Fossil: Check-in [57d1d2811b]

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview

Comment:	Don't allow "tktnew" and "tktedit" pages or the "Common" hook to use the "http" command any more. Don't let "fossil rebuild" run any hooks.
Downloads:	Tarball \| ZIP archive
Timelines:	family \| ancestors \| descendants \| both \| tkt-change-hook
Files:	files \| file ages \| folders
SHA1:	57d1d2811badf46c124e012ba8d0758b8878ead3
User & Date:	jan.nijtmans 2013-07-11 10:46:34.165

Context

2013-07-11
11:03		Code cleanup. Revert manifest_crosslink() to its original signature. ... (check-in: b63458304d user: jan.nijtmans tags: tkt-change-hook)
10:46		Don't allow "tktnew" and "tktedit" pages or the "Common" hook to use the "http" command any more. Don't let "fossil rebuild" run any hooks. ... (check-in: 57d1d2811b user: jan.nijtmans tags: tkt-change-hook)
2013-07-10
14:05		Final bug-fixes (I hope) ... (check-in: a27df49629 user: jan.nijtmans tags: tkt-change-hook)

Changes

Changes to src/branch.c.

Changes to src/info.c.

Changes to src/json_branch.c.

Changes to src/manifest.c.

Changes to src/tag.c.

Changes to src/th_main.c.

Changes to src/tkt.c.

Changes to src/wiki.c.

Changes to src/xfer.c.

︙			︙
1634 1635 1636 1637 1638 1639 1640 1641 ~~1642~~ 1643 1644 1645 1646 1647 ~~1648~~ 1649 1650 1651 1652 1653 1654 1655	This routine always resets the pContent blob before returning. Historical note: This routine original processed manifests only. Processing for other control artifacts was added later. The name of the routine, "manifest_crosslink", and the name of this source ** file, is a legacy of its original use. / ~~~~int~~ manifest_crosslink(int rid, Blob pContent){~~ int i; Manifest p; Stmt q; int parentid = 0; const char hook = 0; ~~char *zUuid = 0;~~ if( (p = manifest_cache_find(rid))!=0 ){ blob_reset(pContent); }else if( (p = manifest_parse(pContent, rid, 0))==0 ){ assert( blob_is_reset(pContent) \|\| pContent==0 ); return 0; }	> > > \| \|	1634 1635 1636 1637 1638 1639 1640 1641 1642 1643 1644 1645 1646 1647 1648 1649 1650 1651 1652 1653 1654 1655 1656 1657 1658	This routine always resets the pContent blob before returning. Historical note: This routine original processed manifests only. Processing for other control artifacts was added later. The name of the routine, "manifest_crosslink", and the name of this source file, is a legacy of its original use. Returns 0 on error. On success, the uuid is returned when available, (char )-1 otherwise. / const char manifest_crosslink(int rid, Blob pContent){ int i; Manifest p; Stmt q; int parentid = 0; const char hook = 0; const char zUuid = (const char )-1; if( (p = manifest_cache_find(rid))!=0 ){ blob_reset(pContent); }else if( (p = manifest_parse(pContent, rid, 0))==0 ){ assert( blob_is_reset(pContent) \|\| pContent==0 ); return 0; }
︙			︙
1996 1997 1998 1999 2000 2001 2002 ~~2003 2004 2005 2006 2007 2008 2009 2010 2011 2012~~ 2013 2014 2015 2016 2017 2018 ~~2019~~ 2020 2021 2022 2023 2024 2025 2026	"REPLACE INTO event(type,mtime,objid,user,comment)" "VALUES('g',%.17g,%d,%Q,%Q)", p->rDate, rid, p->zUser, blob_str(&comment) ); blob_reset(&comment); } db_end_transaction(0); ~~if( hook ){~~ ~~const char zScript = db_get(hook, 0);~~ ~~if( zScript && zScript ){~~ ~~Th_FossilInit(0, 1, 1); /* Make sure TH1 is ready. /~~ if( zUuid ){ ~~Th_SetVar(g.interp, "uuid", -1, zUuid, strlen(zUuid));~~ } ~~Th_Eval(g.interp, 0, zScript, -1);~~ } } if( p->type==CFTYPE_MANIFEST ){ manifest_cache_insert(p); }else{ manifest_destroy(p); } assert( blob_is_reset(pContent) ); ~~return 1;~~ } / COMMAND: test-crosslink Usage: %fossil test-crosslink RECORDID	< < < < \| < < < < < \|	1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020	"REPLACE INTO event(type,mtime,objid,user,comment)" "VALUES('g',%.17g,%d,%Q,%Q)", p->rDate, rid, p->zUser, blob_str(&comment) ); blob_reset(&comment); } db_end_transaction(0); run_script(hook, zUuid); if( p->type==CFTYPE_MANIFEST ){ manifest_cache_insert(p); }else{ manifest_destroy(p); } assert( blob_is_reset(pContent) ); return zUuid; } /* COMMAND: test-crosslink Usage: %fossil test-crosslink RECORDID
︙			︙

︙			︙
224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326	} zOut = htmlize((char)argv[1], argl[1]); Th_SetResult(interp, zOut, -1); free(zOut); return TH_OK; } / TH command: http -async URL ?PAYLOAD? Do a HTTP request to specified URL. If PAYLOAD is present it will be POST'ed as text/plain, otherwise it's a GET / ~~static int httpCmd(~~ ~~Th_Interp interp,~~ ~~void p,~~ ~~int argc,~~ ~~const char argv,~~ ~~int argl~~ ){ ~~int i;~~ ~~const char zSep, type, regexp, params;~~ ~~Blob hdr, payload;~~ ~~ReCompiled pRe = 0;~~ ~~if( (argc>1) && strcmp(argv[1],"-async") ){~~ ~~Th_ErrorMessage(interp, "synchronous http requests not yet implemented", 0, 0);~~ ~~return TH_ERROR;~~ } ~~++argv;~~ ~~--argc;~~ ~~blob_zero(&payload);~~ ~~if( argc!=2 ){~~ ~~if( argc != 3 ){~~ ~~return Th_WrongNumArgs(interp, "http -async url ?payload?");~~ } ~~blob_append(&payload, argv[2], -1);~~ ~~type = "POST";~~ ~~}else{~~ ~~type = "GET";~~ } ~~params = strrchr(argv[1], '?');~~ ~~url_parse(argv[1], 0);~~ ~~if( g.urlIsSsh \|\| g.urlIsFile ){~~ ~~Th_ErrorMessage(interp, "url must be http:// or https://", 0, 0);~~ ~~return TH_ERROR;~~ } ~~regexp = db_get("http-allow-regexp", 0);~~ ~~if( regexp && regexp[0] ){~~ ~~const char zErr = re_compile(&pRe, regexp, 0);~~ ~~if( zErr ){~~ ~~Th_SetResult(interp, zErr, -1);~~ ~~return TH_ERROR;~~ } } ~~if (!pRe \|\| !re_match(pRe, (const unsigned char )argv[1], -1) ){~~ ~~Th_SetResult(interp, "url not allowed", -1);~~ ~~return TH_ERROR;~~ } ~~re_free(pRe);~~ ~~if( transport_open() ){~~ ~~Th_ErrorMessage(interp, transport_errmsg(), 0, 0);~~ ~~return TH_ERROR;~~ } ~~blob_zero(&hdr);~~ ~~i = strlen(g.urlPath);~~ ~~if( (i>0) && (params!=argv[1]) ){~~ ~~zSep = "";~~ ~~}else{~~ ~~zSep = "/";~~ } ~~blob_appendf(&hdr, "%s %s%s%s HTTP/1.0\r\n", type, zSep, g.urlPath, params?params:"");~~ ~~if( g.urlProxyAuth ){~~ ~~blob_appendf(&hdr, "Proxy-Authorization: %s\r\n", g.urlProxyAuth);~~ } ~~if( g.urlPasswd && g.urlUser && g.urlPasswd[0]=='#' ){~~ ~~char zCredentials = mprintf("%s:%s", g.urlUser, &g.urlPasswd[1]);~~ ~~char zEncoded = encode64(zCredentials, -1);~~ ~~blob_appendf(&hdr, "Authorization: Basic %s\r\n", zEncoded);~~ ~~fossil_free(zEncoded);~~ ~~fossil_free(zCredentials);~~ } ~~blob_appendf(&hdr, "Host: %s\r\n", g.urlHostname);~~ ~~blob_appendf(&hdr, "User-Agent: Fossil/" RELEASE_VERSION~~ ~~" (" MANIFEST_DATE " " MANIFEST_VERSION ")\r\n");~~ ~~blob_appendf(&hdr, "Content-Type: text/plain\r\n");~~ ~~blob_appendf(&hdr, "Content-Length: %d\r\n\r\n", blob_size(&payload));~~ ~~transport_send(&hdr);~~ ~~transport_send(&payload);~~ ~~transport_close();~~ ~~g.urlProtocol=0; / Make sure the url is not re-used. /~~ ~~Th_SetResult(interp, "", -1);~~ ~~return TH_OK;~~ } / TH command: date Return a string which is the current time and date. If the -local option is used, the date appears using localtime instead ** of UTC. */	< < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < <	224 225 226 227 228 229 230 231 232 233 234 235 236 237	} zOut = htmlize((char)argv[1], argl[1]); Th_SetResult(interp, zOut, -1); free(zOut); return TH_OK; } / TH command: date Return a string which is the current time and date. If the -local option is used, the date appears using localtime instead ** of UTC. */
︙			︙
896 897 898 899 900 901 902 ~~903~~ 904 ~~905~~ 906 907 908 909 910 911 912	/* Make sure the interpreter has been initialized. Initialize it if it has not been already. The interpreter is stored in the g.interp global variable. / ~~void Th_FossilInit(int needConfig, int forceSetup~~, int allowHttp~~){~~ int wasInit = 0; ~~static int hasHttpCmd = 0;~~ static unsigned int aFlags[] = { 0, 1, WIKI_LINKSONLY }; static struct _Command { const char zName; Th_CommandProc xProc; void *pContext; } aCommand[] = { {"anycap", anycapCmd, 0},	\| <	807 808 809 810 811 812 813 814 815 816 817 818 819 820 821 822	/* Make sure the interpreter has been initialized. Initialize it if it has not been already. The interpreter is stored in the g.interp global variable. / void Th_FossilInit(int needConfig, int forceSetup){ int wasInit = 0; static unsigned int aFlags[] = { 0, 1, WIKI_LINKSONLY }; static struct _Command { const char zName; Th_CommandProc xProc; void *pContext; } aCommand[] = { {"anycap", anycapCmd, 0},
︙			︙
975 976 977 978 979 980 981 ~~982 983 984 985~~ 986 987 988 989 990 991 ~~992~~ 993 994 995 996 997 998 999 1000 1001 1002 1003 1004 1005 1006 ~~1007~~ 1008 1009 1010 1011 1012 1013 1014	} } if( g.thTrace ){ Th_Trace("th1-setup {%h} => %h<br />\n", g.th1Setup, Th_ReturnCodeName(rc, 0)); } } ~~~~if( allowHttp && !hasHttpCmd ){~~ ~~Th_CreateCommand(g.interp, "http", httpCmd, 0, 0);~~ ~~hasHttpCmd = 1;~~ }~~ } /* ** Store a string value in a variable in the interpreter. / void Th_Store(const char zName, const char zValue){ ~~Th_FossilInit(0, 0, 0);~~ if( zValue ){ if( g.thTrace ){ Th_Trace("set %h {%h}<br />\n", zName, zValue); } Th_SetVar(g.interp, zName, -1, zValue, strlen(zValue)); } } / ** Store an integer value in a variable in the interpreter. / void Th_StoreInt(const char zName, int iValue){ Blob value; char *zValue; ~~Th_FossilInit(0, 0, 0);~~ blob_zero(&value); blob_appendf(&value, "%d", iValue); zValue = blob_str(&value); if( g.thTrace ){ Th_Trace("set %h {%h}<br />\n", zName, zValue); } Th_SetVar(g.interp, zName, -1, zValue, strlen(zValue));	< < < < \| \|	885 886 887 888 889 890 891 892 893 894 895 896 897 898 899 900 901 902 903 904 905 906 907 908 909 910 911 912 913 914 915 916 917 918 919 920	} } if( g.thTrace ){ Th_Trace("th1-setup {%h} => %h<br />\n", g.th1Setup, Th_ReturnCodeName(rc, 0)); } } } /* ** Store a string value in a variable in the interpreter. / void Th_Store(const char zName, const char zValue){ Th_FossilInit(0, 0); if( zValue ){ if( g.thTrace ){ Th_Trace("set %h {%h}<br />\n", zName, zValue); } Th_SetVar(g.interp, zName, -1, zValue, strlen(zValue)); } } / ** Store an integer value in a variable in the interpreter. / void Th_StoreInt(const char zName, int iValue){ Blob value; char *zValue; Th_FossilInit(0, 0); blob_zero(&value); blob_appendf(&value, "%d", iValue); zValue = blob_str(&value); if( g.thTrace ){ Th_Trace("set %h {%h}<br />\n", zName, zValue); } Th_SetVar(g.interp, zName, -1, zValue, strlen(zValue));
︙			︙
1026 1027 1028 1029 1030 1031 1032 ~~1033~~ 1034 1035 1036 1037 1038 1039 1040	/* Retrieve a string value from the interpreter. If no such variable exists, return NULL. / char Th_Fetch(const char zName, int pSize){ int rc; ~~Th_FossilInit(0, 0, 0);~~ rc = Th_GetVar(g.interp, (char)zName, -1); if( rc==TH_OK ){ return (char)Th_GetResult(g.interp, pSize); }else{ return 0; } }	\|	932 933 934 935 936 937 938 939 940 941 942 943 944 945 946	/* Retrieve a string value from the interpreter. If no such variable exists, return NULL. / char Th_Fetch(const char zName, int pSize){ int rc; Th_FossilInit(0, 0); rc = Th_GetVar(g.interp, (char)zName, -1); if( rc==TH_OK ){ return (char)Th_GetResult(g.interp, pSize); }else{ return 0; } }
︙			︙
1106 1107 1108 1109 1110 1111 1112 ~~1113~~ 1114 1115 1116 1117 1118 1119 1120	** on either stdout or into CGI. / int Th_Render(const char z){ int i = 0; int n; int rc = TH_OK; char zResult; ~~Th_FossilInit(0, 0, 0);~~ while( z[i] ){ if( z[i]=='$' && (n = validVarName(&z[i+1]))>0 ){ const char zVar; int nVar; int encode = 1; sendText(z, i, 0); if( z[i+1]=='<' ){	\|	1012 1013 1014 1015 1016 1017 1018 1019 1020 1021 1022 1023 1024 1025 1026	** on either stdout or into CGI. / int Th_Render(const char z){ int i = 0; int n; int rc = TH_OK; char zResult; Th_FossilInit(0, 0); while( z[i] ){ if( z[i]=='$' && (n = validVarName(&z[i+1]))>0 ){ const char zVar; int nVar; int encode = 1; sendText(z, i, 0); if( z[i+1]=='<' ){
︙			︙
1186 1187 1188 1189 1190 1191 1192 ~~1193~~ 1194 1195 1196 1197 1198	if( find_option("th-open-config", 0, 0)!=0 ){ db_find_and_open_repository(OPEN_ANY_SCHEMA \| OPEN_OK_NOT_FOUND, 0); db_open_config(0); } if( g.argc!=3 ){ usage("script"); } ~~Th_FossilInit(0, 0, 0);~~ rc = Th_Eval(g.interp, 0, g.argv[2], -1); zRc = Th_ReturnCodeName(rc, 1); fossil_print("%s%s%s\n", zRc, zRc ? ": " : "", Th_GetResult(g.interp, 0)); Th_PrintTraceLog(); }	\|	1092 1093 1094 1095 1096 1097 1098 1099 1100 1101 1102 1103 1104	if( find_option("th-open-config", 0, 0)!=0 ){ db_find_and_open_repository(OPEN_ANY_SCHEMA \| OPEN_OK_NOT_FOUND, 0); db_open_config(0); } if( g.argc!=3 ){ usage("script"); } Th_FossilInit(0, 0); rc = Th_Eval(g.interp, 0, g.argv[2], -1); zRc = Th_ReturnCodeName(rc, 1); fossil_print("%s%s%s\n", zRc, zRc ? ": " : "", Th_GetResult(g.interp, 0)); Th_PrintTraceLog(); }

︙			︙
311 312 313 314 315 316 317 ~~318~~ 319 320 321 322 323 324 325	/* ** Create the TH1 interpreter and load the "common" code. / void ticket_init(void){ const char zConfig; ~~Th_FossilInit(0, 0, 0); /* Make sure TH1 is ready. /~~ zConfig = ticket_common_code(); Th_Eval(g.interp, 0, zConfig, -1); } / ** Recreate the TICKET and TICKETCHNG tables. */	\|	311 312 313 314 315 316 317 318 319 320 321 322 323 324 325	/* ** Create the TH1 interpreter and load the "common" code. / void ticket_init(void){ const char zConfig; Th_FossilInit(0, 0); /* Make sure TH1 is ready. / zConfig = ticket_common_code(); Th_Eval(g.interp, 0, zConfig, -1); } / ** Recreate the TICKET and TICKETCHNG tables. */
︙			︙
520 521 522 523 524 525 526 ~~527~~ 528 529 530 531 532 533 534	"INSERT INTO modreq(objid, tktid) VALUES(%d,'%s')", rid, zTktId ); }else{ db_multi_exec("INSERT OR IGNORE INTO unsent VALUES(%d);", rid); db_multi_exec("INSERT OR IGNORE INTO unclustered VALUES(%d);", rid); } ~~run_common_script();~~ manifest_crosslink_begin(); manifest_crosslink(rid, pTicket); assert( blob_is_reset(pTicket) ); manifest_crosslink_end(); } /*	<	520 521 522 523 524 525 526 527 528 529 530 531 532 533	"INSERT INTO modreq(objid, tktid) VALUES(%d,'%s')", rid, zTktId ); }else{ db_multi_exec("INSERT OR IGNORE INTO unsent VALUES(%d);", rid); db_multi_exec("INSERT OR IGNORE INTO unclustered VALUES(%d);", rid); } manifest_crosslink_begin(); manifest_crosslink(rid, pTicket); assert( blob_is_reset(pTicket) ); manifest_crosslink_end(); } /*
︙			︙
603 604 605 606 607 608 609 ~~610~~ 611 612 613 614 615 616 617 618 619 620 621 622 623 624 625 ~~626~~ 627 628 629 630 631 632 633	blob_appendf(&tktchng, "U %F\n", g.zLogin ? g.zLogin : ""); md5sum_blob(&tktchng, &cksum); blob_appendf(&tktchng, "Z %b\n", &cksum); if( nJ==0 ){ blob_reset(&tktchng); return TH_OK; } ~~i = run_common_script();~~ if( g.zPath[0]=='d' ){ /* If called from /debug_tktnew or /debug_tktedit... / @ <font color="blue"> @ <p>Ticket artifact that would have been submitted:</p> @ <blockquote><pre>%h(blob_str(&tktchng))</pre></blockquote> @ <hr /></font> return TH_OK; }else if( g.thTrace ){ Th_Trace("submit_ticket {\n<blockquote><pre>\n%h\n</pre></blockquote>\n" "}<br />\n", blob_str(&tktchng)); }else{ ticket_put(&tktchng, zUuid, (g.perm.ModTkt==0 && db_get_boolean("modreq-tkt",0)==1)); } ~~return i;~~ } / WEBPAGE: tktnew WEBPAGE: debug_tktnew **	< \|	602 603 604 605 606 607 608 609 610 611 612 613 614 615 616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631	blob_appendf(&tktchng, "U %F\n", g.zLogin ? g.zLogin : ""); md5sum_blob(&tktchng, &cksum); blob_appendf(&tktchng, "Z %b\n", &cksum); if( nJ==0 ){ blob_reset(&tktchng); return TH_OK; } if( g.zPath[0]=='d' ){ /* If called from /debug_tktnew or /debug_tktedit... / @ <font color="blue"> @ <p>Ticket artifact that would have been submitted:</p> @ <blockquote><pre>%h(blob_str(&tktchng))</pre></blockquote> @ <hr /></font> return TH_OK; }else if( g.thTrace ){ Th_Trace("submit_ticket {\n<blockquote><pre>\n%h\n</pre></blockquote>\n" "}<br />\n", blob_str(&tktchng)); }else{ ticket_put(&tktchng, zUuid, (g.perm.ModTkt==0 && db_get_boolean("modreq-tkt",0)==1)); } return TH_OK; } / WEBPAGE: tktnew WEBPAGE: debug_tktnew **
︙			︙
670 671 672 673 674 675 676 677 678 679 680 681 682 683	cgi_redirect(mprintf("%s/tktview/%s", g.zTop, zNewUuid)); return; } captcha_generate(); @ </form> if( g.thTrace ) Th_Trace("END_TKTVIEW<br />\n", -1); style_footer(); } /* WEBPAGE: tktedit WEBPAGE: debug_tktedit Edit a ticket. The ticket is identified by the name CGI parameter.	> >	668 669 670 671 672 673 674 675 676 677 678 679 680 681 682 683	cgi_redirect(mprintf("%s/tktview/%s", g.zTop, zNewUuid)); return; } captcha_generate(); @ </form> if( g.thTrace ) Th_Trace("END_TKTVIEW<br />\n", -1); style_footer(); run_common_script(); run_script("ticket-change", zNewUuid); } /* WEBPAGE: tktedit WEBPAGE: debug_tktedit Edit a ticket. The ticket is identified by the name CGI parameter.
︙			︙
738 739 740 741 742 743 744 745 746 747 748 749 750 751	cgi_redirect(mprintf("%s/tktview/%s", g.zTop, zName)); return; } captcha_generate(); @ </form> if( g.thTrace ) Th_Trace("BEGIN_TKTEDIT<br />\n", -1); style_footer(); } /* Check the ticket table schema in zSchema to see if it appears to be well-formed. If everything is OK, return NULL. If something is amiss, then return a pointer to a string (obtained from malloc) that describes the problem.	> >	738 739 740 741 742 743 744 745 746 747 748 749 750 751 752 753	cgi_redirect(mprintf("%s/tktview/%s", g.zTop, zName)); return; } captcha_generate(); @ </form> if( g.thTrace ) Th_Trace("BEGIN_TKTEDIT<br />\n", -1); style_footer(); run_common_script(); run_script("ticket-change", zName); } /* Check the ticket table schema in zSchema to see if it appears to be well-formed. If everything is OK, return NULL. If something is amiss, then return a pointer to a string (obtained from malloc) that describes the problem.
︙			︙