Fossil

Differences From Artifact [ca95dba485]:

• File src/admin.c — part of check-in [007d1ce44f] at 2008-02-07 15:08:02 on branch trunk — Rename admin_sql_page.c to admin.c. Refactor the strxform functions into SQL functions. Refactor the db_generic_query_view() routine. Fix multiple security vulnerabilities. Bring the code closer into compliance with style guidelines. (user: drh size: 2343)

To Artifact [83d1c6c6c3]:

• File src/admin.c — part of check-in [138177c30e] at 2008-02-08 16:27:25 on branch trunk — correction to the 'warning' text in admin_sql_page() (user: stephan size: 2283) [more...]

61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77

  login_check_credentials();
  if( !g.okAdmin ){
    login_needed();
    return;
  }
  style_header("Admin SQL");
  @ <hr/><h2>SQL:</h2>
  @ <span class='achtung'>You can enter arbitrary SQL here, to execute
  @ against the repo database.
  @ With great power comes great responsibility...</span><br/>
  @ <form action='' method='post'>
  @ <textarea style='border:2px solid black' name='sql'
  @  cols='80' rows='5'>%h(zSql)</textarea>
  @ <br/><input type='submit' name='sql_submit'/> <input type='reset'/>
  @ </form>
  if( zSql[0] ){
    sqlite3_set_authorizer(g.db, selectOnly, 0);

|
<
|

61
62
63
64
65
66
67
68

69
70
71
72
73
74
75
76

  login_check_credentials();
  if( !g.okAdmin ){
    login_needed();
    return;
  }
  style_header("Admin SQL");
  @ <hr/><h2>SQL:</h2>
  @ You can enter only SELECT statements here, and some SQL-side functions

  @ are also restricted.<br/>
  @ <form action='' method='post'>
  @ <textarea style='border:2px solid black' name='sql'
  @  cols='80' rows='5'>%h(zSql)</textarea>
  @ <br/><input type='submit' name='sql_submit'/> <input type='reset'/>
  @ </form>
  if( zSql[0] ){
    sqlite3_set_authorizer(g.db, selectOnly, 0);