Fossil: Diff

Differences From Artifact [6ac9641c6a]:

File src/tkt.c — part of check-in [b3ee50c946] at 2008-07-15 19:03:42 on branch trunk — Implement history display for tickets. (user: drh size: 16375)

To Artifact [a48490bf20]:

File src/tkt.c — part of check-in [f46fe42d6d] at 2008-07-24 02:04:36 on branch trunk — Store private ticket fields (ex: the originators email address) as their SHA1 hash so that malefactors cannot read them. Add the new "concealed" table to the repository database and store mappings from SHA1 hashes back to email addresses in that table. Ticket [a24ec6005f]. Note: run "rebuild" on repositories after updating to this version of fossil in order to create the "concealed" table. Need to add the ability to manage the concealed table from the web interface and the ability to sync concealed content between trusted repositories. (user: drh size: 17227)

︙			︙
94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 ~~115~~ 116 117 118 119 120 121 122 ~~123~~ 124 125 126 127 128 129 130 131	/* Query the database for all TICKET fields for the specific ticket whose name is given by the "name" CGI parameter. Load the values for all fields into the interpreter. Only load those fields which do not already exist as variables. / static void initializeVariablesFromDb(void){ const char zName; Stmt q; int i, n, size, j; zName = PD("name","-none-"); db_prepare(&q, "SELECT datetime(tkt_mtime) AS tkt_datetime, " " FROM ticket WHERE tkt_uuid GLOB '%q'", zName); if( db_step(&q)==SQLITE_ROW ){ n = db_column_count(&q); for(i=0; i<n; i++){ const char zVal = db_column_text(&q, i); const char zName = db_column_name(&q, i); ~~if( zVal==0 ) ~~zVal = "";~~~~ for(j=0; j<nField; j++){ if( strcmp(azField[j],zName)==0 ){ azValue[j] = mprintf("%s", zVal); break; } } if( Th_Fetch(zName, &size)==0 ){ ~~Th_Store(~~db_column_name(&q,i)~~, zVal);~~ } } }else{ db_finalize(&q); db_prepare(&q, "PRAGMA table_info(ticket)"); while( db_step(&q)==SQLITE_ROW ){ const char *zField = db_column_text(&q, 1); if( Th_Fetch(zField, &size)==0 ){	> > > > > > > \| > > > > \| >	94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143	/* Query the database for all TICKET fields for the specific ticket whose name is given by the "name" CGI parameter. Load the values for all fields into the interpreter. Only load those fields which do not already exist as variables. Fields of the TICKET table that begin with "private_" are expanded using the db_reveal() function. This function will decode the content so that it is legable if g.okRdAddr is true. Otherwise, db_reveal() is a no-op and the content remains obscured. / static void initializeVariablesFromDb(void){ const char zName; Stmt q; int i, n, size, j; zName = PD("name","-none-"); db_prepare(&q, "SELECT datetime(tkt_mtime) AS tkt_datetime, " " FROM ticket WHERE tkt_uuid GLOB '%q'", zName); if( db_step(&q)==SQLITE_ROW ){ n = db_column_count(&q); for(i=0; i<n; i++){ const char zVal = db_column_text(&q, i); const char zName = db_column_name(&q, i); char zRevealed = 0; if( zVal==0 ){ zVal = ""; }else if( strncmp(zName, "private_", 8)==0 ){ zVal = zRevealed = db_reveal(zVal); } for(j=0; j<nField; j++){ if( strcmp(azField[j],zName)==0 ){ azValue[j] = mprintf("%s", zVal); break; } } if( Th_Fetch(zName, &size)==0 ){ Th_Store(zName, zVal); } free(zRevealed); } }else{ db_finalize(&q); db_prepare(&q, "PRAGMA table_info(ticket)"); while( db_step(&q)==SQLITE_ROW ){ const char zField = db_column_text(&q, 1); if( Th_Fetch(zField, &size)==0 ){
︙			︙
351 352 353 354 355 356 357 ~~358~~ 359 360 361 362 363 364 365	azAppend[idx] = mprintf("%.s", argl[2], argv[2]); return TH_OK; } / Subscript command: submit_ticket ** Construct and submit a new ticket artifact. / static int submitTicketCmd( Th_Interp interp, void pUuid, int argc, const unsigned char argv, int argl	\| > > > >	363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381	azAppend[idx] = mprintf("%.s", argl[2], argv[2]); return TH_OK; } / Subscript command: submit_ticket Construct and submit a new ticket artifact. The fields of the artifact are the names of the columns in the TICKET table. The content is taken from TH variables. If the content is unchanged, the field is omitted from the artifact. Fields whose names begin with "private_" ** are concealed using the db_conceal() function. / static int submitTicketCmd( Th_Interp interp, void pUuid, int argc, const unsigned char argv, int argl
︙			︙
382 383 384 385 386 387 388 389 390 391 392 393 394 395	if( azAppend[i] ){ blob_appendf(&tktchng, "J +%s %z\n", azField[i], fossilize(azAppend[i], -1)); }else{ zValue = Th_Fetch(azField[i], &nValue); if( zValue ){ while( nValue>0 && isspace(zValue[nValue-1]) ){ nValue--; } if( strncmp(zValue, azValue[i], nValue) \|\| strlen(azValue[i])!=nValue ){ blob_appendf(&tktchng, "J %s %z\n", azField[i], fossilize(zValue,nValue)); } } }	> > > >	398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415	if( azAppend[i] ){ blob_appendf(&tktchng, "J +%s %z\n", azField[i], fossilize(azAppend[i], -1)); }else{ zValue = Th_Fetch(azField[i], &nValue); if( zValue ){ while( nValue>0 && isspace(zValue[nValue-1]) ){ nValue--; } if( strncmp(azField[i], "private_", 8)==0 ){ zValue = db_conceal(zValue, nValue); nValue = strlen(zValue); } if( strncmp(zValue, azValue[i], nValue) \|\| strlen(azValue[i])!=nValue ){ blob_appendf(&tktchng, "J %s %z\n", azField[i], fossilize(zValue,nValue)); } } }
︙			︙