| ︙ | | | ︙ | |
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
|
const char *zQ = P(zQParm);
int iVal = db_get_boolean(zVar, dfltVal);
if( zQ==0 && !disabled && P("submit") ){
zQ = "off";
}
if( zQ ){
int iQ = fossil_strcmp(zQ,"on")==0 || atoi(zQ);
if( iQ!=iVal ){
login_verify_csrf_secret();
db_protect_only(PROTECT_NONE);
db_set(zVar/*works-like:"x"*/, iQ ? "1" : "0", 0);
db_protect_pop();
setup_incr_cfgcnt();
admin_log("Set option [%q] to [%q].",
zVar, iQ ? "on" : "off");
iVal = iQ;
|
|
<
|
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
|
const char *zQ = P(zQParm);
int iVal = db_get_boolean(zVar, dfltVal);
if( zQ==0 && !disabled && P("submit") ){
zQ = "off";
}
if( zQ ){
int iQ = fossil_strcmp(zQ,"on")==0 || atoi(zQ);
if( iQ!=iVal && cgi_csrf_safe(2) ){
db_protect_only(PROTECT_NONE);
db_set(zVar/*works-like:"x"*/, iQ ? "1" : "0", 0);
db_protect_pop();
setup_incr_cfgcnt();
admin_log("Set option [%q] to [%q].",
zVar, iQ ? "on" : "off");
iVal = iQ;
|
| ︙ | | | ︙ | |
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
|
const char *zVar, /* The corresponding row in the CONFIG table */
const char *zQParm, /* The query parameter */
const char *zDflt, /* Default value if CONFIG table entry does not exist */
int disabled /* 1 if disabled */
){
const char *zVal = db_get(zVar, zDflt);
const char *zQ = P(zQParm);
if( zQ && fossil_strcmp(zQ,zVal)!=0 ){
const int nZQ = (int)strlen(zQ);
login_verify_csrf_secret();
|
|
<
|
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
|
const char *zVar, /* The corresponding row in the CONFIG table */
const char *zQParm, /* The query parameter */
const char *zDflt, /* Default value if CONFIG table entry does not exist */
int disabled /* 1 if disabled */
){
const char *zVal = db_get(zVar, zDflt);
const char *zQ = P(zQParm);
if( zQ && fossil_strcmp(zQ,zVal)!=0 && cgi_csrf_safe(2) ){
const int nZQ = (int)strlen(zQ);
setup_incr_cfgcnt();
db_protect_only(PROTECT_NONE);
db_set(zVar/*works-like:"x"*/, zQ, 0);
db_protect_pop();
admin_log("Set entry_attribute %Q to: %.*s%s",
zVar, 20, zQ, (nZQ>20 ? "..." : ""));
zVal = zQ;
|
| ︙ | | | ︙ | |
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
|
const char *zVar, /* The corresponding row in the CONFIG table */
const char *zQP, /* The query parameter */
const char *zDflt, /* Default value if CONFIG table entry does not exist */
int disabled /* 1 if the textarea should not be editable */
){
const char *z = db_get(zVar, zDflt);
const char *zQ = P(zQP);
if( zQ && !disabled && fossil_strcmp(zQ,z)!=0){
const int nZQ = (int)strlen(zQ);
login_verify_csrf_secret();
|
|
<
|
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
|
const char *zVar, /* The corresponding row in the CONFIG table */
const char *zQP, /* The query parameter */
const char *zDflt, /* Default value if CONFIG table entry does not exist */
int disabled /* 1 if the textarea should not be editable */
){
const char *z = db_get(zVar, zDflt);
const char *zQ = P(zQP);
if( zQ && !disabled && fossil_strcmp(zQ,z)!=0 && cgi_csrf_safe(2) ){
const int nZQ = (int)strlen(zQ);
db_protect_only(PROTECT_NONE);
db_set(zVar/*works-like:"x"*/, zQ, 0);
db_protect_pop();
setup_incr_cfgcnt();
admin_log("Set textarea_attribute %Q to: %.*s%s",
zVar, 20, zQ, (nZQ>20 ? "..." : ""));
z = zQ;
|
| ︙ | | | ︙ | |
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
|
const char *zDflt, /* Default value if CONFIG table entry does not exist */
int nChoice, /* Number of choices */
const char *const *azChoice /* Choices in pairs (VAR value, Display) */
){
const char *z = db_get(zVar, zDflt);
const char *zQ = P(zQP);
int i;
if( zQ && fossil_strcmp(zQ,z)!=0){
const int nZQ = (int)strlen(zQ);
login_verify_csrf_secret();
|
|
<
|
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
|
const char *zDflt, /* Default value if CONFIG table entry does not exist */
int nChoice, /* Number of choices */
const char *const *azChoice /* Choices in pairs (VAR value, Display) */
){
const char *z = db_get(zVar, zDflt);
const char *zQ = P(zQP);
int i;
if( zQ && fossil_strcmp(zQ,z)!=0 && cgi_csrf_safe(2) ){
const int nZQ = (int)strlen(zQ);
db_unprotect(PROTECT_ALL);
db_set(zVar/*works-like:"x"*/, zQ, 0);
setup_incr_cfgcnt();
db_protect_pop();
admin_log("Set multiple_choice_attribute %Q to: %.*s%s",
zVar, 20, zQ, (nZQ>20 ? "..." : ""));
z = zQ;
|
| ︙ | | | ︙ | |
1820
1821
1822
1823
1824
1825
1826
1827
1828
1829
1830
1831
1832
1833
1834
1835
1836
1837
1838
1839
1840
1841
1842
|
"SELECT sql FROM repository.sqlite_schema"
" WHERE sql IS NOT NULL ORDER BY name");
go = 1;
}else if( P("tablelist") ){
zQ = sqlite3_mprintf("SELECT*FROM pragma_table_list ORDER BY schema, name");
go = 1;
}
if( go ){
sqlite3_stmt *pStmt;
int rc;
const char *zTail;
int nCol;
int nRow = 0;
int i;
@ <hr>
login_verify_csrf_secret();
|
|
<
|
1816
1817
1818
1819
1820
1821
1822
1823
1824
1825
1826
1827
1828
1829
1830
1831
1832
1833
1834
1835
1836
1837
|
"SELECT sql FROM repository.sqlite_schema"
" WHERE sql IS NOT NULL ORDER BY name");
go = 1;
}else if( P("tablelist") ){
zQ = sqlite3_mprintf("SELECT*FROM pragma_table_list ORDER BY schema, name");
go = 1;
}
if( go && cgi_csrf_safe(2) ){
sqlite3_stmt *pStmt;
int rc;
const char *zTail;
int nCol;
int nRow = 0;
int i;
@ <hr>
sqlite3_set_authorizer(g.db, raw_sql_query_authorizer, 0);
search_sql_setup(g.db);
rc = sqlite3_prepare_v2(g.db, zQ, -1, &pStmt, &zTail);
if( rc!=SQLITE_OK ){
@ <div class="generalError">%h(sqlite3_errmsg(g.db))</div>
sqlite3_finalize(pStmt);
}else if( pStmt==0 ){
|
| ︙ | | | ︙ | |
1911
1912
1913
1914
1915
1916
1917
1918
1919
1920
1921
1922
1923
1924
1925
1926
1927
1928
1929
1930
1931
1932
1933
1934
1935
1936
|
}
style_set_current_feature("setup");
style_header("Raw TH1 Commands");
@ <p><b>Caution:</b> There are no restrictions on the TH1 that can be
@ run by this page. If Tcl integration was enabled at compile-time and
@ the "tcl" setting is enabled, Tcl commands may be run as well.</p>
@
@ <form method="post" action="%R/admin_th1">
login_insert_csrf_secret();
@ TH1:<br>
@ <textarea name="q" rows="5" cols="80">%h(zQ)</textarea><br>
@ <input type="submit" name="go" value="Run TH1">
@ </form>
if( go ){
const char *zR;
int rc;
int n;
@ <hr>
login_verify_csrf_secret();
|
|
<
|
<
|
1906
1907
1908
1909
1910
1911
1912
1913
1914
1915
1916
1917
1918
1919
1920
1921
1922
1923
1924
1925
1926
1927
1928
1929
|
}
style_set_current_feature("setup");
style_header("Raw TH1 Commands");
@ <p><b>Caution:</b> There are no restrictions on the TH1 that can be
@ run by this page. If Tcl integration was enabled at compile-time and
@ the "tcl" setting is enabled, Tcl commands may be run as well.</p>
@
form_begin(0, "%R/admin_th1");
@ TH1:<br>
@ <textarea name="q" rows="5" cols="80">%h(zQ)</textarea><br>
@ <input type="submit" name="go" value="Run TH1">
@ </form>
if( go && cgi_csrf_safe(2) ){
const char *zR;
int rc;
int n;
@ <hr>
rc = Th_Eval(g.interp, 0, zQ, -1);
zR = Th_GetResult(g.interp, &n);
if( rc==TH_OK ){
@ <pre class="th1result">%h(zR)</pre>
}else{
@ <pre class="th1error">%h(zR)</pre>
}
|
| ︙ | | | ︙ | |
2171
2172
2173
2174
2175
2176
2177
2178
2179
2180
2181
2182
2183
2184
2185
2186
2187
2188
2189
2190
2191
|
login_check_credentials();
if( !g.perm.Admin ){
login_needed(0);
return;
}
style_set_current_feature("setup");
style_header("URL Alias Configuration");
if( P("submit")!=0 ){
Blob token;
Blob sql;
const char *zNewName;
const char *zValue;
char zCnt[10];
login_verify_csrf_secret();
|
|
<
|
2164
2165
2166
2167
2168
2169
2170
2171
2172
2173
2174
2175
2176
2177
2178
2179
2180
2181
2182
2183
|
login_check_credentials();
if( !g.perm.Admin ){
login_needed(0);
return;
}
style_set_current_feature("setup");
style_header("URL Alias Configuration");
if( P("submit")!=0 && cgi_csrf_safe(2) ){
Blob token;
Blob sql;
const char *zNewName;
const char *zValue;
char zCnt[10];
blob_init(&namelist, PD("namelist",""), -1);
blob_init(&sql, 0, 0);
while( blob_token(&namelist, &token) ){
const char *zOldName = blob_str(&token);
sqlite3_snprintf(sizeof(zCnt), zCnt, "n%d", cnt);
zNewName = PD(zCnt, "");
sqlite3_snprintf(sizeof(zCnt), zCnt, "v%d", cnt);
|
| ︙ | | | ︙ | |