Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | Require history permission in order to clone. |
|---|---|
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA1: |
13b7ac16e4e5aee70bbcb3958c9047f8 |
| User & Date: | drh 2007-08-09 10:43:39.000 |
Context
|
2007-08-09
| ||
| 10:48 | Add the -m/--comment and the --nosign options to the commit command. check-in: 9a9cd81738 user: drh tags: trunk | |
| 10:43 | Require history permission in order to clone. check-in: 13b7ac16e4 user: drh tags: trunk | |
| 03:47 | Add a quick hack that disables delta compression on xfer. This gives people a chance to synchronize the previous fix. We will eventually remove the hack. check-in: 4c072728b4 user: drh tags: trunk | |
Changes
Changes to src/clone.c.
| ︙ | ︙ | |||
51 52 53 54 55 56 57 |
db_set("aux-schema", AUX_SCHEMA);
if( !g.urlIsFile ){
db_set("last-sync-url", g.argv[2]);
}
db_multi_exec(
"INSERT INTO config(name,value) VALUES('server-code', hex(randomblob(20)));"
);
| | | 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 |
db_set("aux-schema", AUX_SCHEMA);
if( !g.urlIsFile ){
db_set("last-sync-url", g.argv[2]);
}
db_multi_exec(
"INSERT INTO config(name,value) VALUES('server-code', hex(randomblob(20)));"
);
if( g.urlIsFile ){
Stmt q;
db_multi_exec("ATTACH DATABASE %Q AS orig", g.urlName);
db_begin_transaction();
db_prepare(&q,
"SELECT name FROM orig.sqlite_master"
" WHERE type='table'"
);
|
| ︙ | ︙ |
Changes to src/setup.c.
| ︙ | ︙ | |||
368 369 370 371 372 373 374 375 376 377 378 379 380 381 | @ <li><p> @ An <b>Admin</b> user can add other users, create new ticket report @ formats, and change system defaults. But only the <b>Setup</b> user @ is able to change the repository to @ which this program is linked. @ </p></li> @ @ <li><p> @ No login is required for user "<b>nobody</b>". The capabilities @ of this user are available to anyone without supplying a username or @ password. To disable nobody access, make sure there is no user @ with an ID of <b>nobody</b> or that the nobody user has no @ capabilities enabled. The password for nobody is ignore. To @ avoid problems with spiders overloading the server, it is suggested | > > > > > > | 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 | @ <li><p> @ An <b>Admin</b> user can add other users, create new ticket report @ formats, and change system defaults. But only the <b>Setup</b> user @ is able to change the repository to @ which this program is linked. @ </p></li> @ @ <li><p> @ The <b>History</b> privilege allows a user to see a timeline @ with hyperlinks to version information, to download ZIP archives @ of individual versions, and to clone the repository. @ </p></li> @ @ <li><p> @ No login is required for user "<b>nobody</b>". The capabilities @ of this user are available to anyone without supplying a username or @ password. To disable nobody access, make sure there is no user @ with an ID of <b>nobody</b> or that the nobody user has no @ capabilities enabled. The password for nobody is ignore. To @ avoid problems with spiders overloading the server, it is suggested |
| ︙ | ︙ |
Changes to src/xfer.c.
| ︙ | ︙ | |||
455 456 457 458 459 460 461 |
/* clone
**
** The client knows nothing. Tell all.
*/
if( blob_eq(&aToken[0], "clone") ){
login_check_credentials();
| | | | 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 |
/* clone
**
** The client knows nothing. Tell all.
*/
if( blob_eq(&aToken[0], "clone") ){
login_check_credentials();
if( !g.okRead || !g.okHistory ){
cgi_reset_content();
@ error not\sauthorized\sto\sclone
nErr++;
break;
}
isPull = 1;
@ push %s(db_get("server-code", "x")) %s(db_get("project-code", "x"))
db_multi_exec(
"INSERT OR IGNORE INTO pending(rid) "
|
| ︙ | ︙ |