Fossil SCM
Automatically disapprove pending moderation requests when deleting a user. This makes it easier to deal with spam-robots.
Commit
0211e8c45c76e7196298d4cbd9c58f214f6ae25f4cf2e1f3dd0ef49e128d894e
Parent
6b47b08e87911aa…
2 files changed
+33
+1
+33
| --- src/moderate.c | ||
| +++ src/moderate.c | ||
| @@ -189,5 +189,38 @@ | ||
| 189 | 189 | www_print_timeline(&q, 0, 0, 0, 0, 0); |
| 190 | 190 | db_finalize(&q); |
| 191 | 191 | } |
| 192 | 192 | style_footer(); |
| 193 | 193 | } |
| 194 | + | |
| 195 | +/* | |
| 196 | +** Disapproves any entries in the modreq table which belong to any | |
| 197 | +** user whose name is no longer found in the user table. This is only | |
| 198 | +** intended to be called after user deletion via /setup_uedit. | |
| 199 | +** | |
| 200 | +** To figure out whether a name exists it cross-references | |
| 201 | +** coalesce(event.euser, event.user) with user.login, limiting the | |
| 202 | +** selection to event entries where objid matches an entry in the | |
| 203 | +** modreq table. | |
| 204 | +** | |
| 205 | +** This is a no-op if called without g.perm.Admin permissions or if | |
| 206 | +** moderation_table_exists() returns false. | |
| 207 | +*/ | |
| 208 | +void moderation_disapprove_for_missing_users(){ | |
| 209 | + Stmt q; | |
| 210 | + if( !g.perm.Admin || !moderation_table_exists() ){ | |
| 211 | + return; | |
| 212 | + } | |
| 213 | + db_begin_transaction(); | |
| 214 | + db_prepare(&q, | |
| 215 | + "SELECT objid FROM event WHERE objid IN " | |
| 216 | + "(SELECT objid FROM modreq) " | |
| 217 | + "AND coalesce(euser,user) NOT IN " | |
| 218 | + "(SELECT login FROM user)" | |
| 219 | + ); | |
| 220 | + while( db_step(&q)==SQLITE_ROW ){ | |
| 221 | + int const objid = db_column_int(&q, 0); | |
| 222 | + moderation_disapprove(objid); | |
| 223 | + } | |
| 224 | + db_finalize(&q); | |
| 225 | + db_end_transaction(0); | |
| 226 | +} | |
| 194 | 227 |
| --- src/moderate.c | |
| +++ src/moderate.c | |
| @@ -189,5 +189,38 @@ | |
| 189 | www_print_timeline(&q, 0, 0, 0, 0, 0); |
| 190 | db_finalize(&q); |
| 191 | } |
| 192 | style_footer(); |
| 193 | } |
| 194 |
| --- src/moderate.c | |
| +++ src/moderate.c | |
| @@ -189,5 +189,38 @@ | |
| 189 | www_print_timeline(&q, 0, 0, 0, 0, 0); |
| 190 | db_finalize(&q); |
| 191 | } |
| 192 | style_footer(); |
| 193 | } |
| 194 | |
| 195 | /* |
| 196 | ** Disapproves any entries in the modreq table which belong to any |
| 197 | ** user whose name is no longer found in the user table. This is only |
| 198 | ** intended to be called after user deletion via /setup_uedit. |
| 199 | ** |
| 200 | ** To figure out whether a name exists it cross-references |
| 201 | ** coalesce(event.euser, event.user) with user.login, limiting the |
| 202 | ** selection to event entries where objid matches an entry in the |
| 203 | ** modreq table. |
| 204 | ** |
| 205 | ** This is a no-op if called without g.perm.Admin permissions or if |
| 206 | ** moderation_table_exists() returns false. |
| 207 | */ |
| 208 | void moderation_disapprove_for_missing_users(){ |
| 209 | Stmt q; |
| 210 | if( !g.perm.Admin || !moderation_table_exists() ){ |
| 211 | return; |
| 212 | } |
| 213 | db_begin_transaction(); |
| 214 | db_prepare(&q, |
| 215 | "SELECT objid FROM event WHERE objid IN " |
| 216 | "(SELECT objid FROM modreq) " |
| 217 | "AND coalesce(euser,user) NOT IN " |
| 218 | "(SELECT login FROM user)" |
| 219 | ); |
| 220 | while( db_step(&q)==SQLITE_ROW ){ |
| 221 | int const objid = db_column_int(&q, 0); |
| 222 | moderation_disapprove(objid); |
| 223 | } |
| 224 | db_finalize(&q); |
| 225 | db_end_transaction(0); |
| 226 | } |
| 227 |
+1
| --- src/setupuser.c | ||
| +++ src/setupuser.c | ||
| @@ -297,10 +297,11 @@ | ||
| 297 | 297 | if( P("delete") && cgi_csrf_safe(1) ){ |
| 298 | 298 | int n; |
| 299 | 299 | if( P("verifydelete") ){ |
| 300 | 300 | /* Verified delete user request */ |
| 301 | 301 | db_multi_exec("DELETE FROM user WHERE uid=%d", uid); |
| 302 | + moderation_disapprove_for_missing_users(); | |
| 302 | 303 | admin_log("Deleted user [%s] (uid %d).", |
| 303 | 304 | PD("login","???")/*safe-for-%s*/, uid); |
| 304 | 305 | cgi_redirect(cgi_referer("setup_ulist")); |
| 305 | 306 | return; |
| 306 | 307 | } |
| 307 | 308 |
| --- src/setupuser.c | |
| +++ src/setupuser.c | |
| @@ -297,10 +297,11 @@ | |
| 297 | if( P("delete") && cgi_csrf_safe(1) ){ |
| 298 | int n; |
| 299 | if( P("verifydelete") ){ |
| 300 | /* Verified delete user request */ |
| 301 | db_multi_exec("DELETE FROM user WHERE uid=%d", uid); |
| 302 | admin_log("Deleted user [%s] (uid %d).", |
| 303 | PD("login","???")/*safe-for-%s*/, uid); |
| 304 | cgi_redirect(cgi_referer("setup_ulist")); |
| 305 | return; |
| 306 | } |
| 307 |
| --- src/setupuser.c | |
| +++ src/setupuser.c | |
| @@ -297,10 +297,11 @@ | |
| 297 | if( P("delete") && cgi_csrf_safe(1) ){ |
| 298 | int n; |
| 299 | if( P("verifydelete") ){ |
| 300 | /* Verified delete user request */ |
| 301 | db_multi_exec("DELETE FROM user WHERE uid=%d", uid); |
| 302 | moderation_disapprove_for_missing_users(); |
| 303 | admin_log("Deleted user [%s] (uid %d).", |
| 304 | PD("login","???")/*safe-for-%s*/, uid); |
| 305 | cgi_redirect(cgi_referer("setup_ulist")); |
| 306 | return; |
| 307 | } |
| 308 |