Fossil SCM
Disallow versioning of security sensitive settings tcl-setup, th1-setup, and th1-uri-regexp. For effective security, these settings should only be controllable by an administrator.
Commit
2da704c5a17a802ae51e870934505e822429ff1883d06f230ad99d028ccdecea
Parent
33a7b8babe56cc9…
1 file changed
+3
-3
M
src/db.c
+3
-3
| --- src/db.c | ||
| +++ src/db.c | ||
| @@ -3491,11 +3491,11 @@ | ||
| 3491 | 3491 | ** scripts to be evaluated from TH1. Additionally, the Tcl |
| 3492 | 3492 | ** interpreter will be able to evaluate arbitrary TH1 |
| 3493 | 3493 | ** expressions and scripts. |
| 3494 | 3494 | */ |
| 3495 | 3495 | /* |
| 3496 | -** SETTING: tcl-setup width=40 versionable block-text | |
| 3496 | +** SETTING: tcl-setup width=40 block-text | |
| 3497 | 3497 | ** This is the setup script to be evaluated after creating |
| 3498 | 3498 | ** and initializing the Tcl interpreter. By default, this |
| 3499 | 3499 | ** is empty and no extra setup is performed. |
| 3500 | 3500 | */ |
| 3501 | 3501 | #endif /* FOSSIL_ENABLE_TCL */ |
| @@ -3523,17 +3523,17 @@ | ||
| 3523 | 3523 | ** If enabled, special TH1 commands will be called before and |
| 3524 | 3524 | ** after any Fossil command or web page. |
| 3525 | 3525 | */ |
| 3526 | 3526 | #endif |
| 3527 | 3527 | /* |
| 3528 | -** SETTING: th1-setup width=40 versionable block-text | |
| 3528 | +** SETTING: th1-setup width=40 block-text | |
| 3529 | 3529 | ** This is the setup script to be evaluated after creating |
| 3530 | 3530 | ** and initializing the TH1 interpreter. By default, this |
| 3531 | 3531 | ** is empty and no extra setup is performed. |
| 3532 | 3532 | */ |
| 3533 | 3533 | /* |
| 3534 | -** SETTING: th1-uri-regexp width=40 versionable block-text | |
| 3534 | +** SETTING: th1-uri-regexp width=40 block-text | |
| 3535 | 3535 | ** Specify which URI's are allowed in HTTP requests from |
| 3536 | 3536 | ** TH1 scripts. If empty, no HTTP requests are allowed |
| 3537 | 3537 | ** whatsoever. |
| 3538 | 3538 | */ |
| 3539 | 3539 | /* |
| 3540 | 3540 |
| --- src/db.c | |
| +++ src/db.c | |
| @@ -3491,11 +3491,11 @@ | |
| 3491 | ** scripts to be evaluated from TH1. Additionally, the Tcl |
| 3492 | ** interpreter will be able to evaluate arbitrary TH1 |
| 3493 | ** expressions and scripts. |
| 3494 | */ |
| 3495 | /* |
| 3496 | ** SETTING: tcl-setup width=40 versionable block-text |
| 3497 | ** This is the setup script to be evaluated after creating |
| 3498 | ** and initializing the Tcl interpreter. By default, this |
| 3499 | ** is empty and no extra setup is performed. |
| 3500 | */ |
| 3501 | #endif /* FOSSIL_ENABLE_TCL */ |
| @@ -3523,17 +3523,17 @@ | |
| 3523 | ** If enabled, special TH1 commands will be called before and |
| 3524 | ** after any Fossil command or web page. |
| 3525 | */ |
| 3526 | #endif |
| 3527 | /* |
| 3528 | ** SETTING: th1-setup width=40 versionable block-text |
| 3529 | ** This is the setup script to be evaluated after creating |
| 3530 | ** and initializing the TH1 interpreter. By default, this |
| 3531 | ** is empty and no extra setup is performed. |
| 3532 | */ |
| 3533 | /* |
| 3534 | ** SETTING: th1-uri-regexp width=40 versionable block-text |
| 3535 | ** Specify which URI's are allowed in HTTP requests from |
| 3536 | ** TH1 scripts. If empty, no HTTP requests are allowed |
| 3537 | ** whatsoever. |
| 3538 | */ |
| 3539 | /* |
| 3540 |
| --- src/db.c | |
| +++ src/db.c | |
| @@ -3491,11 +3491,11 @@ | |
| 3491 | ** scripts to be evaluated from TH1. Additionally, the Tcl |
| 3492 | ** interpreter will be able to evaluate arbitrary TH1 |
| 3493 | ** expressions and scripts. |
| 3494 | */ |
| 3495 | /* |
| 3496 | ** SETTING: tcl-setup width=40 block-text |
| 3497 | ** This is the setup script to be evaluated after creating |
| 3498 | ** and initializing the Tcl interpreter. By default, this |
| 3499 | ** is empty and no extra setup is performed. |
| 3500 | */ |
| 3501 | #endif /* FOSSIL_ENABLE_TCL */ |
| @@ -3523,17 +3523,17 @@ | |
| 3523 | ** If enabled, special TH1 commands will be called before and |
| 3524 | ** after any Fossil command or web page. |
| 3525 | */ |
| 3526 | #endif |
| 3527 | /* |
| 3528 | ** SETTING: th1-setup width=40 block-text |
| 3529 | ** This is the setup script to be evaluated after creating |
| 3530 | ** and initializing the TH1 interpreter. By default, this |
| 3531 | ** is empty and no extra setup is performed. |
| 3532 | */ |
| 3533 | /* |
| 3534 | ** SETTING: th1-uri-regexp width=40 block-text |
| 3535 | ** Specify which URI's are allowed in HTTP requests from |
| 3536 | ** TH1 scripts. If empty, no HTTP requests are allowed |
| 3537 | ** whatsoever. |
| 3538 | */ |
| 3539 | /* |
| 3540 |