Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | Bug fix: Restore access to tables whose names start with "fx_" in ticket reports. Broken by check-in [5e7dc8a6f51818e6]. |
|---|---|
| Downloads: | Tarball | ZIP archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA3-256: |
cfb6e5eae34a00d24caeff3b087696bd |
| User & Date: | drh 2021-04-07 23:32:41.973 |
Context
|
2021-04-08
| ||
| 00:47 | But, do not allow access to private columns of fx_ tables unless the user has "Email" privilege (letter "e"). ... (check-in: 719dfbb95d user: drh tags: trunk) | |
| 00:24 | Bug fix: Restore access to tables whose names start with "fx_" in ticket reports. ... (check-in: a80b2eae4a user: drh tags: branch-2.15) | |
| 00:22 | Bug fix: Restore access to tables whose names start with "fx_" in ticket reports. ... (check-in: 3cea3a02ac user: drh tags: branch-2.14) | |
|
2021-04-07
| ||
| 23:32 | Bug fix: Restore access to tables whose names start with "fx_" in ticket reports. Broken by check-in [5e7dc8a6f51818e6]. ... (check-in: cfb6e5eae3 user: drh tags: trunk) | |
| 18:47 | In the forum, provide a hyperlink from the name of the author of each post to a timeline of their most recent posts. ... (check-in: 46d7ccd45e user: drh tags: trunk) | |
Changes
Changes to src/report.c.
| ︙ | ︙ | |||
197 198 199 200 201 202 203 |
"tagxref",
"ticket",
"ticketchng",
"unversioned",
};
int lwr = 0;
int upr = count(azAllowed) - 1;
| | > > > > > | | | | | | | 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 |
"tagxref",
"ticket",
"ticketchng",
"unversioned",
};
int lwr = 0;
int upr = count(azAllowed) - 1;
int cmp = 0;
if( zArg1==0 ){
/* Some legacy versions of SQLite will sometimes send spurious
** READ authorizations that have no table name. These can be
** ignored. */
rc = SQLITE_IGNORE;
break;
}
if( sqlite3_strnicmp(zArg1, "fx_", 3)==0 ){
/* Ok to read any table whose name begins with "fx_" */
rc = SQLITE_OK;
break;
}
while( lwr<=upr ){
int i = (lwr+upr)/2;
cmp = fossil_stricmp(zArg1, azAllowed[i]);
if( cmp<0 ){
upr = i - 1;
}else if( cmp>0 ){
lwr = i + 1;
}else{
break;
}
}
if( cmp ){
*(char**)pError = mprintf("access to table \"%s\" is restricted",zArg1);
rc = SQLITE_DENY;
}else if( !g.perm.RdAddr && sqlite3_strnicmp(zArg2, "private_", 8)==0 ){
rc = SQLITE_IGNORE;
}
break;
}
default: {
*(char**)pError = mprintf("only SELECT statements are allowed");
rc = SQLITE_DENY;
|
| ︙ | ︙ | |||
1037 1038 1039 1040 1041 1042 1043 |
struct GenerateHTML sState = { 0, 0, 0, 0, 0, 0, 0, 0, 0 };
const char *zQS = PD("QUERY_STRING","");
db_multi_exec("PRAGMA empty_result_callbacks=ON");
style_set_current_feature("report");
/*
** Lets use a funcy button for /reportlist since that page may be
| | | 1042 1043 1044 1045 1046 1047 1048 1049 1050 1051 1052 1053 1054 1055 1056 |
struct GenerateHTML sState = { 0, 0, 0, 0, 0, 0, 0, 0, 0 };
const char *zQS = PD("QUERY_STRING","");
db_multi_exec("PRAGMA empty_result_callbacks=ON");
style_set_current_feature("report");
/*
** Lets use a funcy button for /reportlist since that page may be
** heavily customized by the user. Some variants: ⊚ ⦾ ❊ ⊛ ⚛ ⸎ ð’’
** Enclosing it inside of square brackets makes its position
** determenistic and clearly distincts regular submenu links from
** those that are induced by the query string parameters.
*/
if( zQS[0] ){
style_submenu_element("Raw","%R/%s?tablist=1&%s",g.zPath,zQS);
style_submenu_element("[⊚]","%R/reportlist?%s",zQS);
|
| ︙ | ︙ |