Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | Extend the user capability system to allow the use of upper-case ASCII letters for new capabilities. |
|---|---|
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA3-256: |
e45cfde7aa17ab642a962f6fcd2cda48 |
| User & Date: | drh 2018-06-25 14:26:49.861 |
Context
|
2018-06-25
| ||
| 14:45 | Enhancements to administrator access to the subscriber list. check-in: b7b877ef49 user: drh tags: trunk | |
| 14:26 | Extend the user capability system to allow the use of upper-case ASCII letters for new capabilities. check-in: e45cfde7aa user: drh tags: trunk | |
| 13:47 | Add information about the server error log to the security audit page. Provide the new /errorlog page for viewing the server logfile online. check-in: a9e74eb311 user: drh tags: trunk | |
Changes
Changes to src/setup.c.
| ︙ | ︙ | |||
486 487 488 489 490 491 492 |
/* If we have all the necessary information, write the new or
** modified user record. After writing the user record, redirect
** to the page that displays a list of users.
*/
doWrite = cgi_all("login","info","pw") && !higherUser && cgi_csrf_safe(1);
if( doWrite ){
char c;
| | | > > > > > | 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 |
/* If we have all the necessary information, write the new or
** modified user record. After writing the user record, redirect
** to the page that displays a list of users.
*/
doWrite = cgi_all("login","info","pw") && !higherUser && cgi_csrf_safe(1);
if( doWrite ){
char c;
char zCap[70], zNm[4];
zNm[0] = 'a';
zNm[2] = 0;
for(i=0, c='a'; c<='z'; c++){
zNm[1] = c;
a[c&0x7f] = (c!='s' || g.perm.Setup) && P(zNm)!=0;
if( a[c&0x7f] ) zCap[i++] = c;
}
for(c='0'; c<='9'; c++){
zNm[1] = c;
a[c&0x7f] = P(zNm)!=0;
if( a[c&0x7f] ) zCap[i++] = c;
}
for(c='A'; c<='Z'; c++){
zNm[1] = c;
a[c&0x7f] = P(zNm)!=0;
if( a[c&0x7f] ) zCap[i++] = c;
}
zCap[i] = 0;
zPw = P("pw");
zLogin = P("login");
if( strlen(zLogin)==0 ){
|
| ︙ | ︙ | |||
591 592 593 594 595 596 597 598 599 600 601 602 603 604 |
*/
zLogin = "";
zInfo = "";
zCap = "";
zPw = "";
for(i='a'; i<='z'; i++) oa[i] = "";
for(i='0'; i<='9'; i++) oa[i] = "";
if( uid ){
zLogin = db_text("", "SELECT login FROM user WHERE uid=%d", uid);
zInfo = db_text("", "SELECT info FROM user WHERE uid=%d", uid);
zCap = db_text("", "SELECT cap FROM user WHERE uid=%d", uid);
zPw = db_text("", "SELECT pw FROM user WHERE uid=%d", uid);
for(i=0; zCap[i]; i++){
char c = zCap[i];
| > | | 596 597 598 599 600 601 602 603 604 605 606 607 608 609 610 611 612 613 614 615 616 617 618 |
*/
zLogin = "";
zInfo = "";
zCap = "";
zPw = "";
for(i='a'; i<='z'; i++) oa[i] = "";
for(i='0'; i<='9'; i++) oa[i] = "";
for(i='A'; i<='Z'; i++) oa[i] = "";
if( uid ){
zLogin = db_text("", "SELECT login FROM user WHERE uid=%d", uid);
zInfo = db_text("", "SELECT info FROM user WHERE uid=%d", uid);
zCap = db_text("", "SELECT cap FROM user WHERE uid=%d", uid);
zPw = db_text("", "SELECT pw FROM user WHERE uid=%d", uid);
for(i=0; zCap[i]; i++){
char c = zCap[i];
if( (c>='a' && c<='z') || (c>='0' && c<='9') || (c>='A' && c<='Z') ){
oa[c&0x7f] = " checked=\"checked\"";
}
}
}
/* figure out inherited permissions */
memset((char *)inherit, 0, sizeof(inherit));
|
| ︙ | ︙ |