Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | Enhancement to codecheck1.c to verify that routines like db_set() use a string literal as the setting argument, and are thus impervious to injection attacks. |
|---|---|
| Downloads: | Tarball | ZIP archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA3-256: |
0a5d0e191cd6ff1dae343b85accf0da1 |
| User & Date: | drh 2021-07-08 17:43:03.654 |
Context
|
2021-07-09
| ||
| 10:51 | Update to the latest Pikchr trunk version. check-in: f0b08d071a user: drh tags: trunk | |
|
2021-07-08
| ||
| 17:43 | Enhancement to codecheck1.c to verify that routines like db_set() use a string literal as the setting argument, and are thus impervious to injection attacks. check-in: 0a5d0e191c user: drh tags: trunk | |
|
2021-07-07
| ||
| 18:14 | Fix the unversioned_content_hash() function so that it returns the SHA1 of a zero-length buffer if the "unversioned" table does not exist. check-in: ccce70fb59 user: drh tags: trunk | |
Changes
Changes to src/alerts.c.
| ︙ | ︙ | |||
1151 1152 1153 1154 1155 1156 1157 |
if( g.argc!=3 && g.argc!=5 ) usage("setting [NAME VALUE]");
if( g.argc==5 ){
const char *zLabel = g.argv[3];
if( strncmp(zLabel, "email-", 6)!=0
|| (pSetting = db_find_setting(zLabel, 1))==0 ){
fossil_fatal("not a valid email setting: \"%s\"", zLabel);
}
| | | 1151 1152 1153 1154 1155 1156 1157 1158 1159 1160 1161 1162 1163 1164 1165 |
if( g.argc!=3 && g.argc!=5 ) usage("setting [NAME VALUE]");
if( g.argc==5 ){
const char *zLabel = g.argv[3];
if( strncmp(zLabel, "email-", 6)!=0
|| (pSetting = db_find_setting(zLabel, 1))==0 ){
fossil_fatal("not a valid email setting: \"%s\"", zLabel);
}
db_set(pSetting->name/*works-like:""*/, g.argv[4], isGlobal);
g.argc = 3;
}
pSetting = setting_info(&nSetting);
for(; nSetting>0; nSetting--, pSetting++ ){
if( strncmp(pSetting->name,"email-",6)!=0 ) continue;
print_setting(pSetting);
}
|
| ︙ | ︙ |
Changes to src/bisect.c.
| ︙ | ︙ | |||
671 672 673 674 675 676 677 |
}else if( g.argc==4 || g.argc==5 ){
unsigned int i;
n = strlen(g.argv[3]);
for(i=0; i<count(aBisectOption); i++){
if( strncmp(g.argv[3], aBisectOption[i].zName, n)==0 ){
char *z = mprintf("bisect-%s", aBisectOption[i].zName);
if( g.argc==5 ){
| | | 671 672 673 674 675 676 677 678 679 680 681 682 683 684 685 |
}else if( g.argc==4 || g.argc==5 ){
unsigned int i;
n = strlen(g.argv[3]);
for(i=0; i<count(aBisectOption); i++){
if( strncmp(g.argv[3], aBisectOption[i].zName, n)==0 ){
char *z = mprintf("bisect-%s", aBisectOption[i].zName);
if( g.argc==5 ){
db_lset(z/*works-like:"bisect-%s"*/, g.argv[4]);
}
fossil_print("%s\n", db_lget(z, (char*)aBisectOption[i].zDefault));
fossil_free(z);
break;
}
}
if( i>=count(aBisectOption) ){
|
| ︙ | ︙ |
Changes to src/checkout.c.
| ︙ | ︙ | |||
416 417 418 419 420 421 422 |
if( !forceFlag
&& db_table_exists("localdb","stash")
&& db_exists("SELECT 1 FROM localdb.stash")
){
fossil_fatal("closing the checkout will delete your stash");
}
if( db_is_writeable("repository") ){
| | < < | 416 417 418 419 420 421 422 423 424 425 426 427 428 |
if( !forceFlag
&& db_table_exists("localdb","stash")
&& db_exists("SELECT 1 FROM localdb.stash")
){
fossil_fatal("closing the checkout will delete your stash");
}
if( db_is_writeable("repository") ){
db_unset_mprintf(1, "ckout:%q", g.zLocalRoot);
}
unlink_local_database(1);
db_close(1);
unlink_local_database(0);
}
|
Changes to src/clone.c.
| ︙ | ︙ | |||
312 313 314 315 316 317 318 |
** decision. Set the global preference if the URL is not being changed.
*/
void remember_or_get_http_auth(
const char *zHttpAuth, /* Credentials in the form "user:password" */
int fRemember, /* True to remember credentials for later reuse */
const char *zUrl /* URL for which these credentials apply */
){
| < | < | < < | 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 |
** decision. Set the global preference if the URL is not being changed.
*/
void remember_or_get_http_auth(
const char *zHttpAuth, /* Credentials in the form "user:password" */
int fRemember, /* True to remember credentials for later reuse */
const char *zUrl /* URL for which these credentials apply */
){
if( zHttpAuth && zHttpAuth[0] ){
g.zHttpAuth = mprintf("%s", zHttpAuth);
}
if( fRemember ){
if( g.zHttpAuth && g.zHttpAuth[0] ){
set_httpauth(g.zHttpAuth);
}else if( zUrl && zUrl[0] ){
db_unset_mprintf(0, "http-auth:%s", g.url.canonical);
}else{
g.zHttpAuth = get_httpauth();
}
}else if( g.zHttpAuth==0 && zUrl==0 ){
g.zHttpAuth = get_httpauth();
}
}
/*
** Get the HTTP Authorization preference from db.
*/
char *get_httpauth(void){
char *zKey = mprintf("http-auth:%s", g.url.canonical);
char * rc = unobscure(db_get(zKey, 0));
free(zKey);
return rc;
}
/*
** Set the HTTP Authorization preference in db.
*/
void set_httpauth(const char *zHttpAuth){
db_set_mprintf(obscure(zHttpAuth), 0, "http-auth:%s", g.url.canonical);
}
/*
** Look for SSH clone command line options and setup in globals.
*/
void clone_ssh_find_options(void){
const char *zSshCmd; /* SSH command string */
|
| ︙ | ︙ |
Changes to src/codecheck1.c.
| ︙ | ︙ | |||
345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 |
/*
** Processing flags
*/
#define FMT_SQL 0x00001 /* Generator for SQL text */
#define FMT_HTML 0x00002 /* Generator for HTML text */
#define FMT_URL 0x00004 /* Generator for URLs */
#define FMT_SAFE 0x00008 /* Generator for human-readable text */
/*
** A list of internal Fossil interfaces that take a printf-style format
** string.
*/
struct FmtFunc {
const char *zFName; /* Name of the function */
int iFmtArg; /* Index of format argument. Leftmost is 1. */
unsigned fmtFlags; /* Processing flags */
} aFmtFunc[] = {
| > > | | | | | | | | | | | | | | | | | | | | > > | | | | > > | | | > | | > | | | | | | | | | | | | | | | > > | | | | | | | | | > > | > | | 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 |
/*
** Processing flags
*/
#define FMT_SQL 0x00001 /* Generator for SQL text */
#define FMT_HTML 0x00002 /* Generator for HTML text */
#define FMT_URL 0x00004 /* Generator for URLs */
#define FMT_SAFE 0x00008 /* Generator for human-readable text */
#define FMT_LIT 0x00010 /* Just verify that a string literal */
#define FMT_PX 0x00020 /* Must have a literal prefix in format string */
/*
** A list of internal Fossil interfaces that take a printf-style format
** string.
*/
struct FmtFunc {
const char *zFName; /* Name of the function */
int iFmtArg; /* Index of format argument. Leftmost is 1. */
unsigned fmtFlags; /* Processing flags */
} aFmtFunc[] = {
{ "admin_log", 1, FMT_SAFE },
{ "audit_append", 3, FMT_SAFE },
{ "backofficeTrace", 1, FMT_SAFE },
{ "blob_append_sql", 2, FMT_SQL },
{ "blob_appendf", 2, FMT_SAFE },
{ "cgi_debug", 1, FMT_SAFE },
{ "cgi_panic", 1, FMT_SAFE },
{ "cgi_printf", 1, FMT_HTML },
{ "cgi_printf_header", 1, FMT_HTML },
{ "cgi_redirectf", 1, FMT_URL },
{ "chref", 2, FMT_URL },
{ "CX", 1, FMT_HTML },
{ "db_blob", 2, FMT_SQL },
{ "db_debug", 1, FMT_SQL },
{ "db_double", 2, FMT_SQL },
{ "db_err", 1, FMT_SAFE },
{ "db_exists", 1, FMT_SQL },
{ "db_get_mprintf", 2, FMT_SAFE },
{ "db_int", 2, FMT_SQL },
{ "db_int64", 2, FMT_SQL },
{ "db_lset", 1, FMT_LIT },
{ "db_lset_int", 1, FMT_LIT },
{ "db_multi_exec", 1, FMT_SQL },
{ "db_optional_sql", 2, FMT_SQL },
{ "db_prepare", 2, FMT_SQL },
{ "db_prepare_ignore_error", 2, FMT_SQL },
{ "db_set", 1, FMT_LIT },
{ "db_set_int", 1, FMT_LIT },
{ "db_set_mprintf", 3, FMT_PX },
{ "db_static_prepare", 2, FMT_SQL },
{ "db_text", 2, FMT_SQL },
{ "db_unset", 1, FMT_LIT },
{ "db_unset_mprintf", 2, FMT_PX },
{ "emailerError", 2, FMT_SAFE },
{ "entry_attribute", 4, FMT_LIT },
{ "fileedit_ajax_error", 2, FMT_SAFE },
{ "form_begin", 2, FMT_URL },
{ "fossil_error", 2, FMT_SAFE },
{ "fossil_errorlog", 1, FMT_SAFE },
{ "fossil_fatal", 1, FMT_SAFE },
{ "fossil_fatal_recursive", 1, FMT_SAFE },
{ "fossil_panic", 1, FMT_SAFE },
{ "fossil_print", 1, FMT_SAFE },
{ "fossil_trace", 1, FMT_SAFE },
{ "fossil_warning", 1, FMT_SAFE },
{ "href", 1, FMT_URL },
{ "json_new_string_f", 1, FMT_SAFE },
{ "json_set_err", 2, FMT_SAFE },
{ "json_warn", 2, FMT_SAFE },
{ "mprintf", 1, FMT_SAFE },
{ "multiple_choice_attribute", 3, FMT_LIT },
{ "onoff_attribute", 3, FMT_LIT },
{ "pop3_print", 2, FMT_SAFE },
{ "smtp_send_line", 2, FMT_SAFE },
{ "smtp_server_send", 2, FMT_SAFE },
{ "socket_set_errmsg", 1, FMT_SAFE },
{ "ssl_set_errmsg", 1, FMT_SAFE },
{ "style_header", 1, FMT_HTML },
{ "style_set_current_page", 1, FMT_URL },
{ "style_submenu_element", 2, FMT_URL },
{ "style_submenu_sql", 3, FMT_SQL },
{ "textarea_attribute", 5, FMT_LIT },
{ "tktsetup_generic", 1, FMT_LIT },
{ "webpage_error", 1, FMT_SAFE },
{ "xfersetup_generic", 1, FMT_LIT },
{ "xhref", 2, FMT_URL },
};
/*
** Comparison function for two FmtFunc entries
*/
static int fmtfunc_cmp(const void *pAA, const void *pBB){
const struct FmtFunc *pA = (const struct FmtFunc*)pAA;
|
| ︙ | ︙ | |||
457 458 459 460 461 462 463 464 | /* ** Return the expected number of arguments for the format string. ** Return -1 if the value cannot be computed. ** ** For each argument less than nType, store the conversion character ** for that argument in cType[i]. */ | > > > | > > > | 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 |
/*
** Return the expected number of arguments for the format string.
** Return -1 if the value cannot be computed.
**
** For each argument less than nType, store the conversion character
** for that argument in cType[i].
**
** Store the number of initial literal characters of the format string
** in *pInit.
*/
static int formatArgCount(const char *z, int nType, char *cType, int *pInit){
int nArg = 0;
int i, k;
int len;
int eType;
int ln = 0;
*pInit = 0;
while( z[0] ){
len = token_length(z, &eType, &ln);
if( eType==TK_STR ){
for(i=1; i<len-1 && isalpha(z[i]); i++){}
*pInit = i-1;
for(i=1; i<len-1; i++){
if( z[i]!='%' ) continue;
if( z[i+1]=='%' ){ i++; continue; }
for(k=i+1; k<len && !isalpha(z[k]); k++){
if( z[k]=='*' || z[k]=='#' ){
if( nArg<nType ) cType[nArg] = z[k];
nArg++;
|
| ︙ | ︙ | |||
513 514 515 516 517 518 519 520 521 522 523 524 525 526 |
char *z;
char *zCopy;
int nArg = 0;
const char **azArg = 0;
int i, k;
int nErr = 0;
char *acType;
szFName = token_length(zFCall, &eToken, &ln);
zStart = next_non_whitespace(zFCall+szFName, &len, &eToken);
assert( zStart[0]=='(' && len==1 );
len = distance_to(zStart+1, ')');
zCopy = safe_malloc( len + 1 );
memcpy(zCopy, zStart+1, len);
| > | 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 |
char *z;
char *zCopy;
int nArg = 0;
const char **azArg = 0;
int i, k;
int nErr = 0;
char *acType;
int nInit = 0;
szFName = token_length(zFCall, &eToken, &ln);
zStart = next_non_whitespace(zFCall+szFName, &len, &eToken);
assert( zStart[0]=='(' && len==1 );
len = distance_to(zStart+1, ')');
zCopy = safe_malloc( len + 1 );
memcpy(zCopy, zStart+1, len);
|
| ︙ | ︙ | |||
543 544 545 546 547 548 549 |
printf("%s:%d: too few arguments to %.*s()\n",
zFilename, lnFCall, szFName, zFCall);
nErr++;
}else{
const char *zFmt = azArg[fmtArg-1];
const char *zOverride = strstr(zFmt, "/*works-like:");
if( zOverride ) zFmt = zOverride + sizeof("/*works-like:")-1;
| > | > > > > > | > > > > > > > | 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598 599 600 |
printf("%s:%d: too few arguments to %.*s()\n",
zFilename, lnFCall, szFName, zFCall);
nErr++;
}else{
const char *zFmt = azArg[fmtArg-1];
const char *zOverride = strstr(zFmt, "/*works-like:");
if( zOverride ) zFmt = zOverride + sizeof("/*works-like:")-1;
if( fmtFlags & FMT_LIT ){
if( !is_string_lit(zFmt) ){
printf("%s:%d: argument %d to %.*s() should be a string literal\n",
zFilename, lnFCall, fmtArg, szFName, zFCall);
nErr++;
}
}else if( !is_string_lit(zFmt) ){
printf("%s:%d: %.*s() has non-constant format on arg[%d]\n",
zFilename, lnFCall, szFName, zFCall, fmtArg-1);
nErr++;
}else if( (k = formatArgCount(zFmt, nArg, acType, &nInit))>=0
&& nArg!=fmtArg+k ){
printf("%s:%d: too %s arguments to %.*s() "
"- got %d and expected %d\n",
zFilename, lnFCall, (nArg<fmtArg+k ? "few" : "many"),
szFName, zFCall, nArg, fmtArg+k);
nErr++;
}else if( (fmtFlags & FMT_PX)!=0 ){
if( nInit==0 ){
printf("%s:%d: format string on %.*s() should have"
" an ASCII character prefix\n",
zFilename, lnFCall, szFName, zFCall);
nErr++;
}
}else if( (fmtFlags & FMT_SAFE)==0 ){
for(i=0; i<nArg && i<k; i++){
if( (acType[i]=='s' || acType[i]=='z' || acType[i]=='b') ){
const char *zExpr = azArg[fmtArg+i];
if( never_safe(zExpr) ){
printf("%s:%d: Argument %d to %.*s() is not safe for"
" a query parameter\n",
|
| ︙ | ︙ |
Changes to src/db.c.
| ︙ | ︙ | |||
3319 3320 3321 3322 3323 3324 3325 3326 3327 3328 3329 3330 3331 3332 3333 3334 3335 3336 3337 3338 3339 3340 3341 3342 3343 |
return db_int(dflt, "SELECT value FROM vvar WHERE name=%Q", zName);
}
void db_lset_int(const char *zName, int value){
db_multi_exec("REPLACE INTO vvar(name,value) VALUES(%Q,%d)", zName, value);
}
/* Va-args versions of db_get(), db_set(), and db_unset()
*/
char *db_get_mprintf(const char *zDefault, const char *zFormat, ...){
va_list ap;
char *zName;
char *zResult;
va_start(ap, zFormat);
zName = vmprintf(zFormat, ap);
va_end(ap);
zResult = db_get(zName, zDefault);
fossil_free(zName);
return zResult;
}
void db_set_mprintf(const char *zNew, int iGlobal, const char *zFormat, ...){
va_list ap;
char *zName;
va_start(ap, zFormat);
zName = vmprintf(zFormat, ap);
va_end(ap);
| > > > > > | | | 3319 3320 3321 3322 3323 3324 3325 3326 3327 3328 3329 3330 3331 3332 3333 3334 3335 3336 3337 3338 3339 3340 3341 3342 3343 3344 3345 3346 3347 3348 3349 3350 3351 3352 3353 3354 3355 3356 3357 3358 3359 3360 3361 3362 3363 3364 3365 |
return db_int(dflt, "SELECT value FROM vvar WHERE name=%Q", zName);
}
void db_lset_int(const char *zName, int value){
db_multi_exec("REPLACE INTO vvar(name,value) VALUES(%Q,%d)", zName, value);
}
/* Va-args versions of db_get(), db_set(), and db_unset()
**
** codecheck1.c verifies that the format string for db_set_mprintf()
** and db_unset_mprintf() begins with an ASCII character prefix. We
** don't want that format string to begin with %s or %d as that might
** allow an injection attack to set or overwrite arbitrary settings.
*/
char *db_get_mprintf(const char *zDefault, const char *zFormat, ...){
va_list ap;
char *zName;
char *zResult;
va_start(ap, zFormat);
zName = vmprintf(zFormat, ap);
va_end(ap);
zResult = db_get(zName, zDefault);
fossil_free(zName);
return zResult;
}
void db_set_mprintf(const char *zNew, int iGlobal, const char *zFormat, ...){
va_list ap;
char *zName;
va_start(ap, zFormat);
zName = vmprintf(zFormat, ap);
va_end(ap);
db_set(zName/*works-like:"x"*/, zNew, iGlobal);
fossil_free(zName);
}
void db_unset_mprintf(int iGlobal, const char *zFormat, ...){
va_list ap;
char *zName;
va_start(ap, zFormat);
zName = vmprintf(zFormat, ap);
va_end(ap);
db_unset(zName/*works-like:"x"*/, iGlobal);
fossil_free(zName);
}
#if INTERFACE
/* Manifest generation flags */
|
| ︙ | ︙ | |||
4411 4412 4413 4414 4415 4416 4417 |
fossil_fatal("ambiguous setting \"%s\" - might be:%s",
zName, blob_str(&x));
}
if( globalFlag && isManifest ){
fossil_fatal("cannot set 'manifest' globally");
}
if( unsetFlag ){
| | | | 4416 4417 4418 4419 4420 4421 4422 4423 4424 4425 4426 4427 4428 4429 4430 4431 4432 4433 |
fossil_fatal("ambiguous setting \"%s\" - might be:%s",
zName, blob_str(&x));
}
if( globalFlag && isManifest ){
fossil_fatal("cannot set 'manifest' globally");
}
if( unsetFlag ){
db_unset(pSetting->name/*works-like:"x"*/, globalFlag);
}else{
db_protect_only(PROTECT_NONE);
db_set(pSetting->name/*works-like:"x"*/, g.argv[3], globalFlag);
db_protect_pop();
}
if( isManifest && g.localOpen ){
manifest_to_disk(db_lget_int("checkout", 0));
}
}else{
while( pSetting->name ){
|
| ︙ | ︙ |
Changes to src/http_ssl.c.
| ︙ | ︙ | |||
435 436 437 438 439 440 441 |
** Remember that the cert with the given hash is a acceptable for
** use with pUrlData->name.
*/
LOCAL void ssl_remember_certificate_exception(
UrlData *pUrlData,
const char *zHash
){
| | < < | 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 |
** Remember that the cert with the given hash is a acceptable for
** use with pUrlData->name.
*/
LOCAL void ssl_remember_certificate_exception(
UrlData *pUrlData,
const char *zHash
){
db_set_mprintf(zHash, 1, "cert:%s", pUrlData->name);
}
/*
** Return true if the there exists a certificate exception for
** pUrlData->name that matches the hash.
*/
LOCAL int ssl_certificate_exception_exists(
|
| ︙ | ︙ |
Changes to src/search.c.
| ︙ | ︙ | |||
1928 1929 1930 1931 1932 1933 1934 |
/* Adjust search settings */
if( iCmd==3 || iCmd==4 ){
const char *zCtrl;
if( g.argc<4 ) usage(mprintf("%s STRING",zSubCmd));
zCtrl = g.argv[3];
for(j=0; j<count(aSetng); j++){
if( strchr(zCtrl, aSetng[j].zSw[0])!=0 ){
| | | 1928 1929 1930 1931 1932 1933 1934 1935 1936 1937 1938 1939 1940 1941 1942 |
/* Adjust search settings */
if( iCmd==3 || iCmd==4 ){
const char *zCtrl;
if( g.argc<4 ) usage(mprintf("%s STRING",zSubCmd));
zCtrl = g.argv[3];
for(j=0; j<count(aSetng); j++){
if( strchr(zCtrl, aSetng[j].zSw[0])!=0 ){
db_set_int(aSetng[j].zSetting/*works-like:"x"*/, iCmd-3, 0);
}
}
}
if( iCmd==5 ){
if( g.argc<4 ) usage("porter ON/OFF");
db_set_int("search-stemmer", is_truth(g.argv[3]), 0);
}
|
| ︙ | ︙ |
Changes to src/setup.c.
| ︙ | ︙ | |||
184 185 186 187 188 189 190 | } /* ** Generate a checkbox for an attribute. */ void onoff_attribute( const char *zLabel, /* The text label on the checkbox */ | | | | | 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 |
}
/*
** Generate a checkbox for an attribute.
*/
void onoff_attribute(
const char *zLabel, /* The text label on the checkbox */
const char *zVar, /* The corresponding row in the CONFIG table */
const char *zQParm, /* The query parameter */
int dfltVal, /* Default value if CONFIG table entry does not exist */
int disabled /* 1 if disabled */
){
const char *zQ = P(zQParm);
int iVal = db_get_boolean(zVar, dfltVal);
if( zQ==0 && !disabled && P("submit") ){
zQ = "off";
}
if( zQ ){
int iQ = fossil_strcmp(zQ,"on")==0 || atoi(zQ);
if( iQ!=iVal ){
login_verify_csrf_secret();
db_protect_only(PROTECT_NONE);
db_set(zVar/*works-like:"x"*/, iQ ? "1" : "0", 0);
db_protect_pop();
setup_incr_cfgcnt();
admin_log("Set option [%q] to [%q].",
zVar, iQ ? "on" : "off");
iVal = iQ;
}
}
|
| ︙ | ︙ | |||
224 225 226 227 228 229 230 | /* ** Generate an entry box for an attribute. */ void entry_attribute( const char *zLabel, /* The text label on the entry box */ int width, /* Width of the entry box */ | | | | | | | | 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 |
/*
** Generate an entry box for an attribute.
*/
void entry_attribute(
const char *zLabel, /* The text label on the entry box */
int width, /* Width of the entry box */
const char *zVar, /* The corresponding row in the CONFIG table */
const char *zQParm, /* The query parameter */
const char *zDflt, /* Default value if CONFIG table entry does not exist */
int disabled /* 1 if disabled */
){
const char *zVal = db_get(zVar, zDflt);
const char *zQ = P(zQParm);
if( zQ && fossil_strcmp(zQ,zVal)!=0 ){
const int nZQ = (int)strlen(zQ);
login_verify_csrf_secret();
setup_incr_cfgcnt();
db_protect_only(PROTECT_NONE);
db_set(zVar/*works-like:"x"*/, zQ, 0);
db_protect_pop();
admin_log("Set entry_attribute %Q to: %.*s%s",
zVar, 20, zQ, (nZQ>20 ? "..." : ""));
zVal = zQ;
}
@ <input aria-label="%h(zLabel[0]?zLabel:zQParm)" type="text" \
@ id="%s(zQParm)" name="%s(zQParm)" value="%h(zVal)" size="%d(width)" \
if( disabled ){
@ disabled="disabled" \
}
@ /> <b>%s(zLabel)</b>
}
/*
** Generate a text box for an attribute.
*/
const char *textarea_attribute(
const char *zLabel, /* The text label on the textarea */
int rows, /* Rows in the textarea */
int cols, /* Columns in the textarea */
const char *zVar, /* The corresponding row in the CONFIG table */
const char *zQP, /* The query parameter */
const char *zDflt, /* Default value if CONFIG table entry does not exist */
int disabled /* 1 if the textarea should not be editable */
){
const char *z = db_get(zVar, zDflt);
const char *zQ = P(zQP);
if( zQ && !disabled && fossil_strcmp(zQ,z)!=0){
const int nZQ = (int)strlen(zQ);
login_verify_csrf_secret();
db_protect_only(PROTECT_NONE);
db_set(zVar/*works-like:"x"*/, zQ, 0);
db_protect_pop();
setup_incr_cfgcnt();
admin_log("Set textarea_attribute %Q to: %.*s%s",
zVar, 20, zQ, (nZQ>20 ? "..." : ""));
z = zQ;
}
if( rows>0 && cols>0 ){
|
| ︙ | ︙ | |||
294 295 296 297 298 299 300 | } /* ** Generate a text box for an attribute. */ void multiple_choice_attribute( const char *zLabel, /* The text label on the menu */ | | | | | 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 |
}
/*
** Generate a text box for an attribute.
*/
void multiple_choice_attribute(
const char *zLabel, /* The text label on the menu */
const char *zVar, /* The corresponding row in the CONFIG table */
const char *zQP, /* The query parameter */
const char *zDflt, /* Default value if CONFIG table entry does not exist */
int nChoice, /* Number of choices */
const char *const *azChoice /* Choices in pairs (VAR value, Display) */
){
const char *z = db_get(zVar, zDflt);
const char *zQ = P(zQP);
int i;
if( zQ && fossil_strcmp(zQ,z)!=0){
const int nZQ = (int)strlen(zQ);
login_verify_csrf_secret();
db_unprotect(PROTECT_ALL);
db_set(zVar/*works-like:"x"*/, zQ, 0);
setup_incr_cfgcnt();
db_protect_pop();
admin_log("Set multiple_choice_attribute %Q to: %.*s%s",
zVar, 20, zQ, (nZQ>20 ? "..." : ""));
z = zQ;
}
@ <select aria-label="%h(zLabel)" size="1" name="%s(zQP)" id="id%s(zQP)">
|
| ︙ | ︙ | |||
897 898 899 900 901 902 903 |
@ <table border="0"><tr><td valign="top">
login_insert_csrf_secret();
for(i=0, pSet=aSetting; i<nSetting; i++, pSet++){
if( pSet->width==0 ){
int hasVersionableValue = pSet->versionable &&
(db_get_versioned(pSet->name, NULL)!=0);
onoff_attribute("", pSet->name,
| | | 897 898 899 900 901 902 903 904 905 906 907 908 909 910 911 |
@ <table border="0"><tr><td valign="top">
login_insert_csrf_secret();
for(i=0, pSet=aSetting; i<nSetting; i++, pSet++){
if( pSet->width==0 ){
int hasVersionableValue = pSet->versionable &&
(db_get_versioned(pSet->name, NULL)!=0);
onoff_attribute("", pSet->name,
pSet->var!=0 ? pSet->var : pSet->name /*works-like:"x"*/,
is_truth(pSet->def), hasVersionableValue);
@ <a href='%R/help?cmd=%s(pSet->name)'>%h(pSet->name)</a>
if( pSet->versionable ){
@ (v)<br />
} else {
@ <br />
}
|
| ︙ | ︙ | |||
923 924 925 926 927 928 929 |
if( pSet->versionable ){
@ (v)
} else {
@
}
@</td><td>
entry_attribute("", /*pSet->width*/ 25, pSet->name,
| | | | 923 924 925 926 927 928 929 930 931 932 933 934 935 936 937 938 939 940 941 942 943 944 945 946 947 948 949 950 951 952 953 954 |
if( pSet->versionable ){
@ (v)
} else {
@
}
@</td><td>
entry_attribute("", /*pSet->width*/ 25, pSet->name,
pSet->var!=0 ? pSet->var : pSet->name /*works-like:"x"*/,
(char*)pSet->def, hasVersionableValue);
@</td></tr>
}
}
@</table>
@ </td><td style="width:50px;"></td><td valign="top">
for(i=0, pSet=aSetting; i<nSetting; i++, pSet++){
if( pSet->width>0 && pSet->forceTextArea ){
int hasVersionableValue = db_get_versioned(pSet->name, NULL)!=0;
@ <a href='%R/help?cmd=%s(pSet->name)'>%s(pSet->name)</a>
if( pSet->versionable ){
@ (v)<br />
} else {
@ <br />
}
textarea_attribute("", /*rows*/ 2, /*cols*/ 35, pSet->name,
pSet->var!=0 ? pSet->var : pSet->name /*works-like:"x"*/,
(char*)pSet->def, hasVersionableValue);
@<br />
}
}
@ </td></tr></table>
@ </div></form>
db_end_transaction(0);
|
| ︙ | ︙ |
Changes to src/skins.c.
| ︙ | ︙ | |||
787 788 789 790 791 792 793 |
/* 4 */ { "js", "JavaScript", "Script", },
};
const char *zBasis; /* The baseline file */
const char *zOrig; /* Original content prior to editing */
const char *zContent; /* Content after editing */
const char *zDflt; /* Default content */
char *zDraft; /* Which draft: "draft%d" */
| < | 787 788 789 790 791 792 793 794 795 796 797 798 799 800 |
/* 4 */ { "js", "JavaScript", "Script", },
};
const char *zBasis; /* The baseline file */
const char *zOrig; /* Original content prior to editing */
const char *zContent; /* Content after editing */
const char *zDflt; /* Default content */
char *zDraft; /* Which draft: "draft%d" */
char *zTitle; /* Title of this page */
const char *zFile; /* One of "css", "footer", "header", "details" */
int iSkin; /* draft number. 1..9 */
int ii; /* Index in aSkinAttr[] of this file */
int j; /* Loop counter */
int isRevert = 0; /* True if Revert-to-Baseline was pressed */
|
| ︙ | ︙ | |||
825 826 827 828 829 830 831 |
}
/* figure out which file is to be edited */
ii = atoi(PD("w","0"));
if( ii<0 || ii>count(aSkinAttr) ) ii = 0;
zFile = aSkinAttr[ii].zFile;
zDraft = mprintf("draft%d", iSkin);
| < | | | 824 825 826 827 828 829 830 831 832 833 834 835 836 837 838 839 840 841 842 843 844 845 846 847 848 849 850 851 852 853 854 855 856 857 858 859 860 861 |
}
/* figure out which file is to be edited */
ii = atoi(PD("w","0"));
if( ii<0 || ii>count(aSkinAttr) ) ii = 0;
zFile = aSkinAttr[ii].zFile;
zDraft = mprintf("draft%d", iSkin);
zTitle = mprintf("%s for Draft%d", aSkinAttr[ii].zTitle, iSkin);
zBasis = PD("basis","current");
zDflt = skin_file_content(zBasis, zFile);
zOrig = db_get_mprintf(zDflt, "draft%d-%s",iSkin,zFile);
zContent = PD(zFile,zOrig);
if( P("revert")!=0 && cgi_csrf_safe(0) ){
zContent = zDflt;
isRevert = 1;
}
db_begin_transaction();
style_set_current_feature("skins");
style_header("%s", zTitle);
for(j=0; j<count(aSkinAttr); j++){
style_submenu_element(aSkinAttr[j].zSubmenu,
"%R/setup_skinedit?w=%d&basis=%h&sk=%d",j,zBasis,iSkin);
}
@ <form action="%R/setup_skinedit" method="post"><div>
login_insert_csrf_secret();
@ <input type='hidden' name='w' value='%d(ii)'>
@ <input type='hidden' name='sk' value='%d(iSkin)'>
@ <h2>Edit %s(zTitle):</h2>
if( P("submit") && cgi_csrf_safe(0) && strcmp(zOrig,zContent)!=0 ){
db_set_mprintf(zContent, 0, "draft%d-%s",iSkin,zFile);
}
@ <textarea name="%s(zFile)" rows="10" cols="80">\
@ %h(zContent)</textarea>
@ <br />
@ <input type="submit" name="submit" value="Apply Changes" />
if( isRevert ){
@ ← Press to complete reversion to "%s(zBasis)"
|
| ︙ | ︙ | |||
940 941 942 943 944 945 946 |
);
db_protect_pop();
}
/* Publish draft iSkin */
for(i=0; i<count(azSkinFile); i++){
char *zNew = db_get_mprintf("", "draft%d-%s", iSkin, azSkinFile[i]);
| | | 938 939 940 941 942 943 944 945 946 947 948 949 950 951 952 |
);
db_protect_pop();
}
/* Publish draft iSkin */
for(i=0; i<count(azSkinFile); i++){
char *zNew = db_get_mprintf("", "draft%d-%s", iSkin, azSkinFile[i]);
db_set(azSkinFile[i]/*works-like:"x"*/, zNew, 0);
}
}
/*
** WEBPAGE: setup_skin
**
** Generate a page showing the steps needed to customize a skin.
|
| ︙ | ︙ |
Changes to src/tktsetup.c.
| ︙ | ︙ | |||
134 135 136 137 138 139 140 |
if( z==0 ){
z = db_get(zDbField, zDfltValue);
}
style_set_current_feature("tktsetup");
style_header("Edit %s", zTitle);
if( P("clear")!=0 ){
login_verify_csrf_secret();
| | | | 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 |
if( z==0 ){
z = db_get(zDbField, zDfltValue);
}
style_set_current_feature("tktsetup");
style_header("Edit %s", zTitle);
if( P("clear")!=0 ){
login_verify_csrf_secret();
db_unset(zDbField/*works-like:"x"*/, 0);
if( xRebuild ) xRebuild();
cgi_redirect("tktsetup");
}else if( isSubmit ){
char *zErr = 0;
login_verify_csrf_secret();
if( xText && (zErr = xText(z))!=0 ){
@ <p class="tktsetupError">ERROR: %h(zErr)</p>
}else{
db_set(zDbField/*works-like:"x"*/, z, 0);
if( xRebuild ) xRebuild();
cgi_redirect("tktsetup");
}
}
@ <form action="%R/%s(g.zPath)" method="post"><div>
login_insert_csrf_secret();
@ <p>%s(zDesc)</p>
|
| ︙ | ︙ |
Changes to src/xfersetup.c.
| ︙ | ︙ | |||
118 119 120 121 122 123 124 |
if( z==0 ){
z = db_get(zDbField, zDfltValue);
}
style_set_current_feature("xfersetup");
style_header("Edit %s", zTitle);
if( P("clear")!=0 ){
login_verify_csrf_secret();
| | | | 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 |
if( z==0 ){
z = db_get(zDbField, zDfltValue);
}
style_set_current_feature("xfersetup");
style_header("Edit %s", zTitle);
if( P("clear")!=0 ){
login_verify_csrf_secret();
db_unset(zDbField/*works-like:"x"*/, 0);
if( xRebuild ) xRebuild();
z = zDfltValue;
}else if( isSubmit ){
char *zErr = 0;
login_verify_csrf_secret();
if( xText && (zErr = xText(z))!=0 ){
@ <p class="xfersetupError">ERROR: %h(zErr)</p>
}else{
db_set(zDbField/*works-like:"x"*/, z, 0);
if( xRebuild ) xRebuild();
cgi_redirect("xfersetup");
}
}
@ <form action="%R/%s(g.zPath)" method="post"><div>
login_insert_csrf_secret();
@ <p>%s(zDesc)</p>
|
| ︙ | ︙ |