Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | Disable triggers using SQLITE_DBCONFIG_ENABLE_TRIGGERS for defense in depth. SQLite 3.35.0 is required due to Fossil's use of TEMP triggers. Also, use the new RETURNING clause for queries where it makes sense, again requiring SQLite 3.35.0. |
|---|---|
| Downloads: | Tarball | ZIP archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA3-256: |
8a3dc1a9754e5fec28c9b52bbbca6e94 |
| User & Date: | drh 2021-02-03 14:23:01.135 |
Context
|
2021-02-03
| ||
| 23:51 | Paint backgrounds with the hash_color for the login name when the "ubg" query parameter is given on the /setup_ulist page. check-in: eb1415d8c5 user: drh tags: trunk | |
| 14:23 | Disable triggers using SQLITE_DBCONFIG_ENABLE_TRIGGERS for defense in depth. SQLite 3.35.0 is required due to Fossil's use of TEMP triggers. Also, use the new RETURNING clause for queries where it makes sense, again requiring SQLite 3.35.0. check-in: 8a3dc1a975 user: drh tags: trunk | |
| 13:38 | Update the built-in SQLite to the latest 3.35.0 alpha that includes support for RETURNING and the ability to use TEMP triggers even if SQLITE_DBCONFIG_ENABLE_TRIGGER is off. check-in: 60b8c71b00 user: drh tags: trunk | |
Changes
Changes to src/alerts.c.
| ︙ | ︙ | |||
1375 1376 1377 1378 1379 1380 1381 |
if( P("submit")
&& cgi_csrf_safe(1)
&& subscribe_error_check(&eErr,&zErr,needCaptcha)
){
/* A validated request for a new subscription has been received. */
char ssub[20];
const char *zEAddr = P("e");
| < | | > < < < < | 1375 1376 1377 1378 1379 1380 1381 1382 1383 1384 1385 1386 1387 1388 1389 1390 1391 1392 1393 1394 1395 1396 1397 1398 1399 1400 1401 1402 1403 1404 1405 1406 1407 1408 1409 1410 1411 1412 |
if( P("submit")
&& cgi_csrf_safe(1)
&& subscribe_error_check(&eErr,&zErr,needCaptcha)
){
/* A validated request for a new subscription has been received. */
char ssub[20];
const char *zEAddr = P("e");
const char *zCode; /* New subscriber code (in hex) */
int nsub = 0;
const char *suname = PT("suname");
if( suname==0 && needCaptcha==0 && !g.perm.Admin ) suname = g.zLogin;
if( suname && suname[0]==0 ) suname = 0;
if( PB("sa") ) ssub[nsub++] = 'a';
if( g.perm.Read && PB("sc") ) ssub[nsub++] = 'c';
if( g.perm.RdForum && PB("sf") ) ssub[nsub++] = 'f';
if( g.perm.RdTkt && PB("st") ) ssub[nsub++] = 't';
if( g.perm.RdWiki && PB("sw") ) ssub[nsub++] = 'w';
if( g.perm.RdForum && PB("sx") ) ssub[nsub++] = 'x';
ssub[nsub] = 0;
zCode = db_text(0,
"INSERT INTO subscriber(semail,suname,"
" sverified,sdonotcall,sdigest,ssub,sctime,mtime,smip)"
"VALUES(%Q,%Q,%d,0,%d,%Q,now(),now(),%Q)"
"RETURNING hex(subscriberCode);",
/* semail */ zEAddr,
/* suname */ suname,
/* sverified */ needCaptcha==0,
/* sdigest */ PB("di"),
/* ssub */ ssub,
/* smip */ g.zIpAddr
);
if( !needCaptcha ){
/* The new subscription has been added on behalf of a logged-in user.
** No verification is required. Jump immediately to /alerts page.
*/
if( g.perm.Admin ){
cgi_redirectf("%R/alerts/%.32s", zCode);
}else{
|
| ︙ | ︙ |
Changes to src/db.c.
| ︙ | ︙ | |||
1616 1617 1618 1619 1620 1621 1622 1623 1624 1625 1626 1627 1628 1629 |
g.zVfsName
);
if( rc!=SQLITE_OK ){
db_err("[%s]: %s", zDbName, sqlite3_errmsg(db));
}
db_maybe_set_encryption_key(db, zDbName);
sqlite3_db_config(db, SQLITE_DBCONFIG_ENABLE_FKEY, 0, &rc);
sqlite3_db_config(db, SQLITE_DBCONFIG_TRUSTED_SCHEMA, 0, &rc);
sqlite3_db_config(db, SQLITE_DBCONFIG_DQS_DDL, 0, &rc);
sqlite3_db_config(db, SQLITE_DBCONFIG_DQS_DML, 0, &rc);
sqlite3_db_config(db, SQLITE_DBCONFIG_DEFENSIVE, 1, &rc);
sqlite3_busy_timeout(db, 15000);
sqlite3_wal_autocheckpoint(db, 1); /* Set to checkpoint frequently */
sqlite3_create_function(db, "user", 0, SQLITE_UTF8, 0, db_sql_user, 0, 0);
| > | 1616 1617 1618 1619 1620 1621 1622 1623 1624 1625 1626 1627 1628 1629 1630 |
g.zVfsName
);
if( rc!=SQLITE_OK ){
db_err("[%s]: %s", zDbName, sqlite3_errmsg(db));
}
db_maybe_set_encryption_key(db, zDbName);
sqlite3_db_config(db, SQLITE_DBCONFIG_ENABLE_FKEY, 0, &rc);
sqlite3_db_config(db, SQLITE_DBCONFIG_ENABLE_TRIGGER, 0, &rc);
sqlite3_db_config(db, SQLITE_DBCONFIG_TRUSTED_SCHEMA, 0, &rc);
sqlite3_db_config(db, SQLITE_DBCONFIG_DQS_DDL, 0, &rc);
sqlite3_db_config(db, SQLITE_DBCONFIG_DQS_DML, 0, &rc);
sqlite3_db_config(db, SQLITE_DBCONFIG_DEFENSIVE, 1, &rc);
sqlite3_busy_timeout(db, 15000);
sqlite3_wal_autocheckpoint(db, 1); /* Set to checkpoint frequently */
sqlite3_create_function(db, "user", 0, SQLITE_UTF8, 0, db_sql_user, 0, 0);
|
| ︙ | ︙ |
Changes to src/login.c.
| ︙ | ︙ | |||
1665 1666 1667 1668 1669 1670 1671 |
db_protect_pop();
uid = db_int(0, "SELECT uid FROM user WHERE login=%Q", zUserID);
login_set_user_cookie(zUserID, uid, NULL, 0);
if( doAlerts ){
/* Also make the new user a subscriber. */
Blob hdr, body;
AlertSender *pSender;
| < | | > < < < < | 1665 1666 1667 1668 1669 1670 1671 1672 1673 1674 1675 1676 1677 1678 1679 1680 1681 1682 1683 1684 1685 1686 1687 1688 1689 1690 1691 1692 1693 1694 1695 1696 1697 1698 1699 1700 1701 1702 1703 1704 1705 1706 1707 1708 1709 1710 1711 1712 1713 1714 |
db_protect_pop();
uid = db_int(0, "SELECT uid FROM user WHERE login=%Q", zUserID);
login_set_user_cookie(zUserID, uid, NULL, 0);
if( doAlerts ){
/* Also make the new user a subscriber. */
Blob hdr, body;
AlertSender *pSender;
const char *zCode; /* New subscriber code (in hex) */
const char *zGoto = P("g");
int nsub = 0;
char ssub[20];
CapabilityString *pCap;
pCap = capability_add(0, zPerms);
capability_expand(pCap);
ssub[nsub++] = 'a';
if( capability_has_any(pCap,"o") ) ssub[nsub++] = 'c';
if( capability_has_any(pCap,"2") ) ssub[nsub++] = 'f';
if( capability_has_any(pCap,"r") ) ssub[nsub++] = 't';
if( capability_has_any(pCap,"j") ) ssub[nsub++] = 'w';
ssub[nsub] = 0;
capability_free(pCap);
/* Also add the user to the subscriber table. */
zCode = db_text(0,
"INSERT INTO subscriber(semail,suname,"
" sverified,sdonotcall,sdigest,ssub,sctime,mtime,smip)"
" VALUES(%Q,%Q,%d,0,%d,%Q,now(),now(),%Q)"
" ON CONFLICT(semail) DO UPDATE"
" SET suname=excluded.suname"
" RETURNING hex(subscriberCode);",
/* semail */ zEAddr,
/* suname */ zUserID,
/* sverified */ 0,
/* sdigest */ 0,
/* ssub */ ssub,
/* smip */ g.zIpAddr
);
if( db_exists("SELECT 1 FROM subscriber WHERE semail=%Q"
" AND sverified", zEAddr) ){
/* This the case where the user was formerly a verified subscriber
** and here they have also registered as a user as well. It is
** not necessary to repeat the verfication step */
redirect_to_g();
}
/* A verification email */
pSender = alert_sender_new(0,0);
blob_init(&hdr,0,0);
blob_init(&body,0,0);
blob_appendf(&hdr, "To: <%s>\n", zEAddr);
blob_appendf(&hdr, "Subject: Subscription verification\n");
alert_append_confirmation_message(&body, zCode);
|
| ︙ | ︙ |
Changes to src/main.c.
| ︙ | ︙ | |||
675 676 677 678 679 680 681 |
#endif
}
}
#endif
fossil_printf_selfcheck();
fossil_limit_memory(1);
| | | | 675 676 677 678 679 680 681 682 683 684 685 686 687 688 689 690 |
#endif
}
}
#endif
fossil_printf_selfcheck();
fossil_limit_memory(1);
if( sqlite3_libversion_number()<3035000 ){
fossil_panic("Unsuitable SQLite version %s, must be at least 3.35.0",
sqlite3_libversion());
}
sqlite3_config(SQLITE_CONFIG_MULTITHREAD);
sqlite3_config(SQLITE_CONFIG_LOG, fossil_sqlite_log, 0);
memset(&g, 0, sizeof(g));
g.now = time(0);
g.httpHeader = empty_blob;
|
| ︙ | ︙ |
Changes to src/manifest.c.
| ︙ | ︙ | |||
2323 2324 2325 2326 2327 2328 2329 |
}
}
if( !db_exists("SELECT 1 FROM mlink WHERE mid=%d", rid) ){
char *zCom;
parentid = manifest_add_checkin_linkages(rid,p,p->nParent,p->azParent);
search_doc_touch('c', rid, 0);
assert( manifest_event_triggers_are_enabled );
| | | > < < | 2323 2324 2325 2326 2327 2328 2329 2330 2331 2332 2333 2334 2335 2336 2337 2338 2339 2340 2341 2342 2343 2344 2345 2346 2347 2348 2349 2350 2351 2352 2353 2354 2355 |
}
}
if( !db_exists("SELECT 1 FROM mlink WHERE mid=%d", rid) ){
char *zCom;
parentid = manifest_add_checkin_linkages(rid,p,p->nParent,p->azParent);
search_doc_touch('c', rid, 0);
assert( manifest_event_triggers_are_enabled );
zCom = db_text(0,
"REPLACE INTO event(type,mtime,objid,user,comment,"
"bgcolor,euser,ecomment,omtime)"
"VALUES('ci',"
" coalesce("
" (SELECT julianday(value) FROM tagxref WHERE tagid=%d AND rid=%d),"
" %.17g"
" ),"
" %d,%Q,%Q,"
" (SELECT value FROM tagxref WHERE tagid=%d AND rid=%d AND tagtype>0),"
" (SELECT value FROM tagxref WHERE tagid=%d AND rid=%d),"
" (SELECT value FROM tagxref WHERE tagid=%d AND rid=%d),%.17g)"
"RETURNING coalesce(ecomment,comment);",
TAG_DATE, rid, p->rDate,
rid, p->zUser, p->zComment,
TAG_BGCOLOR, rid,
TAG_USER, rid,
TAG_COMMENT, rid, p->rDate
);
backlink_extract(zCom, 0, rid, BKLNK_COMMENT, p->rDate, 1);
fossil_free(zCom);
/* If this is a delta-manifest, record the fact that this repository
** contains delta manifests, to free the "commit" logic to generate
** new delta manifests.
*/
|
| ︙ | ︙ |