by each commit ** and the type of each change (edited, deleted, | > | 2334 2335 2336 2337 2338 2339 2340 2341 2342 2343 2344 2345 2346 2347 2348 | ** Options: ** -n|--limit N If N is positive, output the first N entries. If ** N is negative, output the first -N lines. If N is ** zero, no limit. Default is -20 meaning 20 lines. ** -p|--path PATH Output items affecting PATH only. ** PATH can be a file or a sub directory. ** --offset P skip P changes ** --sql Show the SQL used to generate the timeline ** -t|--type TYPE Output items from the given types only, such as: ** ci = file commits only ** e = technical notes only ** t = tickets only ** w = wiki commits only ** -v|--verbose Output the list of files changed by each commit ** and the type of each change (edited, deleted, |
︙ | ︙ | |||
2365 2366 2367 2368 2369 2370 2371 2372 2373 2374 2375 2376 2377 2378 2379 2380 2381 2382 2383 2384 2385 2386 2387 2388 | int objid = 0; Blob uuid; int mode = TIMELINE_MODE_NONE; int verboseFlag = 0 ; int iOffset; const char *zFilePattern = 0; Blob treeName; verboseFlag = find_option("verbose","v", 0)!=0; if( !verboseFlag){ verboseFlag = find_option("showfiles","f", 0)!=0; /* deprecated */ } db_find_and_open_repository(0, 0); zLimit = find_option("limit","n",1); zWidth = find_option("width","W",1); zType = find_option("type","t",1); zFilePattern = find_option("path","p",1); if( !zLimit ){ zLimit = find_option("count",0,1); } if( zLimit ){ n = atoi(zLimit); }else{ | > > | 2366 2367 2368 2369 2370 2371 2372 2373 2374 2375 2376 2377 2378 2379 2380 2381 2382 2383 2384 2385 2386 2387 2388 2389 2390 2391 | int objid = 0; Blob uuid; int mode = TIMELINE_MODE_NONE; int verboseFlag = 0 ; int iOffset; const char *zFilePattern = 0; Blob treeName; int showSql = 0; verboseFlag = find_option("verbose","v", 0)!=0; if( !verboseFlag){ verboseFlag = find_option("showfiles","f", 0)!=0; /* deprecated */ } db_find_and_open_repository(0, 0); zLimit = find_option("limit","n",1); zWidth = find_option("width","W",1); zType = find_option("type","t",1); zFilePattern = find_option("path","p",1); showSql = find_option("sql",0,0)!=0; if( !zLimit ){ zLimit = find_option("count",0,1); } if( zLimit ){ n = atoi(zLimit); }else{ |
︙ | ︙ | |||
2518 2519 2520 2521 2522 2523 2524 | } blob_append_sql(&sql, "\nORDER BY event.mtime DESC"); if( iOffset>0 ){ /* Don't handle LIMIT here, otherwise print_timeline() * will not determine the end-marker correctly! */ blob_append_sql(&sql, "\n LIMIT -1 OFFSET %d", iOffset); } | > > > | | 2521 2522 2523 2524 2525 2526 2527 2528 2529 2530 2531 2532 2533 2534 2535 2536 2537 2538 | } blob_append_sql(&sql, "\nORDER BY event.mtime DESC"); if( iOffset>0 ){ /* Don't handle LIMIT here, otherwise print_timeline() * will not determine the end-marker correctly! */ blob_append_sql(&sql, "\n LIMIT -1 OFFSET %d", iOffset); } if( showSql ){ fossil_print("%s\n", blob_str(&sql)); } db_prepare_blob(&q, &sql); blob_reset(&sql); print_timeline(&q, n, width, verboseFlag); db_finalize(&q); } /* |
︙ | ︙ |
Changes to src/tkt.c.
︙ | ︙ | |||
592 593 594 595 596 597 598 | const char *zUuid; int i; int nJ = 0; Blob tktchng, cksum; int needMod; login_verify_csrf_secret(); | | | 592 593 594 595 596 597 598 599 600 601 602 603 604 605 606 | const char *zUuid; int i; int nJ = 0; Blob tktchng, cksum; int needMod; login_verify_csrf_secret(); if( !captcha_is_correct(0) ){ @ <p class="generalError">Error: Incorrect security code.</p> return TH_OK; } zUuid = (const char *)pUuid; blob_zero(&tktchng); zDate = date_in_standard_format("now"); blob_appendf(&tktchng, "D %s\n", zDate); |
︙ | ︙ |
Changes to src/wiki.c.
︙ | ︙ | |||
532 533 534 535 536 537 538 | } if( zBody==0 && (pWiki = manifest_get(rid, CFTYPE_WIKI, 0))!=0 ){ zBody = pWiki->zWiki; zMimetype = pWiki->zMimetype; } } if( P("submit")!=0 && zBody!=0 | | | 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 | } if( zBody==0 && (pWiki = manifest_get(rid, CFTYPE_WIKI, 0))!=0 ){ zBody = pWiki->zWiki; zMimetype = pWiki->zMimetype; } } if( P("submit")!=0 && zBody!=0 && (goodCaptcha = captcha_is_correct(0)) ){ char *zDate; Blob cksum; blob_zero(&wiki); db_begin_transaction(); if( isSandbox ){ db_set("sandbox",zBody,0); |
︙ | ︙ | |||
756 757 758 759 760 761 762 | } } if( !g.perm.ApndWiki ){ login_needed(g.anon.ApndWiki); return; } if( P("submit")!=0 && P("r")!=0 && P("u")!=0 | | | 756 757 758 759 760 761 762 763 764 765 766 767 768 769 770 | } } if( !g.perm.ApndWiki ){ login_needed(g.anon.ApndWiki); return; } if( P("submit")!=0 && P("r")!=0 && P("u")!=0 && (goodCaptcha = captcha_is_correct(0)) ){ char *zDate; Blob cksum; Blob body; Blob wiki; Manifest *pWiki = 0; |
︙ | ︙ |