Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | Do not allow people to subscribe to notifications for which they do not have read permission. |
|---|---|
| Downloads: | Tarball | ZIP archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA3-256: |
6e6e3c8b254b745ed97e12e41685c38b |
| User & Date: | drh 2018-07-14 00:54:34.185 |
Context
|
2018-07-14
| ||
| 14:13 | Add the --nocompress option to the "ui", "server", and "http" commands. This option prevents HTTP reply compression, which is useful during debugging. The option is on by default for "test-http". Also, make sure the mimetype for error messages is set to text/html. ... (check-in: cfc7aca2 user: drh tags: trunk) | |
| 00:54 | Do not allow people to subscribe to notifications for which they do not have read permission. ... (check-in: 6e6e3c8b user: drh tags: trunk) | |
|
2018-07-13
| ||
| 21:36 | Improved process debugging for "fossil ui" and "fossil server". Sanely close the open database connection upon receiving SIGPIPE. ... (check-in: 83b171bc user: drh tags: trunk) | |
Changes
Changes to src/email.c.
| ︙ | ︙ | |||
1170 1171 1172 1173 1174 1175 1176 |
sqlite3_int64 id; /* New subscriber Id */
const char *zCode; /* New subscriber code (in hex) */
int nsub = 0;
const char *suname = PT("suname");
if( suname==0 && needCaptcha==0 && !g.perm.Admin ) suname = g.zLogin;
if( suname && suname[0]==0 ) suname = 0;
if( PB("sa") ) ssub[nsub++] = 'a';
| | | > | | 1170 1171 1172 1173 1174 1175 1176 1177 1178 1179 1180 1181 1182 1183 1184 1185 1186 1187 |
sqlite3_int64 id; /* New subscriber Id */
const char *zCode; /* New subscriber code (in hex) */
int nsub = 0;
const char *suname = PT("suname");
if( suname==0 && needCaptcha==0 && !g.perm.Admin ) suname = g.zLogin;
if( suname && suname[0]==0 ) suname = 0;
if( PB("sa") ) ssub[nsub++] = 'a';
if( g.perm.Read && PB("sc") ) ssub[nsub++] = 'c';
if( g.perm.RdForum && PB("sf") ) ssub[nsub++] = 'f';
if( g.perm.RdTkt && PB("st") ) ssub[nsub++] = 't';
if( g.perm.RdWiki && PB("sw") ) ssub[nsub++] = 'w';
ssub[nsub] = 0;
db_multi_exec(
"INSERT INTO subscriber(semail,suname,"
" sverified,sdonotcall,sdigest,ssub,sctime,mtime,smip)"
"VALUES(%Q,%Q,%d,0,%d,%Q,now(),now(),%Q)",
/* semail */ zEAddr,
/* suname */ suname,
|
| ︙ | ︙ | |||
1230 1231 1232 1233 1234 1235 1236 |
}
style_header("Signup For Email Alerts");
if( P("submit")==0 ){
/* If this is the first visit to this page (if this HTTP request did not
** come from a prior Submit of the form) then default all of the
** subscription options to "on" */
cgi_set_parameter_nocopy("sa","1",1);
| | > | | | 1231 1232 1233 1234 1235 1236 1237 1238 1239 1240 1241 1242 1243 1244 1245 1246 1247 1248 |
}
style_header("Signup For Email Alerts");
if( P("submit")==0 ){
/* If this is the first visit to this page (if this HTTP request did not
** come from a prior Submit of the form) then default all of the
** subscription options to "on" */
cgi_set_parameter_nocopy("sa","1",1);
if( g.perm.Read ) cgi_set_parameter_nocopy("sc","1",1);
if( g.perm.RdForum ) cgi_set_parameter_nocopy("sf","1",1);
if( g.perm.RdTkt ) cgi_set_parameter_nocopy("st","1",1);
if( g.perm.RdWiki ) cgi_set_parameter_nocopy("sw","1",1);
}
@ <p>To receive email notifications for changes to this
@ repository, fill out the form below and press "Submit" button.</p>
form_begin(0, "%R/subscribe");
@ <table class="subscribe">
@ <tr>
@ <td class="form_label">Email Address:</td>
|
| ︙ | ︙ | |||
1272 1273 1274 1275 1276 1277 1278 |
}
@ </tr>
}
@ <tr>
@ <td class="form_label">Options:</td>
@ <td><label><input type="checkbox" name="sa" %s(PCK("sa"))> \
@ Announcements</label><br>
| > | | > > > > > > | | > > | | > | 1274 1275 1276 1277 1278 1279 1280 1281 1282 1283 1284 1285 1286 1287 1288 1289 1290 1291 1292 1293 1294 1295 1296 1297 1298 1299 1300 1301 1302 1303 |
}
@ </tr>
}
@ <tr>
@ <td class="form_label">Options:</td>
@ <td><label><input type="checkbox" name="sa" %s(PCK("sa"))> \
@ Announcements</label><br>
if( g.perm.Read ){
@ <label><input type="checkbox" name="sc" %s(PCK("sc"))> \
@ Check-ins</label><br>
}
if( g.perm.RdForum ){
@ <label><input type="checkbox" name="sf" %s(PCK("sf"))> \
@ Forum Posts</label><br>
}
if( g.perm.RdTkt ){
@ <label><input type="checkbox" name="st" %s(PCK("st"))> \
@ Ticket changes</label><br>
}
if( g.perm.RdWiki ){
@ <label><input type="checkbox" name="sw" %s(PCK("sw"))> \
@ Wiki</label><br>
}
@ <label><input type="checkbox" name="di" %s(PCK("di"))> \
@ Daily digest only</label><br>
if( g.perm.Admin ){
@ <label><input type="checkbox" name="vi" %s(PCK("vi"))> \
@ Verified</label><br>
@ <label><input type="checkbox" name="dnc" %s(PCK("dnc"))> \
@ Do not call</label><br>
|
| ︙ | ︙ | |||
1352 1353 1354 1355 1356 1357 1358 |
** "anonymous". In that case the notification settings
** associated with that account can be edited without needing
** to know the subscriber code.
*/
void alerts_page(void){
const char *zName = P("name");
Stmt q;
| | | 1364 1365 1366 1367 1368 1369 1370 1371 1372 1373 1374 1375 1376 1377 1378 |
** "anonymous". In that case the notification settings
** associated with that account can be edited without needing
** to know the subscriber code.
*/
void alerts_page(void){
const char *zName = P("name");
Stmt q;
int sa, sc, sf, st, sw;
int sdigest, sdonotcall, sverified;
const char *ssub;
const char *semail;
const char *smip;
const char *suname;
const char *mtime;
const char *sctime;
|
| ︙ | ︙ | |||
1379 1380 1381 1382 1383 1384 1385 |
}
email_submenu_common();
if( P("submit")!=0 && cgi_csrf_safe(1) ){
int sdonotcall = PB("sdonotcall");
int sdigest = PB("sdigest");
char ssub[10];
int nsub = 0;
| | | | > | | 1391 1392 1393 1394 1395 1396 1397 1398 1399 1400 1401 1402 1403 1404 1405 1406 1407 1408 1409 |
}
email_submenu_common();
if( P("submit")!=0 && cgi_csrf_safe(1) ){
int sdonotcall = PB("sdonotcall");
int sdigest = PB("sdigest");
char ssub[10];
int nsub = 0;
if( PB("sa") ) ssub[nsub++] = 'a';
if( g.perm.Read && PB("sc") ) ssub[nsub++] = 'c';
if( g.perm.RdForum && PB("sf") ) ssub[nsub++] = 'f';
if( g.perm.RdTkt && PB("st") ) ssub[nsub++] = 't';
if( g.perm.RdWiki && PB("sw") ) ssub[nsub++] = 'w';
ssub[nsub] = 0;
if( g.perm.Admin ){
const char *suname = PT("suname");
int sverified = PB("sverified");
if( suname && suname[0]==0 ) suname = 0;
db_multi_exec(
"UPDATE subscriber SET"
|
| ︙ | ︙ | |||
1458 1459 1460 1461 1462 1463 1464 1465 1466 1467 1468 1469 1470 1471 |
semail = db_column_text(&q, 0);
sverified = db_column_int(&q, 1);
sdonotcall = db_column_int(&q, 2);
sdigest = db_column_int(&q, 3);
ssub = db_column_text(&q, 4);
sa = strchr(ssub,'a')!=0;
sc = strchr(ssub,'c')!=0;
st = strchr(ssub,'t')!=0;
sw = strchr(ssub,'w')!=0;
smip = db_column_text(&q, 5);
suname = db_column_text(&q, 6);
mtime = db_column_text(&q, 7);
sctime = db_column_text(&q, 8);
if( !g.perm.Admin && !sverified ){
| > | 1471 1472 1473 1474 1475 1476 1477 1478 1479 1480 1481 1482 1483 1484 1485 |
semail = db_column_text(&q, 0);
sverified = db_column_int(&q, 1);
sdonotcall = db_column_int(&q, 2);
sdigest = db_column_int(&q, 3);
ssub = db_column_text(&q, 4);
sa = strchr(ssub,'a')!=0;
sc = strchr(ssub,'c')!=0;
sf = strchr(ssub,'f')!=0;
st = strchr(ssub,'t')!=0;
sw = strchr(ssub,'w')!=0;
smip = db_column_text(&q, 5);
suname = db_column_text(&q, 6);
mtime = db_column_text(&q, 7);
sctime = db_column_text(&q, 8);
if( !g.perm.Admin && !sverified ){
|
| ︙ | ︙ | |||
1506 1507 1508 1509 1510 1511 1512 |
@ size="30"></td>
@ </tr>
}
@ <tr>
@ <td class="form_label">Options:</td>
@ <td><label><input type="checkbox" name="sa" %s(sa?"checked":"")>\
@ Announcements</label><br>
| > | | > > > > > > | | > > | | > | 1520 1521 1522 1523 1524 1525 1526 1527 1528 1529 1530 1531 1532 1533 1534 1535 1536 1537 1538 1539 1540 1541 1542 1543 1544 1545 1546 1547 1548 1549 |
@ size="30"></td>
@ </tr>
}
@ <tr>
@ <td class="form_label">Options:</td>
@ <td><label><input type="checkbox" name="sa" %s(sa?"checked":"")>\
@ Announcements</label><br>
if( g.perm.Read ){
@ <label><input type="checkbox" name="sc" %s(sc?"checked":"")>\
@ Check-ins</label><br>
}
if( g.perm.RdForum ){
@ <label><input type="checkbox" name="sf" %s(sf?"checked":"")>\
@ Forum Posts</label><br>
}
if( g.perm.RdTkt ){
@ <label><input type="checkbox" name="st" %s(st?"checked":"")>\
@ Ticket changes</label><br>
}
if( g.perm.RdWiki ){
@ <label><input type="checkbox" name="sw" %s(sw?"checked":"")>\
@ Wiki</label><br>
}
@ <label><input type="checkbox" name="sdigest" %s(sdigest?"checked":"")>\
@ Daily digest only</label><br>
if( g.perm.Admin ){
@ <label><input type="checkbox" name="sdonotcall" \
@ %s(sdonotcall?"checked":"")> Do not call</label><br>
@ <label><input type="checkbox" name="sverified" \
@ %s(sverified?"checked":"")>\
|
| ︙ | ︙ |
Changes to src/main.c.
| ︙ | ︙ | |||
1424 1425 1426 1427 1428 1429 1430 |
/*
** Called if a server gets a SIGPIPE. This often happens when a client
** webbrowser opens a connection but never sends the HTTP request
*/
void sigpipe_handler(int x){
#ifndef _WIN32
if( g.fAnyTrace ){
| | | 1424 1425 1426 1427 1428 1429 1430 1431 1432 1433 1434 1435 1436 1437 1438 |
/*
** Called if a server gets a SIGPIPE. This often happens when a client
** webbrowser opens a connection but never sends the HTTP request
*/
void sigpipe_handler(int x){
#ifndef _WIN32
if( g.fAnyTrace ){
fprintf(stderr,"/**** sigpipe received by subprocess %d ****\n", getpid());
}
#endif
fossil_exit(1);
}
/*
** Preconditions:
|
| ︙ | ︙ | |||
2548 2549 2550 2551 2552 2553 2554 |
#if defined(_WIN32)
const char *zStopperFile; /* Name of file used to terminate server */
zStopperFile = find_option("stopper", 0, 1);
#endif
if( g.zErrlog==0 ){
g.zErrlog = "-";
| < | 2548 2549 2550 2551 2552 2553 2554 2555 2556 2557 2558 2559 2560 2561 |
#if defined(_WIN32)
const char *zStopperFile; /* Name of file used to terminate server */
zStopperFile = find_option("stopper", 0, 1);
#endif
if( g.zErrlog==0 ){
g.zErrlog = "-";
}
zFileGlob = find_option("files-urlenc",0,1);
if( zFileGlob ){
char *z = mprintf("%s", zFileGlob);
dehttpize(z);
zFileGlob = z;
}else{
|
| ︙ | ︙ |