Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | The allow-symlinks setting is disabled by default and is not versionable, unless Fossil is compiled with the FOSSIL_LEGACY_ALLOW_SYMLINKS flag, in which case it follows the historic behavior. |
|---|---|
| Downloads: | Tarball | ZIP archive |
| Timelines: | family | ancestors | descendants | both | sec2020-2.12-patch |
| Files: | files | file ages | folders |
| SHA3-256: |
cdc90f0c3b0f6eafc0a73ecb0d2cc92a |
| User & Date: | drh 2020-08-19 21:08:22.566 |
Context
|
2020-08-20
| ||
| 00:04 | Report the use of FOSSIL_LEGACY_ALLOW_SYMLINKS in the output "fossil version -v". Closed-Leaf check-in: 89d950efd0 user: drh tags: sec2020-2.12-patch | |
|
2020-08-19
| ||
| 21:08 | The allow-symlinks setting is disabled by default and is not versionable, unless Fossil is compiled with the FOSSIL_LEGACY_ALLOW_SYMLINKS flag, in which case it follows the historic behavior. check-in: cdc90f0c3b user: drh tags: sec2020-2.12-patch | |
| 12:58 | Merge additional symlink fixes. Back out comment-only changes from url.c. check-in: 0ea17c2b11 user: drh tags: sec2020-2.12-patch | |
Changes
Changes to src/checkin.c.
| ︙ | ︙ | |||
854 855 856 857 858 859 860 861 862 863 864 865 866 867 868 869 |
/* We should be done with options.. */
verify_all_options();
if( zIgnoreFlag==0 ){
zIgnoreFlag = db_get("ignore-glob", 0);
}
pIgnore = glob_create(zIgnoreFlag);
/* Always consider symlinks. */
g.allowSymlinks = db_allow_symlinks_by_default();
locate_unmanaged_files(g.argc-2, g.argv+2, scanFlags, pIgnore);
glob_free(pIgnore);
blob_zero(&report);
status_report(&report, flags);
if( blob_size(&report) ){
if( showHdr ){
| > > | 854 855 856 857 858 859 860 861 862 863 864 865 866 867 868 869 870 871 |
/* We should be done with options.. */
verify_all_options();
if( zIgnoreFlag==0 ){
zIgnoreFlag = db_get("ignore-glob", 0);
}
pIgnore = glob_create(zIgnoreFlag);
#ifdef FOSSIL_LEGACY_ALLOW_SYMLINKS
/* Always consider symlinks. */
g.allowSymlinks = db_allow_symlinks_by_default();
#endif
locate_unmanaged_files(g.argc-2, g.argv+2, scanFlags, pIgnore);
glob_free(pIgnore);
blob_zero(&report);
status_report(&report, flags);
if( blob_size(&report) ){
if( showHdr ){
|
| ︙ | ︙ | |||
1013 1014 1015 1016 1017 1018 1019 1020 1021 1022 1023 1024 1025 1026 1027 1028 |
}
if( db_get_boolean("dotfiles", 0) ) scanFlags |= SCAN_ALL;
verify_all_options();
pIgnore = glob_create(zIgnoreFlag);
pKeep = glob_create(zKeepFlag);
pClean = glob_create(zCleanFlag);
nRoot = (int)strlen(g.zLocalRoot);
/* Always consider symlinks. */
g.allowSymlinks = db_allow_symlinks_by_default();
if( !dirsOnlyFlag ){
Stmt q;
Blob repo;
if( !dryRunFlag && !disableUndo ) undo_begin();
locate_unmanaged_files(g.argc-2, g.argv+2, scanFlags, pIgnore);
db_prepare(&q,
"SELECT %Q || pathname FROM sfile"
| > > | 1015 1016 1017 1018 1019 1020 1021 1022 1023 1024 1025 1026 1027 1028 1029 1030 1031 1032 |
}
if( db_get_boolean("dotfiles", 0) ) scanFlags |= SCAN_ALL;
verify_all_options();
pIgnore = glob_create(zIgnoreFlag);
pKeep = glob_create(zKeepFlag);
pClean = glob_create(zCleanFlag);
nRoot = (int)strlen(g.zLocalRoot);
#ifdef FOSSIL_LEGACY_ALLOW_SYMLINKS
/* Always consider symlinks. */
g.allowSymlinks = db_allow_symlinks_by_default();
#endif
if( !dirsOnlyFlag ){
Stmt q;
Blob repo;
if( !dryRunFlag && !disableUndo ) undo_begin();
locate_unmanaged_files(g.argc-2, g.argv+2, scanFlags, pIgnore);
db_prepare(&q,
"SELECT %Q || pathname FROM sfile"
|
| ︙ | ︙ |
Changes to src/configure.c.
| ︙ | ︙ | |||
141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 |
{ "clean-glob", CONFIGSET_PROJ },
{ "ignore-glob", CONFIGSET_PROJ },
{ "keep-glob", CONFIGSET_PROJ },
{ "crlf-glob", CONFIGSET_PROJ },
{ "crnl-glob", CONFIGSET_PROJ },
{ "encoding-glob", CONFIGSET_PROJ },
{ "empty-dirs", CONFIGSET_PROJ },
{ "allow-symlinks", CONFIGSET_PROJ },
{ "dotfiles", CONFIGSET_PROJ },
{ "parent-project-code", CONFIGSET_PROJ },
{ "parent-project-name", CONFIGSET_PROJ },
{ "hash-policy", CONFIGSET_PROJ },
{ "comment-format", CONFIGSET_PROJ },
{ "mimetypes", CONFIGSET_PROJ },
{ "forbid-delta-manifests", CONFIGSET_PROJ },
| > > | 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 |
{ "clean-glob", CONFIGSET_PROJ },
{ "ignore-glob", CONFIGSET_PROJ },
{ "keep-glob", CONFIGSET_PROJ },
{ "crlf-glob", CONFIGSET_PROJ },
{ "crnl-glob", CONFIGSET_PROJ },
{ "encoding-glob", CONFIGSET_PROJ },
{ "empty-dirs", CONFIGSET_PROJ },
#ifdef FOSSIL_LEGACY_ALLOW_SYMLINKS
{ "allow-symlinks", CONFIGSET_PROJ },
#endif
{ "dotfiles", CONFIGSET_PROJ },
{ "parent-project-code", CONFIGSET_PROJ },
{ "parent-project-name", CONFIGSET_PROJ },
{ "hash-policy", CONFIGSET_PROJ },
{ "comment-format", CONFIGSET_PROJ },
{ "mimetypes", CONFIGSET_PROJ },
{ "forbid-delta-manifests", CONFIGSET_PROJ },
|
| ︙ | ︙ |
Changes to src/db.c.
| ︙ | ︙ | |||
1823 1824 1825 1826 1827 1828 1829 |
}
/*
** Returns non-zero if the default value for the "allow-symlinks" setting
** is "on". When on Windows, this always returns false.
*/
int db_allow_symlinks_by_default(void){
| | | 1823 1824 1825 1826 1827 1828 1829 1830 1831 1832 1833 1834 1835 1836 1837 |
}
/*
** Returns non-zero if the default value for the "allow-symlinks" setting
** is "on". When on Windows, this always returns false.
*/
int db_allow_symlinks_by_default(void){
#if defined(_WIN32) || !defined(FOSSIL_LEGACY_ALLOW_SYMLINKS)
return 0;
#else
return 1;
#endif
}
/*
|
| ︙ | ︙ | |||
2954 2955 2956 2957 2958 2959 2960 2961 2962 2963 2964 2965 2966 2967 2968 2969 2970 2971 2972 2973 2974 |
dflt = 1;
}else if( is_false(zVal) ){
dflt = 0;
}
fossil_free(zVal);
return dflt;
}
int db_get_versioned_boolean(const char *zName, int dflt){
char *zVal = db_get_versioned(zName, 0);
if( zVal==0 ) return dflt;
if( is_truth(zVal) ) return 1;
if( is_false(zVal) ) return 0;
return dflt;
}
char *db_lget(const char *zName, const char *zDefault){
return db_text(zDefault,
"SELECT value FROM vvar WHERE name=%Q", zName);
}
void db_lset(const char *zName, const char *zValue){
db_multi_exec("REPLACE INTO vvar(name,value) VALUES(%Q,%Q)", zName, zValue);
}
| > > | 2954 2955 2956 2957 2958 2959 2960 2961 2962 2963 2964 2965 2966 2967 2968 2969 2970 2971 2972 2973 2974 2975 2976 |
dflt = 1;
}else if( is_false(zVal) ){
dflt = 0;
}
fossil_free(zVal);
return dflt;
}
#ifdef FOSSIL_LEGACY_ALLOW_SYMLINKS
int db_get_versioned_boolean(const char *zName, int dflt){
char *zVal = db_get_versioned(zName, 0);
if( zVal==0 ) return dflt;
if( is_truth(zVal) ) return 1;
if( is_false(zVal) ) return 0;
return dflt;
}
#endif /* FOSSIL_LEGACY_ALLOW_SYMLINK */
char *db_lget(const char *zName, const char *zDefault){
return db_text(zDefault,
"SELECT value FROM vvar WHERE name=%Q", zName);
}
void db_lset(const char *zName, const char *zValue){
db_multi_exec("REPLACE INTO vvar(name,value) VALUES(%Q,%Q)", zName, zValue);
}
|
| ︙ | ︙ | |||
3163 3164 3165 3166 3167 3168 3169 3170 3171 3172 3173 3174 3175 3176 3177 |
** See also: [[close]], [[clone]]
*/
void cmd_open(void){
int emptyFlag;
int keepFlag;
int forceMissingFlag;
int allowNested;
int allowSymlinks;
int setmtimeFlag; /* --setmtime. Set mtimes on files */
int bForce = 0; /* --force. Open even if non-empty dir */
static char *azNewArgv[] = { 0, "checkout", "--prompt", 0, 0, 0, 0 };
const char *zWorkDir; /* --workdir value */
const char *zRepo = 0; /* Name of the repository file */
const char *zRepoDir = 0; /* --repodir value */
char *zPwd; /* Initial working directory */
| > > | 3165 3166 3167 3168 3169 3170 3171 3172 3173 3174 3175 3176 3177 3178 3179 3180 3181 |
** See also: [[close]], [[clone]]
*/
void cmd_open(void){
int emptyFlag;
int keepFlag;
int forceMissingFlag;
int allowNested;
#ifdef FOSSIL_LEGACY_ALLOW_SYMLINKS
int allowSymlinks;
#endif
int setmtimeFlag; /* --setmtime. Set mtimes on files */
int bForce = 0; /* --force. Open even if non-empty dir */
static char *azNewArgv[] = { 0, "checkout", "--prompt", 0, 0, 0, 0 };
const char *zWorkDir; /* --workdir value */
const char *zRepo = 0; /* Name of the repository file */
const char *zRepoDir = 0; /* --repodir value */
char *zPwd; /* Initial working directory */
|
| ︙ | ︙ | |||
3274 3275 3276 3277 3278 3279 3280 3281 3282 3283 3284 3285 3286 3287 3288 3289 3290 3291 3292 3293 3294 3295 3296 3297 3298 3299 3300 3301 3302 3303 3304 3305 3306 3307 3308 3309 3310 3311 3312 3313 3314 3315 3316 3317 3318 3319 3320 3321 3322 3323 3324 3325 3326 3327 3328 3329 |
if( g.argc==4 ){
g.zOpenRevision = g.argv[3];
}else if( db_exists("SELECT 1 FROM event WHERE type='ci'") ){
g.zOpenRevision = db_get("main-branch", 0);
}
}
if( g.zOpenRevision ){
/* Since the repository is open and we know the revision now,
** refresh the allow-symlinks flag. Since neither the local
** checkout nor the configuration database are open at this
** point, this should always return the versioned setting,
** if any, or the default value, which is negative one. The
** value negative one, in this context, means that the code
** below should fallback to using the setting value from the
** repository or global configuration databases only. */
allowSymlinks = db_get_versioned_boolean("allow-symlinks", -1);
}else{
allowSymlinks = -1; /* Use non-versioned settings only. */
}
#if defined(_WIN32) || defined(__CYGWIN__)
# define LOCALDB_NAME "./_FOSSIL_"
#else
# define LOCALDB_NAME "./.fslckout"
#endif
db_init_database(LOCALDB_NAME, zLocalSchema, zLocalSchemaVmerge,
#ifdef FOSSIL_LOCAL_WAL
"COMMIT; PRAGMA journal_mode=WAL; BEGIN;",
#endif
(char*)0);
db_delete_on_failure(LOCALDB_NAME);
db_open_local(0);
if( allowSymlinks>=0 ){
/* Use the value from the versioned setting, which was read
** prior to opening the local checkout (i.e. which is most
** likely empty and does not actually contain any versioned
** setting files yet). Normally, this value would be given
** first priority within db_get_boolean(); however, this is
** a special case because we know the on-disk files may not
** exist yet. */
g.allowSymlinks = allowSymlinks;
}else{
/* Since the local checkout may not have any files at this
** point, this will probably be the setting value from the
** repository or global configuration databases. */
g.allowSymlinks = db_get_boolean("allow-symlinks",
db_allow_symlinks_by_default());
}
db_lset("repository", zRepo);
db_record_repository_filename(zRepo);
db_set_checkout(0);
azNewArgv[0] = g.argv[0];
g.argv = azNewArgv;
if( !emptyFlag ){
g.argc = 3;
| > > > > | 3278 3279 3280 3281 3282 3283 3284 3285 3286 3287 3288 3289 3290 3291 3292 3293 3294 3295 3296 3297 3298 3299 3300 3301 3302 3303 3304 3305 3306 3307 3308 3309 3310 3311 3312 3313 3314 3315 3316 3317 3318 3319 3320 3321 3322 3323 3324 3325 3326 3327 3328 3329 3330 3331 3332 3333 3334 3335 3336 3337 |
if( g.argc==4 ){
g.zOpenRevision = g.argv[3];
}else if( db_exists("SELECT 1 FROM event WHERE type='ci'") ){
g.zOpenRevision = db_get("main-branch", 0);
}
}
#ifdef FOSSIL_LEGACY_ALLOW_SYMLINKS
if( g.zOpenRevision ){
/* Since the repository is open and we know the revision now,
** refresh the allow-symlinks flag. Since neither the local
** checkout nor the configuration database are open at this
** point, this should always return the versioned setting,
** if any, or the default value, which is negative one. The
** value negative one, in this context, means that the code
** below should fallback to using the setting value from the
** repository or global configuration databases only. */
allowSymlinks = db_get_versioned_boolean("allow-symlinks", -1);
}else{
allowSymlinks = -1; /* Use non-versioned settings only. */
}
#endif
#if defined(_WIN32) || defined(__CYGWIN__)
# define LOCALDB_NAME "./_FOSSIL_"
#else
# define LOCALDB_NAME "./.fslckout"
#endif
db_init_database(LOCALDB_NAME, zLocalSchema, zLocalSchemaVmerge,
#ifdef FOSSIL_LOCAL_WAL
"COMMIT; PRAGMA journal_mode=WAL; BEGIN;",
#endif
(char*)0);
db_delete_on_failure(LOCALDB_NAME);
db_open_local(0);
#ifdef FOSSIL_LEGACY_ALLOW_SYMLINKS
if( allowSymlinks>=0 ){
/* Use the value from the versioned setting, which was read
** prior to opening the local checkout (i.e. which is most
** likely empty and does not actually contain any versioned
** setting files yet). Normally, this value would be given
** first priority within db_get_boolean(); however, this is
** a special case because we know the on-disk files may not
** exist yet. */
g.allowSymlinks = allowSymlinks;
}else{
/* Since the local checkout may not have any files at this
** point, this will probably be the setting value from the
** repository or global configuration databases. */
g.allowSymlinks = db_get_boolean("allow-symlinks",
db_allow_symlinks_by_default());
}
#endif /* FOSSIL_LEGACY_ALLOW_SYMLINKS */
db_lset("repository", zRepo);
db_record_repository_filename(zRepo);
db_set_checkout(0);
azNewArgv[0] = g.argv[0];
g.argv = azNewArgv;
if( !emptyFlag ){
g.argc = 3;
|
| ︙ | ︙ | |||
3427 3428 3429 3430 3431 3432 3433 | */ /* ** SETTING: admin-log boolean default=off ** ** When the admin-log setting is enabled, configuration changes are recorded ** in the "admin_log" table of the repository. */ | > > > > > > > > > > > > > > > > > > | | | 3435 3436 3437 3438 3439 3440 3441 3442 3443 3444 3445 3446 3447 3448 3449 3450 3451 3452 3453 3454 3455 3456 3457 3458 3459 3460 3461 3462 3463 3464 3465 3466 3467 3468 3469 3470 3471 3472 3473 3474 3475 3476 3477 3478 | */ /* ** SETTING: admin-log boolean default=off ** ** When the admin-log setting is enabled, configuration changes are recorded ** in the "admin_log" table of the repository. */ #if !defined(FOSSIL_LEGACY_ALLOW_SYMLINKS) /* ** SETTING: allow-symlinks boolean default=off ** ** When allow-symlinks is OFF (which is the default and recommended setting) ** symbolic links are treated like text files that contain a single line of ** content which is the name of their target. If allow-symlinks is ON, ** the symbolic links are actually followed. ** ** The use of symbolic links is dangerous. If you checkout a maliciously ** crafted checkin that contains symbolic links, it is possible that files ** outside of the working directory might be overwritten. ** ** Keep this setting OFF unless you have a very good reason to turn it ** on and you implicitly trust the integrity of the repositories you ** open. */ #endif #if defined(_WIN32) && defined(FOSSIL_LEGACY_ALLOW_SYMLINKS) /* ** SETTING: allow-symlinks boolean default=off versionable ** ** When allow-symlinks is OFF, symbolic links in the repository are followed ** and treated no differently from real files. When allow-symlinks is ON, ** the object to which the symbolic link points is ignored, and the content ** of the symbolic link that is stored in the repository is the name of the ** object to which the symbolic link points. */ #endif #if !defined(_WIN32) && defined(FOSSIL_LEGACY_ALLOW_SYMLINKS) /* ** SETTING: allow-symlinks boolean default=on versionable ** ** When allow-symlinks is OFF, symbolic links in the repository are followed ** and treated no differently from real files. When allow-symlinks is ON, ** the object to which the symbolic link points is ignored, and the content ** of the symbolic link that is stored in the repository is the name of the |
| ︙ | ︙ |
Changes to src/json_config.c.
| ︙ | ︙ | |||
81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 |
{ "clean-glob", CONFIGSET_PROJ },
{ "ignore-glob", CONFIGSET_PROJ },
{ "keep-glob", CONFIGSET_PROJ },
{ "crlf-glob", CONFIGSET_PROJ },
{ "crnl-glob", CONFIGSET_PROJ },
{ "encoding-glob", CONFIGSET_PROJ },
{ "empty-dirs", CONFIGSET_PROJ },
{ "allow-symlinks", CONFIGSET_PROJ },
{ "dotfiles", CONFIGSET_PROJ },
{ "ticket-table", CONFIGSET_TKT },
{ "ticket-common", CONFIGSET_TKT },
{ "ticket-change", CONFIGSET_TKT },
{ "ticket-newpage", CONFIGSET_TKT },
{ "ticket-viewpage", CONFIGSET_TKT },
| > > | 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 |
{ "clean-glob", CONFIGSET_PROJ },
{ "ignore-glob", CONFIGSET_PROJ },
{ "keep-glob", CONFIGSET_PROJ },
{ "crlf-glob", CONFIGSET_PROJ },
{ "crnl-glob", CONFIGSET_PROJ },
{ "encoding-glob", CONFIGSET_PROJ },
{ "empty-dirs", CONFIGSET_PROJ },
#ifdef FOSSIL_LEGACY_ALLOW_SYMLINKS
{ "allow-symlinks", CONFIGSET_PROJ },
#endif
{ "dotfiles", CONFIGSET_PROJ },
{ "ticket-table", CONFIGSET_TKT },
{ "ticket-common", CONFIGSET_TKT },
{ "ticket-change", CONFIGSET_TKT },
{ "ticket-newpage", CONFIGSET_TKT },
{ "ticket-viewpage", CONFIGSET_TKT },
|
| ︙ | ︙ |