Fossil SCM
Add the "public_url()" internal interface for computing the canonical URL used to access the repository. Add a report about the canonical URL to the security_audit page.
Commit
1865cf4ce233237fd3658ddc5546e2b32b29892efbc5257286a70a1a619798f3
Parent
3f94d1bbb530bb3…
2 files changed
+31
+25
+31
| --- src/security_audit.c | ||
| +++ src/security_audit.c | ||
| @@ -99,10 +99,11 @@ | ||
| 99 | 99 | const char *zDevCap; /* Capabilities of user group "developer" */ |
| 100 | 100 | const char *zReadCap; /* Capabilities of user group "reader" */ |
| 101 | 101 | const char *zPubPages; /* GLOB pattern for public pages */ |
| 102 | 102 | const char *zSelfCap; /* Capabilities of self-registered users */ |
| 103 | 103 | int hasSelfReg = 0; /* True if able to self-register */ |
| 104 | + const char *zPublicUrl; /* Canonical access URL */ | |
| 104 | 105 | char *z; |
| 105 | 106 | int n; |
| 106 | 107 | CapabilityString *pCap; |
| 107 | 108 | char **azCSP; /* Parsed content security policy */ |
| 108 | 109 | |
| @@ -201,10 +202,40 @@ | ||
| 201 | 202 | if( zPubPages && zPubPages[0] ){ |
| 202 | 203 | @ <p>Change GLOB patterns exceptions using the "Public pages" setting |
| 203 | 204 | @ on the <a href="setup_access">Access Settings</a> page.</p> |
| 204 | 205 | } |
| 205 | 206 | } |
| 207 | + | |
| 208 | + zPublicUrl = public_url(); | |
| 209 | + if( zPublicUrl!=0 ){ | |
| 210 | + int nOther = db_int(0, "SELECT count(*) FROM config" | |
| 211 | + " WHERE name GLOB 'baseurl:*'" | |
| 212 | + " AND name<>'baseurl:%q'", zPublicUrl); | |
| 213 | + @ <li><p>The canonical URL for this repository is | |
| 214 | + @ <a href="%s(zPublicUrl)">%h(zPublicUrl)</a>. | |
| 215 | + if( nOther==1 ){ | |
| 216 | + @ This is also <a href="urllist?urlonly">1 other URL</a> that has | |
| 217 | + @ been used to access this repository. | |
| 218 | + }else if( nOther>=2 ){ | |
| 219 | + @ There are also | |
| 220 | + @ <a href="urllist?all&urlonly">%d(nOther) other URLs</a> that have | |
| 221 | + @ been used to access this repository. | |
| 222 | + } | |
| 223 | + }else{ | |
| 224 | + int nUrl = db_int(0, "SELECT count(*) FROM config" | |
| 225 | + " WHERE name GLOB 'baseurl:*'"); | |
| 226 | + @ <li><p>This repository does not have a canonical access URL. | |
| 227 | + if( nUrl==1 ){ | |
| 228 | + @ There 1 | |
| 229 | + @ <a href="urllist?urlonly">1 non-canonical URLs</a> | |
| 230 | + @ that has been used to access this repository. | |
| 231 | + }else if( nUrl>=2 ){ | |
| 232 | + @ There are | |
| 233 | + @ <a href="urllist?all&urlonly">%d(nUrl) non-canonical URLs</a> | |
| 234 | + @ that have been used to access this repository. | |
| 235 | + } | |
| 236 | + } | |
| 206 | 237 | |
| 207 | 238 | /* Make sure the HTTPS is required for login, at least, so that the |
| 208 | 239 | ** password does not go across the Internet in the clear. |
| 209 | 240 | */ |
| 210 | 241 | if( db_get_int("redirect-to-https",0)==0 ){ |
| 211 | 242 |
| --- src/security_audit.c | |
| +++ src/security_audit.c | |
| @@ -99,10 +99,11 @@ | |
| 99 | const char *zDevCap; /* Capabilities of user group "developer" */ |
| 100 | const char *zReadCap; /* Capabilities of user group "reader" */ |
| 101 | const char *zPubPages; /* GLOB pattern for public pages */ |
| 102 | const char *zSelfCap; /* Capabilities of self-registered users */ |
| 103 | int hasSelfReg = 0; /* True if able to self-register */ |
| 104 | char *z; |
| 105 | int n; |
| 106 | CapabilityString *pCap; |
| 107 | char **azCSP; /* Parsed content security policy */ |
| 108 | |
| @@ -201,10 +202,40 @@ | |
| 201 | if( zPubPages && zPubPages[0] ){ |
| 202 | @ <p>Change GLOB patterns exceptions using the "Public pages" setting |
| 203 | @ on the <a href="setup_access">Access Settings</a> page.</p> |
| 204 | } |
| 205 | } |
| 206 | |
| 207 | /* Make sure the HTTPS is required for login, at least, so that the |
| 208 | ** password does not go across the Internet in the clear. |
| 209 | */ |
| 210 | if( db_get_int("redirect-to-https",0)==0 ){ |
| 211 |
| --- src/security_audit.c | |
| +++ src/security_audit.c | |
| @@ -99,10 +99,11 @@ | |
| 99 | const char *zDevCap; /* Capabilities of user group "developer" */ |
| 100 | const char *zReadCap; /* Capabilities of user group "reader" */ |
| 101 | const char *zPubPages; /* GLOB pattern for public pages */ |
| 102 | const char *zSelfCap; /* Capabilities of self-registered users */ |
| 103 | int hasSelfReg = 0; /* True if able to self-register */ |
| 104 | const char *zPublicUrl; /* Canonical access URL */ |
| 105 | char *z; |
| 106 | int n; |
| 107 | CapabilityString *pCap; |
| 108 | char **azCSP; /* Parsed content security policy */ |
| 109 | |
| @@ -201,10 +202,40 @@ | |
| 202 | if( zPubPages && zPubPages[0] ){ |
| 203 | @ <p>Change GLOB patterns exceptions using the "Public pages" setting |
| 204 | @ on the <a href="setup_access">Access Settings</a> page.</p> |
| 205 | } |
| 206 | } |
| 207 | |
| 208 | zPublicUrl = public_url(); |
| 209 | if( zPublicUrl!=0 ){ |
| 210 | int nOther = db_int(0, "SELECT count(*) FROM config" |
| 211 | " WHERE name GLOB 'baseurl:*'" |
| 212 | " AND name<>'baseurl:%q'", zPublicUrl); |
| 213 | @ <li><p>The canonical URL for this repository is |
| 214 | @ <a href="%s(zPublicUrl)">%h(zPublicUrl)</a>. |
| 215 | if( nOther==1 ){ |
| 216 | @ This is also <a href="urllist?urlonly">1 other URL</a> that has |
| 217 | @ been used to access this repository. |
| 218 | }else if( nOther>=2 ){ |
| 219 | @ There are also |
| 220 | @ <a href="urllist?all&urlonly">%d(nOther) other URLs</a> that have |
| 221 | @ been used to access this repository. |
| 222 | } |
| 223 | }else{ |
| 224 | int nUrl = db_int(0, "SELECT count(*) FROM config" |
| 225 | " WHERE name GLOB 'baseurl:*'"); |
| 226 | @ <li><p>This repository does not have a canonical access URL. |
| 227 | if( nUrl==1 ){ |
| 228 | @ There 1 |
| 229 | @ <a href="urllist?urlonly">1 non-canonical URLs</a> |
| 230 | @ that has been used to access this repository. |
| 231 | }else if( nUrl>=2 ){ |
| 232 | @ There are |
| 233 | @ <a href="urllist?all&urlonly">%d(nUrl) non-canonical URLs</a> |
| 234 | @ that have been used to access this repository. |
| 235 | } |
| 236 | } |
| 237 | |
| 238 | /* Make sure the HTTPS is required for login, at least, so that the |
| 239 | ** password does not go across the Internet in the clear. |
| 240 | */ |
| 241 | if( db_get_int("redirect-to-https",0)==0 ){ |
| 242 |
+25
| --- src/stat.c | ||
| +++ src/stat.c | ||
| @@ -472,10 +472,31 @@ | ||
| 472 | 472 | fossil_print("Full repository verification follows:\n"); |
| 473 | 473 | test_integrity(); |
| 474 | 474 | } |
| 475 | 475 | } |
| 476 | 476 | } |
| 477 | + | |
| 478 | +/* | |
| 479 | +** Return a string which is the public URL used to access this repository. | |
| 480 | +** Or return a NULL pointer if this repository does not have a public | |
| 481 | +** access URL. | |
| 482 | +** | |
| 483 | +** Algorithm: | |
| 484 | +** | |
| 485 | +** The public URL is given by the email-url property. But it is only | |
| 486 | +** returned if there have been one more more accesses (as recorded by | |
| 487 | +** "baseurl:URL" entries in the CONFIG table). | |
| 488 | +*/ | |
| 489 | +const char *public_url(void){ | |
| 490 | + const char *zUrl = db_get("email-url", 0); | |
| 491 | + if( zUrl==0 ) return 0; | |
| 492 | + if( !db_exists("SELECT 1 FROM config WHERE name='baseurl:%q'", zUrl) ){ | |
| 493 | + return 0; | |
| 494 | + } | |
| 495 | + return zUrl; | |
| 496 | +} | |
| 497 | + | |
| 477 | 498 | |
| 478 | 499 | /* |
| 479 | 500 | ** WEBPAGE: urllist |
| 480 | 501 | ** |
| 481 | 502 | ** Show ways in which this repository has been accessed |
| @@ -516,10 +537,14 @@ | ||
| 516 | 537 | @ <tr><td>(none)</td> |
| 517 | 538 | }else if( nOmitted ){ |
| 518 | 539 | @ <tr><td><a href="urllist?all"><i>Show %d(nOmitted) more...</i></a> |
| 519 | 540 | } |
| 520 | 541 | @ </table> |
| 542 | + if( P("urlonly") ){ | |
| 543 | + style_finish_page(); | |
| 544 | + return; | |
| 545 | + } | |
| 521 | 546 | db_prepare(&q, "SELECT substr(name,7), datetime(mtime,'unixepoch')" |
| 522 | 547 | " FROM config WHERE name GLOB 'ckout:*' ORDER BY 2 DESC"); |
| 523 | 548 | cnt = 0; |
| 524 | 549 | while( db_step(&q)==SQLITE_ROW ){ |
| 525 | 550 | const char *zPath = db_column_text(&q,0); |
| 526 | 551 |
| --- src/stat.c | |
| +++ src/stat.c | |
| @@ -472,10 +472,31 @@ | |
| 472 | fossil_print("Full repository verification follows:\n"); |
| 473 | test_integrity(); |
| 474 | } |
| 475 | } |
| 476 | } |
| 477 | |
| 478 | /* |
| 479 | ** WEBPAGE: urllist |
| 480 | ** |
| 481 | ** Show ways in which this repository has been accessed |
| @@ -516,10 +537,14 @@ | |
| 516 | @ <tr><td>(none)</td> |
| 517 | }else if( nOmitted ){ |
| 518 | @ <tr><td><a href="urllist?all"><i>Show %d(nOmitted) more...</i></a> |
| 519 | } |
| 520 | @ </table> |
| 521 | db_prepare(&q, "SELECT substr(name,7), datetime(mtime,'unixepoch')" |
| 522 | " FROM config WHERE name GLOB 'ckout:*' ORDER BY 2 DESC"); |
| 523 | cnt = 0; |
| 524 | while( db_step(&q)==SQLITE_ROW ){ |
| 525 | const char *zPath = db_column_text(&q,0); |
| 526 |
| --- src/stat.c | |
| +++ src/stat.c | |
| @@ -472,10 +472,31 @@ | |
| 472 | fossil_print("Full repository verification follows:\n"); |
| 473 | test_integrity(); |
| 474 | } |
| 475 | } |
| 476 | } |
| 477 | |
| 478 | /* |
| 479 | ** Return a string which is the public URL used to access this repository. |
| 480 | ** Or return a NULL pointer if this repository does not have a public |
| 481 | ** access URL. |
| 482 | ** |
| 483 | ** Algorithm: |
| 484 | ** |
| 485 | ** The public URL is given by the email-url property. But it is only |
| 486 | ** returned if there have been one more more accesses (as recorded by |
| 487 | ** "baseurl:URL" entries in the CONFIG table). |
| 488 | */ |
| 489 | const char *public_url(void){ |
| 490 | const char *zUrl = db_get("email-url", 0); |
| 491 | if( zUrl==0 ) return 0; |
| 492 | if( !db_exists("SELECT 1 FROM config WHERE name='baseurl:%q'", zUrl) ){ |
| 493 | return 0; |
| 494 | } |
| 495 | return zUrl; |
| 496 | } |
| 497 | |
| 498 | |
| 499 | /* |
| 500 | ** WEBPAGE: urllist |
| 501 | ** |
| 502 | ** Show ways in which this repository has been accessed |
| @@ -516,10 +537,14 @@ | |
| 537 | @ <tr><td>(none)</td> |
| 538 | }else if( nOmitted ){ |
| 539 | @ <tr><td><a href="urllist?all"><i>Show %d(nOmitted) more...</i></a> |
| 540 | } |
| 541 | @ </table> |
| 542 | if( P("urlonly") ){ |
| 543 | style_finish_page(); |
| 544 | return; |
| 545 | } |
| 546 | db_prepare(&q, "SELECT substr(name,7), datetime(mtime,'unixepoch')" |
| 547 | " FROM config WHERE name GLOB 'ckout:*' ORDER BY 2 DESC"); |
| 548 | cnt = 0; |
| 549 | while( db_step(&q)==SQLITE_ROW ){ |
| 550 | const char *zPath = db_column_text(&q,0); |
| 551 |