Fossil

Check-in [a2e1f9fb40]
Login
Home Timeline Docs Branches Tickets Wiki DownloadMore...

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:More cases of incorrect permission checks.
Downloads: Tarball | ZIP archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: a2e1f9fb40a8b29cd1c91002be6e7c733ed3b2902c5aa608b63b6fc5767db4d8
User & Date: drh 2018-07-14 22:16:33.490
Context
2018-07-15
18:31
Improvements to error logging. Only log fossil_panic() calls, not fossil_fatal() calls. check-in: 06d4751a44 user: drh tags: trunk
2018-07-14
22:16
More cases of incorrect permission checks. check-in: a2e1f9fb40 user: drh tags: trunk
20:11
The -DFOSSIL_OMIT_DNS compile-time option avoids trying to link -lresolv. check-in: 023ce4edde user: drh tags: trunk
Changes
Unified Diff Ignore Whitespace Patch
Changes to src/moderate.c. 
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157

** Show all pending moderation request
*/
void modreq_page(void){
  Blob sql;
  Stmt q;

  login_check_credentials();
  if( !g.perm.RdWiki && !g.perm.RdTkt ){
    login_needed(g.anon.RdWiki && g.anon.RdTkt);
    return;
  }
  style_header("Pending Moderation Requests");
  @ <h2>All Pending Moderation Requests</h2>
  if( moderation_table_exists() ){
    blob_init(&sql, timeline_query_for_www(), -1);
    blob_append_sql(&sql,








|
|








142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157

** Show all pending moderation request
*/
void modreq_page(void){
  Blob sql;
  Stmt q;

  login_check_credentials();
  if( !g.perm.ModWiki && !g.perm.ModTkt ){
    login_needed(g.anon.ModWiki && g.anon.ModTkt);
    return;
  }
  style_header("Pending Moderation Requests");
  @ <h2>All Pending Moderation Requests</h2>
  if( moderation_table_exists() ){
    blob_init(&sql, timeline_query_for_www(), -1);
    blob_append_sql(&sql,
Changes to src/skins.c. 
718
719
720
721
722
723
724
725
726
727



728
729
730
731
732
733
734
735
736
737


  /* Figure out which skin we are editing */
  iSkin = atoi(PD("sk","1"));
  if( iSkin<1 || iSkin>9 ) iSkin = 1;

  /* Check that the user is authorized to edit this skin. */
  if( !g.perm.Setup ){
    char *zAllowedEditors = db_get_mprintf("", "draft%d-users", iSkin);
    Glob *pAllowedEditors;
    int isMatch = 0;



    if( zAllowedEditors[0] ){
      pAllowedEditors = glob_create(zAllowedEditors);
      isMatch = glob_match(pAllowedEditors, zAllowedEditors);
      glob_free(pAllowedEditors);
    }
    if( isMatch==0 ){
      login_needed(0);
      return;
    }
  }








|


>
>
>


|








718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740


  /* Figure out which skin we are editing */
  iSkin = atoi(PD("sk","1"));
  if( iSkin<1 || iSkin>9 ) iSkin = 1;

  /* Check that the user is authorized to edit this skin. */
  if( !g.perm.Setup ){
    char *zAllowedEditors = "";
    Glob *pAllowedEditors;
    int isMatch = 0;
    if( login_is_individual() ){
      zAllowedEditors = db_get_mprintf("", "draft%d-users", iSkin);
    }
    if( zAllowedEditors[0] ){
      pAllowedEditors = glob_create(zAllowedEditors);
      isMatch = glob_match(pAllowedEditors, g.zLogin);
      glob_free(pAllowedEditors);
    }
    if( isMatch==0 ){
      login_needed(0);
      return;
    }
  }
This page was generated in about 0.018s by Fossil 2.26 [1205ec86cb] 2025-04-30 16:57:32