Fossil

Check-in [78a6270f]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:The RSS feed is restricted to the permissions granted to user 'nobody'. Ticket [09ba8cea6f]
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: 78a6270fdc6ee90ae2edeac25ec94f2004cf6624
User & Date: drh 2010-02-05 16:22:30
References
2010-04-21
23:43 Ticket [9c8d43bf] RSS permissions too strict status still Open with 2 other changes artifact: d23726de user: drh
2010-02-05
17:06 Fixed ticket [09ba8cea]: RSS Feed ignores access control plus 2 other changes artifact: 947db1ca user: drh
Context
2010-02-05
16:57
Force the method to be /xfer if the content type is application/x-fossil. check-in: 94bb3134 user: drh tags: trunk
16:22
The RSS feed is restricted to the permissions granted to user 'nobody'. Ticket [09ba8cea6f] check-in: 78a6270f user: drh tags: trunk
2010-02-03
14:36
Add the --notfound option to the "http" and "server" command. For CGI, add configuration lines "directory:" and "notfound:". check-in: 49cffc01 user: drh tags: trunk
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to src/rss.c.

45
46
47
48
49
50
51






52
53
54
55



56



















57
58
59
60
61
62
63
..
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
    @   coalesce(ecomment,comment),
    @   coalesce(euser,user),
    @   (SELECT count(*) FROM plink WHERE pid=blob.rid AND isprim),
    @   (SELECT count(*) FROM plink WHERE cid=blob.rid)
    @ FROM event, blob
    @ WHERE blob.rid=event.objid
  ;






  blob_zero(&bSQL);
  blob_append( &bSQL, zSQL1, -1 );
  
  if( zType[0]!='a' ){



      blob_appendf(&bSQL, " AND event.type=%Q", zType);



















  }

  blob_append( &bSQL, " ORDER BY event.mtime DESC", -1 );

  cgi_set_content_type("application/rss+xml");

  zProjectName = db_get("project-name", 0);
................................................................................
  @ <rss version="2.0">
  @   <channel>
  @     <title>%h(zProjectName)</title>
  @     <link>%s(g.zBaseURL)</link>
  @     <description>%h(zProjectDescr)</description>
  @     <pubDate>%s(zPubDate)</pubDate>
  @     <generator>Fossil version %s(MANIFEST_VERSION) %s(MANIFEST_DATE)</generator>
  db_prepare(&q, blob_buffer(&bSQL));
  blob_reset( &bSQL );
  while( db_step(&q)==SQLITE_ROW && nLine<=20 ){
    const char *zId = db_column_text(&q, 1);
    const char *zCom = db_column_text(&q, 3);
    const char *zAuthor = db_column_text(&q, 4);
    char *zPrefix = "";
    char *zDate;







>
>
>
>
>
>




>
>
>
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>







 







|







45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
...
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
    @   coalesce(ecomment,comment),
    @   coalesce(euser,user),
    @   (SELECT count(*) FROM plink WHERE pid=blob.rid AND isprim),
    @   (SELECT count(*) FROM plink WHERE cid=blob.rid)
    @ FROM event, blob
    @ WHERE blob.rid=event.objid
  ;

  login_check_credentials();
  if( !g.okRead && !g.okRdTkt && !g.okRdWiki ){ 
    return;
  }

  blob_zero(&bSQL);
  blob_append( &bSQL, zSQL1, -1 );
  
  if( zType[0]!='a' ){
    if( zType[0]=='c' && !g.okRead ) zType = "x";
    if( zType[0]=='w' && !g.okRdWiki ) zType = "x";
    if( zType[0]=='t' && !g.okRdTkt ) zType = "x";
    blob_appendf(&bSQL, " AND event.type=%Q", zType);
  }else{
    if( !g.okRead ){
      if( g.okRdTkt && g.okRdWiki ){
        blob_append(&bSQL, " AND event.type!='ci'", -1);
      }else if( g.okRdTkt ){
        blob_append(&bSQL, " AND event.type=='t'", -1);
      }else{
        blob_append(&bSQL, " AND event.type=='w'", -1);
      }
    }else if( !g.okRdWiki ){
      if( g.okRdTkt ){
        blob_append(&bSQL, " AND event.type!='w'", -1);
      }else{
        blob_append(&bSQL, " AND event.type=='ci'", -1);
      }
    }else if( !g.okRdTkt ){
      assert( !g.okRdTkt &&& g.okRead && g.okRdWiki );
      blob_append(&bSQL, " AND event.type!='t'", -1);
    }
  }

  blob_append( &bSQL, " ORDER BY event.mtime DESC", -1 );

  cgi_set_content_type("application/rss+xml");

  zProjectName = db_get("project-name", 0);
................................................................................
  @ <rss version="2.0">
  @   <channel>
  @     <title>%h(zProjectName)</title>
  @     <link>%s(g.zBaseURL)</link>
  @     <description>%h(zProjectDescr)</description>
  @     <pubDate>%s(zPubDate)</pubDate>
  @     <generator>Fossil version %s(MANIFEST_VERSION) %s(MANIFEST_DATE)</generator>
  db_prepare(&q, blob_str(&bSQL));
  blob_reset( &bSQL );
  while( db_step(&q)==SQLITE_ROW && nLine<=20 ){
    const char *zId = db_column_text(&q, 1);
    const char *zCom = db_column_text(&q, 3);
    const char *zAuthor = db_column_text(&q, 4);
    char *zPrefix = "";
    char *zDate;