Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | Allow the use of json_each() and json_tree() in the SQL for ticket reports. |
|---|---|
| Downloads: | Tarball | ZIP archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA3-256: |
5e7dc8a6f51818e67b52e9319fa0c383 |
| User & Date: | drh 2020-12-15 00:52:16.487 |
References
|
2021-04-07
| ||
| 23:32 | Bug fix: Restore access to tables whose names start with "fx_" in ticket reports. Broken by check-in [5e7dc8a6f51818e6]. ... (check-in: cfb6e5eae3 user: drh tags: trunk) | |
Context
|
2020-12-15
| ||
| 20:50 | Merge from trunk ... (check-in: 7b9ca24cd2 user: george tags: wiki-history) | |
| 01:13 | Alternative to check-in [a098707051568156] for getting the --static option to ./configure working on pkg-config based systems. ... (check-in: 6f9d265234 user: drh tags: trunk) | |
| 00:52 | Allow the use of json_each() and json_tree() in the SQL for ticket reports. ... (check-in: 5e7dc8a6f5 user: drh tags: trunk) | |
|
2020-12-14
| ||
| 14:27 | If REQUEST_URI includes a query string (which it does for "fossil ui" and for Apache, but not for althttpd) then omit that string prior to using the REQUEST_URI when forming the "g=" query parameter for the login redirect in login_needed(). ... (check-in: d327660804 user: drh tags: trunk) | |
Changes
Changes to src/report.c.
| ︙ | ︙ | |||
181 182 183 184 185 186 187 |
case SQLITE_SELECT:
case SQLITE_RECURSIVE:
case SQLITE_FUNCTION: {
break;
}
case SQLITE_READ: {
static const char *const azAllowed[] = {
| | < > > > < > > < > > | > > | > > > > > | | < < | | 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 |
case SQLITE_SELECT:
case SQLITE_RECURSIVE:
case SQLITE_FUNCTION: {
break;
}
case SQLITE_READ: {
static const char *const azAllowed[] = {
"backlink",
"blob",
"event",
"filename",
"json_each",
"json_tree",
"mlink",
"plink",
"tag",
"tagxref",
"ticket",
"ticketchng",
"unversioned",
};
int lwr = 0;
int upr = count(azAllowed) - 1;
int rc = 0;
if( zArg1==0 ){
/* Some legacy versions of SQLite will sometimes send spurious
** READ authorizations that have no table name. These can be
** ignored. */
rc = SQLITE_IGNORE;
break;
}
while( lwr<upr ){
int i = (lwr+upr)/2;
int rc = fossil_stricmp(zArg1, azAllowed[i]);
if( rc<0 ){
upr = i - 1;
}else if( rc>0 ){
lwr = i + 1;
}else{
break;
}
}
if( rc ){
*(char**)pError = mprintf("access to table \"%s\" is restricted",zArg1);
rc = SQLITE_DENY;
}else if( !g.perm.RdAddr && strncmp(zArg2, "private_", 8)==0 ){
rc = SQLITE_IGNORE;
}
break;
}
|
| ︙ | ︙ |