278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
|
}
#endif
#if FOSSIL_ENABLE_TCL
@ <li><p>
if( db_get_boolean("tcl",0) ){
#ifdef FOSSIL_ENABLE_TH1_DOCS
if( !Th_AreDocsEnabled() ){
@ <b>DANGER:</b>
}else{
@ <b>WARNING:</b>
}
#else
@ <b>WARNING:</b>
#endif
@ This server is compiled with -DFOSSIL_ENABLE_TCL and Tcl integration
@ is enabled for this repository. Anyone who can execute malicious
@ TH1 script on that server can also execute arbitrary Tcl script
@ under the identity of the operating system process of that server.
@ This is a serious security concern.
@
@ <p>Disable Tcl integration by recompiling Fossil without the
@ -DFOSSIL_ENABLE_TCL flag, and/or clear the 'tcl' setting.</p>
}else{
@ This server is compiled with -DFOSSIL_ENABLE_TCL. Tcl integration
@ is disabled for this particular repository, so you are safe for
@ now. However, to prevent potential problems caused by accidentally
|
|
|
|
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
|
}
#endif
#if FOSSIL_ENABLE_TCL
@ <li><p>
if( db_get_boolean("tcl",0) ){
#ifdef FOSSIL_ENABLE_TH1_DOCS
if( Th_AreDocsEnabled() ){
@ <b>DANGER:</b>
}else{
@ <b>WARNING:</b>
}
#else
@ <b>WARNING:</b>
#endif
@ This server is compiled with -DFOSSIL_ENABLE_TCL and Tcl integration
@ is enabled for this repository. Anyone who can execute malicious
@ TH1 script on that server can also execute arbitrary Tcl script
@ under the identity of the operating system process of that server.
@ This is a serious security concern.</p>
@
@ <p>Disable Tcl integration by recompiling Fossil without the
@ -DFOSSIL_ENABLE_TCL flag, and/or clear the 'tcl' setting.</p>
}else{
@ This server is compiled with -DFOSSIL_ENABLE_TCL. Tcl integration
@ is disabled for this particular repository, so you are safe for
@ now. However, to prevent potential problems caused by accidentally
|