| ︙ | | | ︙ | |
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
|
const char *zArg2,
const char *zArg3,
const char *zArg4
){
int rc = SQLITE_OK;
if( *(char**)pError ){
/* We've already seen an error. No need to continue. */
return SQLITE_OK;
}
switch( code ){
case SQLITE_SELECT:
case SQLITE_RECURSIVE:
case SQLITE_FUNCTION: {
break;
}
case SQLITE_READ: {
static const char *const azAllowed[] = {
"ticket",
"ticketchng",
"blob",
"filename",
"mlink",
"plink",
"event",
"tag",
"tagxref",
};
int i;
if( fossil_strncmp(zArg1, "fx_", 3)==0 ){
break;
}
for(i=0; i<sizeof(azAllowed)/sizeof(azAllowed[0]); i++){
if( fossil_stricmp(zArg1, azAllowed[i])==0 ) break;
}
if( i>=sizeof(azAllowed)/sizeof(azAllowed[0]) ){
*(char**)pError = mprintf("access to table \"%s\" is restricted",zArg1);
rc = SQLITE_DENY;
}else if( !g.perm.RdAddr && strncmp(zArg2, "private_", 8)==0 ){
rc = SQLITE_IGNORE;
}
break;
}
|
|
>
|
|
|
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
|
const char *zArg2,
const char *zArg3,
const char *zArg4
){
int rc = SQLITE_OK;
if( *(char**)pError ){
/* We've already seen an error. No need to continue. */
return SQLITE_DENY;
}
switch( code ){
case SQLITE_SELECT:
case SQLITE_RECURSIVE:
case SQLITE_FUNCTION: {
break;
}
case SQLITE_READ: {
static const char *const azAllowed[] = {
"ticket",
"ticketchng",
"blob",
"filename",
"mlink",
"plink",
"event",
"tag",
"tagxref",
"unversioned",
};
int i;
if( fossil_strncmp(zArg1, "fx_", 3)==0 ){
break;
}
for(i=0; i<count(azAllowed); i++){
if( fossil_stricmp(zArg1, azAllowed[i])==0 ) break;
}
if( i>=count(azAllowed) ){
*(char**)pError = mprintf("access to table \"%s\" is restricted",zArg1);
rc = SQLITE_DENY;
}else if( !g.perm.RdAddr && strncmp(zArg2, "private_", 8)==0 ){
rc = SQLITE_IGNORE;
}
break;
}
|
| ︙ | | | ︙ | |
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
|
if( P("copy") ){
rn = 0;
zTitle = mprintf("Copy Of %s", zTitle);
zOwner = g.zLogin;
}
}
if( zOwner==0 ) zOwner = g.zLogin;
style_submenu_element("Cancel", "Cancel", "reportlist");
if( rn>0 ){
style_submenu_element("Delete", "Delete", "rptedit?rn=%d&del1=1", rn);
}
style_header("%s", rn>0 ? "Edit Report Format":"Create New Report Format");
if( zErr ){
@ <blockquote class="reportError">%h(zErr)</blockquote>
}
@ <form action="rptedit" method="post"><div>
@ <input type="hidden" name="rn" value="%d(rn)" />
|
|
|
|
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
|
if( P("copy") ){
rn = 0;
zTitle = mprintf("Copy Of %s", zTitle);
zOwner = g.zLogin;
}
}
if( zOwner==0 ) zOwner = g.zLogin;
style_submenu_element("Cancel", "reportlist");
if( rn>0 ){
style_submenu_element("Delete", "rptedit?rn=%d&del1=1", rn);
}
style_header("%s", rn>0 ? "Edit Report Format":"Create New Report Format");
if( zErr ){
@ <blockquote class="reportError">%h(zErr)</blockquote>
}
@ <form action="rptedit" method="post"><div>
@ <input type="hidden" name="rn" value="%d(rn)" />
|
| ︙ | | | ︙ | |
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
|
pState->wikiFlags = WIKI_NOBADLINKS;
pState->zWikiStart = "";
pState->zWikiEnd = "";
if( P("plaintext") ){
pState->wikiFlags |= WIKI_LINKSONLY;
pState->zWikiStart = "<pre class='verbatim'>";
pState->zWikiEnd = "</pre>";
style_submenu_element("Formatted", "Formatted",
"%R/rptview?rn=%d", pState->rn);
}else{
style_submenu_element("Plaintext", "Plaintext",
"%R/rptview?rn=%d&plaintext", pState->rn);
}
}else{
pState->nCol++;
}
}
}
|
|
<
|
|
|
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
|
pState->wikiFlags = WIKI_NOBADLINKS;
pState->zWikiStart = "";
pState->zWikiEnd = "";
if( P("plaintext") ){
pState->wikiFlags |= WIKI_LINKSONLY;
pState->zWikiStart = "<pre class='verbatim'>";
pState->zWikiEnd = "</pre>";
style_submenu_element("Formatted", "%R/rptview?rn=%d", pState->rn);
}else{
style_submenu_element("Plaintext", "%R/rptview?rn=%d&plaintext",
pState->rn);
}
}else{
pState->nCol++;
}
}
}
|
| ︙ | | | ︙ | |
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
|
int rc = SQLITE_OK; /* Return code */
const char *zLeftover; /* Tail of unprocessed SQL */
sqlite3_stmt *pStmt = 0; /* The current SQL statement */
const char **azCols = 0; /* Names of result columns */
int nCol; /* Number of columns of output */
const char **azVals = 0; /* Text of all output columns */
int i; /* Loop counter */
pStmt = 0;
rc = sqlite3_prepare_v2(db, zSql, -1, &pStmt, &zLeftover);
assert( rc==SQLITE_OK || pStmt==0 );
if( rc!=SQLITE_OK ){
return rc;
}
if( !pStmt ){
/* this happens for a comment or white-space */
return SQLITE_OK;
}
if( !sqlite3_stmt_readonly(pStmt) ){
sqlite3_finalize(pStmt);
return SQLITE_ERROR;
}
i = sqlite3_bind_parameter_index(pStmt, "$login");
if( i ) sqlite3_bind_text(pStmt, i, g.zLogin, -1, SQLITE_TRANSIENT);
nCol = sqlite3_column_count(pStmt);
azVals = fossil_malloc(2*nCol*sizeof(const char*) + 1);
while( (rc = sqlite3_step(pStmt))==SQLITE_ROW ){
if( azCols==0 ){
azCols = &azVals[nCol];
for(i=0; i<nCol; i++){
azCols[i] = sqlite3_column_name(pStmt, i);
|
>
|
>
>
>
>
>
>
|
>
>
|
>
|
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
|
int rc = SQLITE_OK; /* Return code */
const char *zLeftover; /* Tail of unprocessed SQL */
sqlite3_stmt *pStmt = 0; /* The current SQL statement */
const char **azCols = 0; /* Names of result columns */
int nCol; /* Number of columns of output */
const char **azVals = 0; /* Text of all output columns */
int i; /* Loop counter */
int nVar; /* Number of parameters */
pStmt = 0;
rc = sqlite3_prepare_v2(db, zSql, -1, &pStmt, &zLeftover);
assert( rc==SQLITE_OK || pStmt==0 );
if( rc!=SQLITE_OK ){
return rc;
}
if( !pStmt ){
/* this happens for a comment or white-space */
return SQLITE_OK;
}
if( !sqlite3_stmt_readonly(pStmt) ){
sqlite3_finalize(pStmt);
return SQLITE_ERROR;
}
nVar = sqlite3_bind_parameter_count(pStmt);
for(i=1; i<=nVar; i++){
const char *zVar = sqlite3_bind_parameter_name(pStmt, i);
if( zVar==0 ) continue;
if( zVar[0]!='$' && zVar[0]!='$' && zVar[0]!=':' ) continue;
if( !fossil_islower(zVar[1]) ) continue;
if( strcmp(zVar, "$login")==0 ){
sqlite3_bind_text(pStmt, i, g.zLogin, -1, SQLITE_TRANSIENT);
}else{
sqlite3_bind_text(pStmt, i, P(zVar+1), -1, SQLITE_TRANSIENT);
}
}
nCol = sqlite3_column_count(pStmt);
azVals = fossil_malloc(2*nCol*sizeof(const char*) + 1);
while( (rc = sqlite3_step(pStmt))==SQLITE_ROW ){
if( azCols==0 ){
azCols = &azVals[nCol];
for(i=0; i<nCol; i++){
azCols[i] = sqlite3_column_name(pStmt, i);
|
| ︙ | | | ︙ | |
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
|
zDir = !strcmp("ASC",zDir) ? "ASC" : "DESC";
zSql = mprintf("SELECT * FROM (%s) ORDER BY %d %s", zSql, nField, zDir);
}
}
count = 0;
if( !tabs ){
struct GenerateHTML sState;
db_multi_exec("PRAGMA empty_result_callbacks=ON");
style_submenu_element("Raw", "Raw",
"rptview?tablist=1&%h", PD("QUERY_STRING",""));
if( g.perm.Admin
|| (g.perm.TktFmt && g.zLogin && fossil_strcmp(g.zLogin,zOwner)==0) ){
style_submenu_element("Edit", "Edit", "rptedit?rn=%d", rn);
}
if( g.perm.TktFmt ){
style_submenu_element("SQL", "SQL", "rptsql?rn=%d",rn);
}
if( g.perm.NewTkt ){
style_submenu_element("New Ticket", "Create a new ticket",
"%s/tktnew", g.zTop);
}
style_header("%s", zTitle);
output_color_key(zClrKey, 1,
"border=\"0\" cellpadding=\"3\" cellspacing=\"0\" class=\"report\"");
@ <table border="1" cellpadding="2" cellspacing="0" class="report"
@ id="reportTable">
sState.rn = rn;
|
|
|
<
|
|
|
<
|
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
|
zDir = !strcmp("ASC",zDir) ? "ASC" : "DESC";
zSql = mprintf("SELECT * FROM (%s) ORDER BY %d %s", zSql, nField, zDir);
}
}
count = 0;
if( !tabs ){
struct GenerateHTML sState = { 0, 0, 0, 0, 0, 0, 0, 0, 0 };
db_multi_exec("PRAGMA empty_result_callbacks=ON");
style_submenu_element("Raw", "rptview?tablist=1&%h", PD("QUERY_STRING",""));
if( g.perm.Admin
|| (g.perm.TktFmt && g.zLogin && fossil_strcmp(g.zLogin,zOwner)==0) ){
style_submenu_element("Edit", "rptedit?rn=%d", rn);
}
if( g.perm.TktFmt ){
style_submenu_element("SQL", "rptsql?rn=%d",rn);
}
if( g.perm.NewTkt ){
style_submenu_element("New Ticket", "%s/tktnew", g.zTop);
}
style_header("%s", zTitle);
output_color_key(zClrKey, 1,
"border=\"0\" cellpadding=\"3\" cellspacing=\"0\" class=\"report\"");
@ <table border="1" cellpadding="2" cellspacing="0" class="report"
@ id="reportTable">
sState.rn = rn;
|
| ︙ | | | ︙ | |