Fossil SCM
check for valid UUID on ticket set command
Commit
1e1512f51053fa9a73bc7fb8fc83909fa4f963ea
Parent
9d3b9d653a11eaa…
1 file changed
+10
-10
+10
-10
| --- src/tkt.c | ||
| +++ src/tkt.c | ||
| @@ -846,11 +846,11 @@ | ||
| 846 | 846 | ** using "," as separator. The seperator "," can be changed using |
| 847 | 847 | ** the -l or --limit option. |
| 848 | 848 | ** If TICKETFILTER is given on the commandline, the query is |
| 849 | 849 | ** limited with a new WHERE-condition. |
| 850 | 850 | ** example: Report lists a column # with the uuid |
| 851 | -** TICKETFILTER= [#]='uuuuuuuuu' | |
| 851 | +** TICKETFILTER may be [#]='uuuuuuuuu' | |
| 852 | 852 | ** |
| 853 | 853 | ** %fossil ticket set TICKETUUID FIELD VALUE ?FIELD VALUE ... ? |
| 854 | 854 | ** |
| 855 | 855 | ** change ticket identified by TICKETUUID and set the value of |
| 856 | 856 | ** field FIELD to VALUE. Valid field descriptions are: |
| @@ -863,10 +863,12 @@ | ||
| 863 | 863 | ** |
| 864 | 864 | ** %fossil ticket add FIELD VALUE ?FIELD VALUE ... ? |
| 865 | 865 | ** |
| 866 | 866 | ** like set, but create a new ticket with the given values. |
| 867 | 867 | ** |
| 868 | +** The values in set|add are not validated against the definitions | |
| 869 | +** given in the "Ticket Common Script". | |
| 868 | 870 | */ |
| 869 | 871 | void ticket_cmd(void){ |
| 870 | 872 | int n; |
| 871 | 873 | |
| 872 | 874 | db_must_be_within_tree(); |
| @@ -877,11 +879,10 @@ | ||
| 877 | 879 | ** Check that the user exists. |
| 878 | 880 | */ |
| 879 | 881 | if( !db_exists("SELECT 1 FROM user WHERE login=%Q", g.zLogin) ){ |
| 880 | 882 | fossil_fatal("no such user: %s", g.zLogin); |
| 881 | 883 | } |
| 882 | -fprintf(stdout,"%s\n",g.zLogin); | |
| 883 | 884 | |
| 884 | 885 | if( g.argc<3 ){ |
| 885 | 886 | usage("add|set|show"); |
| 886 | 887 | }else{ |
| 887 | 888 | n = strlen(g.argv[2]); |
| @@ -915,16 +916,22 @@ | ||
| 915 | 916 | if( strncmp(g.argv[2],"set",n)==0 ){ |
| 916 | 917 | eCmd = add; |
| 917 | 918 | if( g.argc==3 ){ |
| 918 | 919 | fossil_fatal("set: missing TICKETUUID!"); |
| 919 | 920 | } |
| 920 | - zTktUuid = g.argv[3]; | |
| 921 | + zTktUuid = db_text(0, | |
| 922 | + "SELECT tkt_uuid FROM ticket WHERE tkt_uuid GLOB '%s*'", g.argv[3] | |
| 923 | + ); | |
| 924 | + if( !zTktUuid ){ | |
| 925 | + fossil_fatal("unknown ticket: '%s'!",g.argv[3]); | |
| 926 | + } | |
| 921 | 927 | i=4; |
| 922 | 928 | }else if( strncmp(g.argv[2],"add",n)==0 ){ |
| 923 | 929 | eCmd = set; |
| 924 | 930 | zTktUuid = 0; |
| 925 | 931 | i = 3; |
| 932 | + zTktUuid = db_text(0, "SELECT lower(hex(randomblob(20)))"); | |
| 926 | 933 | } |
| 927 | 934 | if( eCmd==err ){ |
| 928 | 935 | fossil_fatal("%s: unknown ticket command",g.argv[2]); |
| 929 | 936 | } |
| 930 | 937 | if( i==g.argc ){ |
| @@ -971,17 +978,10 @@ | ||
| 971 | 978 | }else{ |
| 972 | 979 | blob_appendf(&tktchng, "J %s %#F\n", azField[i], strlen(zValue), zValue); |
| 973 | 980 | } |
| 974 | 981 | } |
| 975 | 982 | } |
| 976 | - if( zTktUuid ){ | |
| 977 | - zTktUuid = db_text(0, | |
| 978 | - "SELECT tkt_uuid FROM ticket WHERE tkt_uuid GLOB '%s*'", zTktUuid | |
| 979 | - ); | |
| 980 | - }else{ | |
| 981 | - zTktUuid = db_text(0, "SELECT lower(hex(randomblob(20)))"); | |
| 982 | - } | |
| 983 | 983 | blob_appendf(&tktchng, "K %s\n", zTktUuid); |
| 984 | 984 | blob_appendf(&tktchng, "U %F\n", g.zLogin); |
| 985 | 985 | md5sum_blob(&tktchng, &cksum); |
| 986 | 986 | blob_appendf(&tktchng, "Z %b\n", &cksum); |
| 987 | 987 | rid = content_put(&tktchng, 0, 0); |
| 988 | 988 |
| --- src/tkt.c | |
| +++ src/tkt.c | |
| @@ -846,11 +846,11 @@ | |
| 846 | ** using "," as separator. The seperator "," can be changed using |
| 847 | ** the -l or --limit option. |
| 848 | ** If TICKETFILTER is given on the commandline, the query is |
| 849 | ** limited with a new WHERE-condition. |
| 850 | ** example: Report lists a column # with the uuid |
| 851 | ** TICKETFILTER= [#]='uuuuuuuuu' |
| 852 | ** |
| 853 | ** %fossil ticket set TICKETUUID FIELD VALUE ?FIELD VALUE ... ? |
| 854 | ** |
| 855 | ** change ticket identified by TICKETUUID and set the value of |
| 856 | ** field FIELD to VALUE. Valid field descriptions are: |
| @@ -863,10 +863,12 @@ | |
| 863 | ** |
| 864 | ** %fossil ticket add FIELD VALUE ?FIELD VALUE ... ? |
| 865 | ** |
| 866 | ** like set, but create a new ticket with the given values. |
| 867 | ** |
| 868 | */ |
| 869 | void ticket_cmd(void){ |
| 870 | int n; |
| 871 | |
| 872 | db_must_be_within_tree(); |
| @@ -877,11 +879,10 @@ | |
| 877 | ** Check that the user exists. |
| 878 | */ |
| 879 | if( !db_exists("SELECT 1 FROM user WHERE login=%Q", g.zLogin) ){ |
| 880 | fossil_fatal("no such user: %s", g.zLogin); |
| 881 | } |
| 882 | fprintf(stdout,"%s\n",g.zLogin); |
| 883 | |
| 884 | if( g.argc<3 ){ |
| 885 | usage("add|set|show"); |
| 886 | }else{ |
| 887 | n = strlen(g.argv[2]); |
| @@ -915,16 +916,22 @@ | |
| 915 | if( strncmp(g.argv[2],"set",n)==0 ){ |
| 916 | eCmd = add; |
| 917 | if( g.argc==3 ){ |
| 918 | fossil_fatal("set: missing TICKETUUID!"); |
| 919 | } |
| 920 | zTktUuid = g.argv[3]; |
| 921 | i=4; |
| 922 | }else if( strncmp(g.argv[2],"add",n)==0 ){ |
| 923 | eCmd = set; |
| 924 | zTktUuid = 0; |
| 925 | i = 3; |
| 926 | } |
| 927 | if( eCmd==err ){ |
| 928 | fossil_fatal("%s: unknown ticket command",g.argv[2]); |
| 929 | } |
| 930 | if( i==g.argc ){ |
| @@ -971,17 +978,10 @@ | |
| 971 | }else{ |
| 972 | blob_appendf(&tktchng, "J %s %#F\n", azField[i], strlen(zValue), zValue); |
| 973 | } |
| 974 | } |
| 975 | } |
| 976 | if( zTktUuid ){ |
| 977 | zTktUuid = db_text(0, |
| 978 | "SELECT tkt_uuid FROM ticket WHERE tkt_uuid GLOB '%s*'", zTktUuid |
| 979 | ); |
| 980 | }else{ |
| 981 | zTktUuid = db_text(0, "SELECT lower(hex(randomblob(20)))"); |
| 982 | } |
| 983 | blob_appendf(&tktchng, "K %s\n", zTktUuid); |
| 984 | blob_appendf(&tktchng, "U %F\n", g.zLogin); |
| 985 | md5sum_blob(&tktchng, &cksum); |
| 986 | blob_appendf(&tktchng, "Z %b\n", &cksum); |
| 987 | rid = content_put(&tktchng, 0, 0); |
| 988 |
| --- src/tkt.c | |
| +++ src/tkt.c | |
| @@ -846,11 +846,11 @@ | |
| 846 | ** using "," as separator. The seperator "," can be changed using |
| 847 | ** the -l or --limit option. |
| 848 | ** If TICKETFILTER is given on the commandline, the query is |
| 849 | ** limited with a new WHERE-condition. |
| 850 | ** example: Report lists a column # with the uuid |
| 851 | ** TICKETFILTER may be [#]='uuuuuuuuu' |
| 852 | ** |
| 853 | ** %fossil ticket set TICKETUUID FIELD VALUE ?FIELD VALUE ... ? |
| 854 | ** |
| 855 | ** change ticket identified by TICKETUUID and set the value of |
| 856 | ** field FIELD to VALUE. Valid field descriptions are: |
| @@ -863,10 +863,12 @@ | |
| 863 | ** |
| 864 | ** %fossil ticket add FIELD VALUE ?FIELD VALUE ... ? |
| 865 | ** |
| 866 | ** like set, but create a new ticket with the given values. |
| 867 | ** |
| 868 | ** The values in set|add are not validated against the definitions |
| 869 | ** given in the "Ticket Common Script". |
| 870 | */ |
| 871 | void ticket_cmd(void){ |
| 872 | int n; |
| 873 | |
| 874 | db_must_be_within_tree(); |
| @@ -877,11 +879,10 @@ | |
| 879 | ** Check that the user exists. |
| 880 | */ |
| 881 | if( !db_exists("SELECT 1 FROM user WHERE login=%Q", g.zLogin) ){ |
| 882 | fossil_fatal("no such user: %s", g.zLogin); |
| 883 | } |
| 884 | |
| 885 | if( g.argc<3 ){ |
| 886 | usage("add|set|show"); |
| 887 | }else{ |
| 888 | n = strlen(g.argv[2]); |
| @@ -915,16 +916,22 @@ | |
| 916 | if( strncmp(g.argv[2],"set",n)==0 ){ |
| 917 | eCmd = add; |
| 918 | if( g.argc==3 ){ |
| 919 | fossil_fatal("set: missing TICKETUUID!"); |
| 920 | } |
| 921 | zTktUuid = db_text(0, |
| 922 | "SELECT tkt_uuid FROM ticket WHERE tkt_uuid GLOB '%s*'", g.argv[3] |
| 923 | ); |
| 924 | if( !zTktUuid ){ |
| 925 | fossil_fatal("unknown ticket: '%s'!",g.argv[3]); |
| 926 | } |
| 927 | i=4; |
| 928 | }else if( strncmp(g.argv[2],"add",n)==0 ){ |
| 929 | eCmd = set; |
| 930 | zTktUuid = 0; |
| 931 | i = 3; |
| 932 | zTktUuid = db_text(0, "SELECT lower(hex(randomblob(20)))"); |
| 933 | } |
| 934 | if( eCmd==err ){ |
| 935 | fossil_fatal("%s: unknown ticket command",g.argv[2]); |
| 936 | } |
| 937 | if( i==g.argc ){ |
| @@ -971,17 +978,10 @@ | |
| 978 | }else{ |
| 979 | blob_appendf(&tktchng, "J %s %#F\n", azField[i], strlen(zValue), zValue); |
| 980 | } |
| 981 | } |
| 982 | } |
| 983 | blob_appendf(&tktchng, "K %s\n", zTktUuid); |
| 984 | blob_appendf(&tktchng, "U %F\n", g.zLogin); |
| 985 | md5sum_blob(&tktchng, &cksum); |
| 986 | blob_appendf(&tktchng, "Z %b\n", &cksum); |
| 987 | rid = content_put(&tktchng, 0, 0); |
| 988 |