Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
Comment: | More cases of incorrect permission checks. |
---|---|
Downloads: | Tarball | ZIP archive | SQL archive |
Timelines: | family | ancestors | descendants | both | trunk |
Files: | files | file ages | folders |
SHA3-256: |
a2e1f9fb40a8b29cd1c91002be6e7c73 |
User & Date: | drh 2018-07-14 22:16:33 |
Context
2018-07-15
| ||
18:31 | Improvements to error logging. Only log fossil_panic() calls, not fossil_fatal() calls. ... (check-in: 06d4751a user: drh tags: trunk) | |
2018-07-14
| ||
22:16 | More cases of incorrect permission checks. ... (check-in: a2e1f9fb user: drh tags: trunk) | |
20:11 | The -DFOSSIL_OMIT_DNS compile-time option avoids trying to link -lresolv. ... (check-in: 023ce4ed user: drh tags: trunk) | |
Changes
Changes to src/moderate.c.
︙ | ︙ | |||
142 143 144 145 146 147 148 | ** Show all pending moderation request */ void modreq_page(void){ Blob sql; Stmt q; login_check_credentials(); | | | | 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 | ** Show all pending moderation request */ void modreq_page(void){ Blob sql; Stmt q; login_check_credentials(); if( !g.perm.ModWiki && !g.perm.ModTkt ){ login_needed(g.anon.ModWiki && g.anon.ModTkt); return; } style_header("Pending Moderation Requests"); @ <h2>All Pending Moderation Requests</h2> if( moderation_table_exists() ){ blob_init(&sql, timeline_query_for_www(), -1); blob_append_sql(&sql, |
︙ | ︙ |
Changes to src/skins.c.
︙ | ︙ | |||
718 719 720 721 722 723 724 | /* Figure out which skin we are editing */ iSkin = atoi(PD("sk","1")); if( iSkin<1 || iSkin>9 ) iSkin = 1; /* Check that the user is authorized to edit this skin. */ if( !g.perm.Setup ){ | | > > > | | 718 719 720 721 722 723 724 725 726 727 728 729 730 731 732 733 734 735 736 737 738 739 740 | /* Figure out which skin we are editing */ iSkin = atoi(PD("sk","1")); if( iSkin<1 || iSkin>9 ) iSkin = 1; /* Check that the user is authorized to edit this skin. */ if( !g.perm.Setup ){ char *zAllowedEditors = ""; Glob *pAllowedEditors; int isMatch = 0; if( login_is_individual() ){ zAllowedEditors = db_get_mprintf("", "draft%d-users", iSkin); } if( zAllowedEditors[0] ){ pAllowedEditors = glob_create(zAllowedEditors); isMatch = glob_match(pAllowedEditors, g.zLogin); glob_free(pAllowedEditors); } if( isMatch==0 ){ login_needed(0); return; } } |
︙ | ︙ |