| ︙ | | | ︙ | |
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
|
zScript = ticket_reportlist_code();
if( g.thTrace ) Th_Trace("BEGIN_REPORTLIST_SCRIPT<br />\n", -1);
blob_zero(&ril);
ticket_init();
db_prepare(&q, "SELECT rn, title, owner FROM reportfmt ORDER BY title");
while( db_step(&q)==SQLITE_ROW ){
const char *zTitle = db_column_text(&q, 1);
const char *zOwner = db_column_text(&q, 2);
if( zTitle[0] =='_' && !g.perm.TktFmt ){
continue;
}
rn = db_column_int(&q, 0);
cnt++;
|
|
|
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
|
zScript = ticket_reportlist_code();
if( g.thTrace ) Th_Trace("BEGIN_REPORTLIST_SCRIPT<br />\n", -1);
blob_zero(&ril);
ticket_init();
db_prepare(&q, "SELECT rn, title, owner FROM reportfmt ORDER BY title");
while( db_step(&q)==SQLITE4_ROW ){
const char *zTitle = db_column_text(&q, 1);
const char *zOwner = db_column_text(&q, 2);
if( zTitle[0] =='_' && !g.perm.TktFmt ){
continue;
}
rn = db_column_int(&q, 0);
cnt++;
|
| ︙ | | | ︙ | |
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
|
void *pError,
int code,
const char *zArg1,
const char *zArg2,
const char *zArg3,
const char *zArg4
){
int rc = SQLITE_OK;
if( *(char**)pError ){
/* We've already seen an error. No need to continue. */
return SQLITE_OK;
}
switch( code ){
case SQLITE_SELECT:
case SQLITE_FUNCTION: {
break;
}
case SQLITE_READ: {
static const char *azAllowed[] = {
"ticket",
"blob",
"filename",
"mlink",
"plink",
"event",
"tag",
"tagxref",
};
int i;
for(i=0; i<sizeof(azAllowed)/sizeof(azAllowed[0]); i++){
if( fossil_stricmp(zArg1, azAllowed[i])==0 ) break;
}
if( i>=sizeof(azAllowed)/sizeof(azAllowed[0]) ){
*(char**)pError = mprintf("access to table \"%s\" is restricted",zArg1);
rc = SQLITE_DENY;
}else if( !g.perm.RdAddr && strncmp(zArg2, "private_", 8)==0 ){
rc = SQLITE_IGNORE;
}
break;
}
default: {
*(char**)pError = mprintf("only SELECT statements are allowed");
rc = SQLITE_DENY;
break;
}
}
return rc;
}
/*
|
|
|
|
|
|
|
|
|
|
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
|
void *pError,
int code,
const char *zArg1,
const char *zArg2,
const char *zArg3,
const char *zArg4
){
int rc = SQLITE4_OK;
if( *(char**)pError ){
/* We've already seen an error. No need to continue. */
return SQLITE4_OK;
}
switch( code ){
case SQLITE4_SELECT:
case SQLITE4_FUNCTION: {
break;
}
case SQLITE4_READ: {
static const char *azAllowed[] = {
"ticket",
"blob",
"filename",
"mlink",
"plink",
"event",
"tag",
"tagxref",
};
int i;
for(i=0; i<sizeof(azAllowed)/sizeof(azAllowed[0]); i++){
if( fossil_stricmp(zArg1, azAllowed[i])==0 ) break;
}
if( i>=sizeof(azAllowed)/sizeof(azAllowed[0]) ){
*(char**)pError = mprintf("access to table \"%s\" is restricted",zArg1);
rc = SQLITE4_DENY;
}else if( !g.perm.RdAddr && strncmp(zArg2, "private_", 8)==0 ){
rc = SQLITE4_IGNORE;
}
break;
}
default: {
*(char**)pError = mprintf("only SELECT statements are allowed");
rc = SQLITE4_DENY;
break;
}
}
return rc;
}
/*
|
| ︙ | | | ︙ | |
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
|
}
}
}
/* Compile the statement and check for illegal accesses or syntax errors. */
report_restrict_sql(&zErr);
rc = sqlite4_prepare(g.db, zSql, -1, &pStmt, &zTail);
if( rc!=SQLITE_OK ){
zErr = mprintf("Syntax error: %s", sqlite4_errmsg(g.db));
}
if( !sqlite4_stmt_readonly(pStmt) ){
zErr = mprintf("SQL must not modify the database");
}
if( pStmt ){
sqlite4_finalize(pStmt);
|
|
|
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
|
}
}
}
/* Compile the statement and check for illegal accesses or syntax errors. */
report_restrict_sql(&zErr);
rc = sqlite4_prepare(g.db, zSql, -1, &pStmt, &zTail);
if( rc!=SQLITE4_OK ){
zErr = mprintf("Syntax error: %s", sqlite4_errmsg(g.db));
}
if( !sqlite4_stmt_readonly(pStmt) ){
zErr = mprintf("SQL must not modify the database");
}
if( pStmt ){
sqlite4_finalize(pStmt);
|
| ︙ | | | ︙ | |
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
|
login_needed();
return;
}
rn = atoi(PD("rn","0"));
db_prepare(&q, "SELECT title, sqlcode, owner, cols "
"FROM reportfmt WHERE rn=%d",rn);
style_header("SQL For Report Format Number %d", rn);
if( db_step(&q)!=SQLITE_ROW ){
@ <p>Unknown report number: %d(rn)</p>
style_footer();
return;
}
zTitle = db_column_text(&q, 0);
zSQL = db_column_text(&q, 1);
zOwner = db_column_text(&q, 2);
|
|
|
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
|
login_needed();
return;
}
rn = atoi(PD("rn","0"));
db_prepare(&q, "SELECT title, sqlcode, owner, cols "
"FROM reportfmt WHERE rn=%d",rn);
style_header("SQL For Report Format Number %d", rn);
if( db_step(&q)!=SQLITE4_ROW ){
@ <p>Unknown report number: %d(rn)</p>
style_footer();
return;
}
zTitle = db_column_text(&q, 0);
zSQL = db_column_text(&q, 1);
zOwner = db_column_text(&q, 2);
|
| ︙ | | | ︙ | |
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
|
zTitle = "";
zSQL = ticket_report_template();
zClrKey = ticket_key_template();
}else{
Stmt q;
db_prepare(&q, "SELECT title, sqlcode, owner, cols "
"FROM reportfmt WHERE rn=%d",rn);
if( db_step(&q)==SQLITE_ROW ){
zTitle = db_column_malloc(&q, 0);
zSQL = db_column_malloc(&q, 1);
zOwner = db_column_malloc(&q, 2);
zClrKey = db_column_malloc(&q, 3);
}
db_finalize(&q);
if( P("copy") ){
|
|
|
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
|
zTitle = "";
zSQL = ticket_report_template();
zClrKey = ticket_key_template();
}else{
Stmt q;
db_prepare(&q, "SELECT title, sqlcode, owner, cols "
"FROM reportfmt WHERE rn=%d",rn);
if( db_step(&q)==SQLITE4_ROW ){
zTitle = db_column_malloc(&q, 0);
zSQL = db_column_malloc(&q, 1);
zOwner = db_column_malloc(&q, 2);
zClrKey = db_column_malloc(&q, 3);
}
db_finalize(&q);
if( P("copy") ){
|
| ︙ | | | ︙ | |
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
|
int sqlite4_exec_readonly(
sqlite4 *db, /* The database on which the SQL executes */
const char *zSql, /* The SQL to be executed */
sqlite4_callback xCallback, /* Invoke this callback routine */
void *pArg, /* First argument to xCallback() */
char **pzErrMsg /* Write error messages here */
){
int rc = SQLITE_OK; /* Return code */
const char *zLeftover; /* Tail of unprocessed SQL */
sqlite4_stmt *pStmt = 0; /* The current SQL statement */
char **azCols = 0; /* Names of result columns */
int nCol; /* Number of columns of output */
char **azVals = 0; /* Text of all output columns */
int i; /* Loop counter */
pStmt = 0;
rc = sqlite4_prepare(db, zSql, -1, &pStmt, &zLeftover);
assert( rc==SQLITE_OK || pStmt==0 );
if( rc!=SQLITE_OK ){
return rc;
}
if( !pStmt ){
/* this happens for a comment or white-space */
return SQLITE_OK;
}
if( !sqlite4_stmt_readonly(pStmt) ){
sqlite4_finalize(pStmt);
return SQLITE_ERROR;
}
nCol = sqlite4_column_count(pStmt);
azVals = fossil_malloc(2*nCol*sizeof(const char*) + 1);
while( (rc = sqlite4_step(pStmt))==SQLITE_ROW ){
if( azCols==0 ){
azCols = &azVals[nCol];
for(i=0; i<nCol; i++){
azCols[i] = (char *)sqlite4_column_name(pStmt, i);
}
}
for(i=0; i<nCol; i++){
|
|
|
|
|
|
|
|
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
|
int sqlite4_exec_readonly(
sqlite4 *db, /* The database on which the SQL executes */
const char *zSql, /* The SQL to be executed */
sqlite4_callback xCallback, /* Invoke this callback routine */
void *pArg, /* First argument to xCallback() */
char **pzErrMsg /* Write error messages here */
){
int rc = SQLITE4_OK; /* Return code */
const char *zLeftover; /* Tail of unprocessed SQL */
sqlite4_stmt *pStmt = 0; /* The current SQL statement */
char **azCols = 0; /* Names of result columns */
int nCol; /* Number of columns of output */
char **azVals = 0; /* Text of all output columns */
int i; /* Loop counter */
pStmt = 0;
rc = sqlite4_prepare(db, zSql, -1, &pStmt, &zLeftover);
assert( rc==SQLITE4_OK || pStmt==0 );
if( rc!=SQLITE4_OK ){
return rc;
}
if( !pStmt ){
/* this happens for a comment or white-space */
return SQLITE4_OK;
}
if( !sqlite4_stmt_readonly(pStmt) ){
sqlite4_finalize(pStmt);
return SQLITE4_ERROR;
}
nCol = sqlite4_column_count(pStmt);
azVals = fossil_malloc(2*nCol*sizeof(const char*) + 1);
while( (rc = sqlite4_step(pStmt))==SQLITE4_ROW ){
if( azCols==0 ){
azCols = &azVals[nCol];
for(i=0; i<nCol; i++){
azCols[i] = (char *)sqlite4_column_name(pStmt, i);
}
}
for(i=0; i<nCol; i++){
|
| ︙ | | | ︙ | |
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
|
cgi_redirect("reportlist");
return;
}
tabs = P("tablist")!=0;
/* view_add_functions(tabs); */
db_prepare(&q,
"SELECT title, sqlcode, owner, cols FROM reportfmt WHERE rn=%d", rn);
if( db_step(&q)!=SQLITE_ROW ){
cgi_redirect("reportlist");
return;
}
zTitle = db_column_malloc(&q, 0);
zSql = db_column_malloc(&q, 1);
zOwner = db_column_malloc(&q, 2);
zClrKey = db_column_malloc(&q, 3);
|
|
|
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
|
cgi_redirect("reportlist");
return;
}
tabs = P("tablist")!=0;
/* view_add_functions(tabs); */
db_prepare(&q,
"SELECT title, sqlcode, owner, cols FROM reportfmt WHERE rn=%d", rn);
if( db_step(&q)!=SQLITE4_ROW ){
cgi_redirect("reportlist");
return;
}
zTitle = db_column_malloc(&q, 0);
zSql = db_column_malloc(&q, 1);
zOwner = db_column_malloc(&q, 2);
zClrKey = db_column_malloc(&q, 3);
|
| ︙ | | | ︙ | |
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
|
Stmt q;
char const aRptOutFrmt[] = "%s\t%s\n";
fossil_print("Available reports:\n");
fossil_print(aRptOutFrmt,"report number","report title");
fossil_print(aRptOutFrmt,zFullTicketRptRn,zFullTicketRptTitle);
db_prepare(&q,"SELECT rn,title FROM reportfmt ORDER BY rn");
while( db_step(&q)==SQLITE_ROW ){
const char *zRn = db_column_text(&q, 0);
const char *zTitle = db_column_text(&q, 1);
fossil_print(aRptOutFrmt,zRn,zTitle);
}
db_finalize(&q);
}
|
|
|
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
|
Stmt q;
char const aRptOutFrmt[] = "%s\t%s\n";
fossil_print("Available reports:\n");
fossil_print(aRptOutFrmt,"report number","report title");
fossil_print(aRptOutFrmt,zFullTicketRptRn,zFullTicketRptTitle);
db_prepare(&q,"SELECT rn,title FROM reportfmt ORDER BY rn");
while( db_step(&q)==SQLITE4_ROW ){
const char *zRn = db_column_text(&q, 0);
const char *zTitle = db_column_text(&q, 1);
fossil_print(aRptOutFrmt,zRn,zTitle);
}
db_finalize(&q);
}
|
| ︙ | | | ︙ | |
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
|
if( rn ){
db_prepare(&q,
"SELECT sqlcode FROM reportfmt WHERE rn=%d", rn);
}else{
db_prepare(&q,
"SELECT sqlcode FROM reportfmt WHERE title=%Q", zRep);
}
if( db_step(&q)!=SQLITE_ROW ){
db_finalize(&q);
rpt_list_reports();
fossil_fatal("unknown report format(%s)!",zRep);
}
zSql = db_column_malloc(&q, 0);
db_finalize(&q);
}
|
|
|
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
|
if( rn ){
db_prepare(&q,
"SELECT sqlcode FROM reportfmt WHERE rn=%d", rn);
}else{
db_prepare(&q,
"SELECT sqlcode FROM reportfmt WHERE title=%Q", zRep);
}
if( db_step(&q)!=SQLITE4_ROW ){
db_finalize(&q);
rpt_list_reports();
fossil_fatal("unknown report format(%s)!",zRep);
}
zSql = db_column_malloc(&q, 0);
db_finalize(&q);
}
|
| ︙ | | | ︙ | |