Fossil

Check-in [5c999558]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Fix a minor problem with Write-Unver reporting on the security audit report.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256:5c999558ffb220a19ffc58a6c028ee2de760deb9c9a26dcfe3a32f69b5064427
User & Date: drh 2017-07-01 22:43:06
Context
2017-07-02
18:22
On the /test_env page, report the values of the REMOTE_USER and HTTP_AUTHENTICATION environment variables, if they exist. check-in: 4207a040 user: drh tags: trunk
2017-07-01
22:43
Fix a minor problem with Write-Unver reporting on the security audit report. check-in: 5c999558 user: drh tags: trunk
22:38
Add the cgi_referer() utility function. Use it to cause the setup_uedit page to always go back to the page it came from. check-in: 59a51b82 user: drh tags: trunk
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to src/security_audit.c.

242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
    @ <li><p>
    @ The "Write-Unver" privilege is granted to an entire class of users
    @ (%s(z)).  Ideally, the Write-Unver privilege should only be
    @ granted to specific individuals.
    fossil_free(z);
  }
  n = db_int(0,"SELECT count(*) FROM user WHERE cap GLOB '*y*'");
  if( n>3 ){
    @ <li><p>
  }else if( n>0 ){
    z = db_text(0,
       "SELECT group_concat("
          "printf('<a href=''setup_uedit?id=%%d''>%%s</a>',uid,login),', ')"
       " FROM user WHERE cap GLOB '*y*'"
    );
    @ <li><p>
    @ Users with "Write-Unver" privilege: %s(z)







<
<
|







242
243
244
245
246
247
248


249
250
251
252
253
254
255
256
    @ <li><p>
    @ The "Write-Unver" privilege is granted to an entire class of users
    @ (%s(z)).  Ideally, the Write-Unver privilege should only be
    @ granted to specific individuals.
    fossil_free(z);
  }
  n = db_int(0,"SELECT count(*) FROM user WHERE cap GLOB '*y*'");


  if( n>0 ){
    z = db_text(0,
       "SELECT group_concat("
          "printf('<a href=''setup_uedit?id=%%d''>%%s</a>',uid,login),', ')"
       " FROM user WHERE cap GLOB '*y*'"
    );
    @ <li><p>
    @ Users with "Write-Unver" privilege: %s(z)