Fossil SCM
Update the codecheck1.c utility program to find unsafe format strings for recently added varargs functions. Fix unsafe varargs found by this update. This is a continuation of the fix in check-in [3c2ef25d03fb48d5].
Commit
2fac7df467ba00d73e2eb4b192ffe0d581485dd8c8e243ab1fb2d844f74a3955
Parent
dddad4f0734d399…
7 files changed
+17
-2
+3
-3
+1
-1
+2
-2
+1
-1
+1
-1
+8
-8
+17
-2
| --- src/codecheck1.c | ||
| +++ src/codecheck1.c | ||
| @@ -141,10 +141,14 @@ | ||
| 141 | 141 | (*pLN)++; |
| 142 | 142 | i++; |
| 143 | 143 | } |
| 144 | 144 | *pType = TK_SPACE; |
| 145 | 145 | return i; |
| 146 | + } | |
| 147 | + if( z[0]=='\\' && (z[1]=='\n' || (z[1]=='\r' && z[2]=='\n')) ){ | |
| 148 | + *pType = TK_SPACE; | |
| 149 | + return 1; | |
| 146 | 150 | } |
| 147 | 151 | *pType = TK_OTHER; |
| 148 | 152 | return 1; |
| 149 | 153 | } |
| 150 | 154 | |
| @@ -201,10 +205,11 @@ | ||
| 201 | 205 | ** Return true if the input is a string literal. |
| 202 | 206 | */ |
| 203 | 207 | static int is_string_lit(const char *z){ |
| 204 | 208 | int nu1, nu2; |
| 205 | 209 | z = next_non_whitespace(z, &nu1, &nu2); |
| 210 | + if( strcmp(z, "NULL")==0 ) return 1; | |
| 206 | 211 | return z[0]=='"'; |
| 207 | 212 | } |
| 208 | 213 | |
| 209 | 214 | /* |
| 210 | 215 | ** Return true if the input is an expression of string literals: |
| @@ -310,25 +315,31 @@ | ||
| 310 | 315 | unsigned fmtFlags; /* Processing flags */ |
| 311 | 316 | } aFmtFunc[] = { |
| 312 | 317 | { "admin_log", 1, 0 }, |
| 313 | 318 | { "blob_append_sql", 2, FMT_NO_S }, |
| 314 | 319 | { "blob_appendf", 2, 0 }, |
| 320 | + { "cgi_debug", 1, 0 }, | |
| 315 | 321 | { "cgi_panic", 1, 0 }, |
| 322 | + { "cgi_printf", 1, 0 }, | |
| 316 | 323 | { "cgi_redirectf", 1, 0 }, |
| 317 | 324 | { "chref", 2, 0 }, |
| 318 | 325 | { "db_blob", 2, FMT_NO_S }, |
| 326 | + { "db_debug", 1, FMT_NO_S }, | |
| 319 | 327 | { "db_double", 2, FMT_NO_S }, |
| 320 | 328 | { "db_err", 1, 0 }, |
| 321 | 329 | { "db_exists", 1, FMT_NO_S }, |
| 330 | + { "db_get_mprintf", 2, 0 }, | |
| 322 | 331 | { "db_int", 2, FMT_NO_S }, |
| 323 | 332 | { "db_int64", 2, FMT_NO_S }, |
| 324 | 333 | { "db_multi_exec", 1, FMT_NO_S }, |
| 325 | 334 | { "db_optional_sql", 2, FMT_NO_S }, |
| 326 | 335 | { "db_prepare", 2, FMT_NO_S }, |
| 327 | 336 | { "db_prepare_ignore_error", 2, FMT_NO_S }, |
| 337 | + { "db_set_mprintf", 3, 0 }, | |
| 328 | 338 | { "db_static_prepare", 2, FMT_NO_S }, |
| 329 | 339 | { "db_text", 2, FMT_NO_S }, |
| 340 | + { "db_unset_mprintf", 2, 0 }, | |
| 330 | 341 | { "form_begin", 2, 0 }, |
| 331 | 342 | { "fossil_error", 2, 0 }, |
| 332 | 343 | { "fossil_errorlog", 1, 0 }, |
| 333 | 344 | { "fossil_fatal", 1, 0 }, |
| 334 | 345 | { "fossil_fatal_recursive", 1, 0 }, |
| @@ -336,15 +347,19 @@ | ||
| 336 | 347 | { "fossil_print", 1, 0 }, |
| 337 | 348 | { "fossil_trace", 1, 0 }, |
| 338 | 349 | { "fossil_warning", 1, 0 }, |
| 339 | 350 | { "href", 1, 0 }, |
| 340 | 351 | { "json_new_string_f", 1, 0 }, |
| 352 | + { "json_set_err", 2, 0 }, | |
| 353 | + { "json_warn", 2, 0 }, | |
| 341 | 354 | { "mprintf", 1, 0 }, |
| 342 | 355 | { "socket_set_errmsg", 1, 0 }, |
| 343 | 356 | { "ssl_set_errmsg", 1, 0 }, |
| 344 | 357 | { "style_header", 1, 0 }, |
| 345 | 358 | { "style_set_current_page", 1, 0 }, |
| 359 | + { "style_submenu_element", 2, 0 }, | |
| 360 | + { "style_submenu_sql", 3, 0 }, | |
| 346 | 361 | { "webpage_error", 1, 0 }, |
| 347 | 362 | { "xhref", 2, 0 }, |
| 348 | 363 | }; |
| 349 | 364 | |
| 350 | 365 | /* |
| @@ -467,12 +482,12 @@ | ||
| 467 | 482 | }else{ |
| 468 | 483 | const char *zFmt = azArg[fmtArg-1]; |
| 469 | 484 | const char *zOverride = strstr(zFmt, "/*works-like:"); |
| 470 | 485 | if( zOverride ) zFmt = zOverride + sizeof("/*works-like:")-1; |
| 471 | 486 | if( !is_string_lit(zFmt) ){ |
| 472 | - printf("%s:%d: %.*s() has non-constant format string\n", | |
| 473 | - zFilename, lnFCall, szFName, zFCall); | |
| 487 | + printf("%s:%d: %.*s() has non-constant format on arg[%d]\n", | |
| 488 | + zFilename, lnFCall, szFName, zFCall, fmtArg-1); | |
| 474 | 489 | nErr++; |
| 475 | 490 | }else if( (k = formatArgCount(zFmt, nArg, acType))>=0 |
| 476 | 491 | && nArg!=fmtArg+k ){ |
| 477 | 492 | printf("%s:%d: too %s arguments to %.*s() " |
| 478 | 493 | "- got %d and expected %d\n", |
| 479 | 494 |
| --- src/codecheck1.c | |
| +++ src/codecheck1.c | |
| @@ -141,10 +141,14 @@ | |
| 141 | (*pLN)++; |
| 142 | i++; |
| 143 | } |
| 144 | *pType = TK_SPACE; |
| 145 | return i; |
| 146 | } |
| 147 | *pType = TK_OTHER; |
| 148 | return 1; |
| 149 | } |
| 150 | |
| @@ -201,10 +205,11 @@ | |
| 201 | ** Return true if the input is a string literal. |
| 202 | */ |
| 203 | static int is_string_lit(const char *z){ |
| 204 | int nu1, nu2; |
| 205 | z = next_non_whitespace(z, &nu1, &nu2); |
| 206 | return z[0]=='"'; |
| 207 | } |
| 208 | |
| 209 | /* |
| 210 | ** Return true if the input is an expression of string literals: |
| @@ -310,25 +315,31 @@ | |
| 310 | unsigned fmtFlags; /* Processing flags */ |
| 311 | } aFmtFunc[] = { |
| 312 | { "admin_log", 1, 0 }, |
| 313 | { "blob_append_sql", 2, FMT_NO_S }, |
| 314 | { "blob_appendf", 2, 0 }, |
| 315 | { "cgi_panic", 1, 0 }, |
| 316 | { "cgi_redirectf", 1, 0 }, |
| 317 | { "chref", 2, 0 }, |
| 318 | { "db_blob", 2, FMT_NO_S }, |
| 319 | { "db_double", 2, FMT_NO_S }, |
| 320 | { "db_err", 1, 0 }, |
| 321 | { "db_exists", 1, FMT_NO_S }, |
| 322 | { "db_int", 2, FMT_NO_S }, |
| 323 | { "db_int64", 2, FMT_NO_S }, |
| 324 | { "db_multi_exec", 1, FMT_NO_S }, |
| 325 | { "db_optional_sql", 2, FMT_NO_S }, |
| 326 | { "db_prepare", 2, FMT_NO_S }, |
| 327 | { "db_prepare_ignore_error", 2, FMT_NO_S }, |
| 328 | { "db_static_prepare", 2, FMT_NO_S }, |
| 329 | { "db_text", 2, FMT_NO_S }, |
| 330 | { "form_begin", 2, 0 }, |
| 331 | { "fossil_error", 2, 0 }, |
| 332 | { "fossil_errorlog", 1, 0 }, |
| 333 | { "fossil_fatal", 1, 0 }, |
| 334 | { "fossil_fatal_recursive", 1, 0 }, |
| @@ -336,15 +347,19 @@ | |
| 336 | { "fossil_print", 1, 0 }, |
| 337 | { "fossil_trace", 1, 0 }, |
| 338 | { "fossil_warning", 1, 0 }, |
| 339 | { "href", 1, 0 }, |
| 340 | { "json_new_string_f", 1, 0 }, |
| 341 | { "mprintf", 1, 0 }, |
| 342 | { "socket_set_errmsg", 1, 0 }, |
| 343 | { "ssl_set_errmsg", 1, 0 }, |
| 344 | { "style_header", 1, 0 }, |
| 345 | { "style_set_current_page", 1, 0 }, |
| 346 | { "webpage_error", 1, 0 }, |
| 347 | { "xhref", 2, 0 }, |
| 348 | }; |
| 349 | |
| 350 | /* |
| @@ -467,12 +482,12 @@ | |
| 467 | }else{ |
| 468 | const char *zFmt = azArg[fmtArg-1]; |
| 469 | const char *zOverride = strstr(zFmt, "/*works-like:"); |
| 470 | if( zOverride ) zFmt = zOverride + sizeof("/*works-like:")-1; |
| 471 | if( !is_string_lit(zFmt) ){ |
| 472 | printf("%s:%d: %.*s() has non-constant format string\n", |
| 473 | zFilename, lnFCall, szFName, zFCall); |
| 474 | nErr++; |
| 475 | }else if( (k = formatArgCount(zFmt, nArg, acType))>=0 |
| 476 | && nArg!=fmtArg+k ){ |
| 477 | printf("%s:%d: too %s arguments to %.*s() " |
| 478 | "- got %d and expected %d\n", |
| 479 |
| --- src/codecheck1.c | |
| +++ src/codecheck1.c | |
| @@ -141,10 +141,14 @@ | |
| 141 | (*pLN)++; |
| 142 | i++; |
| 143 | } |
| 144 | *pType = TK_SPACE; |
| 145 | return i; |
| 146 | } |
| 147 | if( z[0]=='\\' && (z[1]=='\n' || (z[1]=='\r' && z[2]=='\n')) ){ |
| 148 | *pType = TK_SPACE; |
| 149 | return 1; |
| 150 | } |
| 151 | *pType = TK_OTHER; |
| 152 | return 1; |
| 153 | } |
| 154 | |
| @@ -201,10 +205,11 @@ | |
| 205 | ** Return true if the input is a string literal. |
| 206 | */ |
| 207 | static int is_string_lit(const char *z){ |
| 208 | int nu1, nu2; |
| 209 | z = next_non_whitespace(z, &nu1, &nu2); |
| 210 | if( strcmp(z, "NULL")==0 ) return 1; |
| 211 | return z[0]=='"'; |
| 212 | } |
| 213 | |
| 214 | /* |
| 215 | ** Return true if the input is an expression of string literals: |
| @@ -310,25 +315,31 @@ | |
| 315 | unsigned fmtFlags; /* Processing flags */ |
| 316 | } aFmtFunc[] = { |
| 317 | { "admin_log", 1, 0 }, |
| 318 | { "blob_append_sql", 2, FMT_NO_S }, |
| 319 | { "blob_appendf", 2, 0 }, |
| 320 | { "cgi_debug", 1, 0 }, |
| 321 | { "cgi_panic", 1, 0 }, |
| 322 | { "cgi_printf", 1, 0 }, |
| 323 | { "cgi_redirectf", 1, 0 }, |
| 324 | { "chref", 2, 0 }, |
| 325 | { "db_blob", 2, FMT_NO_S }, |
| 326 | { "db_debug", 1, FMT_NO_S }, |
| 327 | { "db_double", 2, FMT_NO_S }, |
| 328 | { "db_err", 1, 0 }, |
| 329 | { "db_exists", 1, FMT_NO_S }, |
| 330 | { "db_get_mprintf", 2, 0 }, |
| 331 | { "db_int", 2, FMT_NO_S }, |
| 332 | { "db_int64", 2, FMT_NO_S }, |
| 333 | { "db_multi_exec", 1, FMT_NO_S }, |
| 334 | { "db_optional_sql", 2, FMT_NO_S }, |
| 335 | { "db_prepare", 2, FMT_NO_S }, |
| 336 | { "db_prepare_ignore_error", 2, FMT_NO_S }, |
| 337 | { "db_set_mprintf", 3, 0 }, |
| 338 | { "db_static_prepare", 2, FMT_NO_S }, |
| 339 | { "db_text", 2, FMT_NO_S }, |
| 340 | { "db_unset_mprintf", 2, 0 }, |
| 341 | { "form_begin", 2, 0 }, |
| 342 | { "fossil_error", 2, 0 }, |
| 343 | { "fossil_errorlog", 1, 0 }, |
| 344 | { "fossil_fatal", 1, 0 }, |
| 345 | { "fossil_fatal_recursive", 1, 0 }, |
| @@ -336,15 +347,19 @@ | |
| 347 | { "fossil_print", 1, 0 }, |
| 348 | { "fossil_trace", 1, 0 }, |
| 349 | { "fossil_warning", 1, 0 }, |
| 350 | { "href", 1, 0 }, |
| 351 | { "json_new_string_f", 1, 0 }, |
| 352 | { "json_set_err", 2, 0 }, |
| 353 | { "json_warn", 2, 0 }, |
| 354 | { "mprintf", 1, 0 }, |
| 355 | { "socket_set_errmsg", 1, 0 }, |
| 356 | { "ssl_set_errmsg", 1, 0 }, |
| 357 | { "style_header", 1, 0 }, |
| 358 | { "style_set_current_page", 1, 0 }, |
| 359 | { "style_submenu_element", 2, 0 }, |
| 360 | { "style_submenu_sql", 3, 0 }, |
| 361 | { "webpage_error", 1, 0 }, |
| 362 | { "xhref", 2, 0 }, |
| 363 | }; |
| 364 | |
| 365 | /* |
| @@ -467,12 +482,12 @@ | |
| 482 | }else{ |
| 483 | const char *zFmt = azArg[fmtArg-1]; |
| 484 | const char *zOverride = strstr(zFmt, "/*works-like:"); |
| 485 | if( zOverride ) zFmt = zOverride + sizeof("/*works-like:")-1; |
| 486 | if( !is_string_lit(zFmt) ){ |
| 487 | printf("%s:%d: %.*s() has non-constant format on arg[%d]\n", |
| 488 | zFilename, lnFCall, szFName, zFCall, fmtArg-1); |
| 489 | nErr++; |
| 490 | }else if( (k = formatArgCount(zFmt, nArg, acType))>=0 |
| 491 | && nArg!=fmtArg+k ){ |
| 492 | printf("%s:%d: too %s arguments to %.*s() " |
| 493 | "- got %d and expected %d\n", |
| 494 |
M
src/db.c
+3
-3
| --- src/db.c | ||
| +++ src/db.c | ||
| @@ -2482,11 +2482,11 @@ | ||
| 2482 | 2482 | db_multi_exec("REPLACE INTO vvar(name,value) VALUES(%Q,%d)", zName, value); |
| 2483 | 2483 | } |
| 2484 | 2484 | |
| 2485 | 2485 | /* Va-args versions of db_get(), db_set(), and db_unset() |
| 2486 | 2486 | */ |
| 2487 | -char *db_get_mprintf(const char *zFormat, const char *zDefault, ...){ | |
| 2487 | +char *db_get_mprintf(const char *zDefault, const char *zFormat, ...){ | |
| 2488 | 2488 | va_list ap; |
| 2489 | 2489 | char *zName; |
| 2490 | 2490 | char *zResult; |
| 2491 | 2491 | va_start(ap, zDefault); |
| 2492 | 2492 | zName = vmprintf(zFormat, ap); |
| @@ -2493,20 +2493,20 @@ | ||
| 2493 | 2493 | va_end(ap); |
| 2494 | 2494 | zResult = db_get(zName, zDefault); |
| 2495 | 2495 | fossil_free(zName); |
| 2496 | 2496 | return zResult; |
| 2497 | 2497 | } |
| 2498 | -void db_set_mprintf(const char *zFormat, const char *zNew, int iGlobal, ...){ | |
| 2498 | +void db_set_mprintf(const char *zNew, int iGlobal, const char *zFormat, ...){ | |
| 2499 | 2499 | va_list ap; |
| 2500 | 2500 | char *zName; |
| 2501 | 2501 | va_start(ap, iGlobal); |
| 2502 | 2502 | zName = vmprintf(zFormat, ap); |
| 2503 | 2503 | va_end(ap); |
| 2504 | 2504 | db_set(zName, zNew, iGlobal); |
| 2505 | 2505 | fossil_free(zName); |
| 2506 | 2506 | } |
| 2507 | -void db_unset_mprintf(const char *zFormat, int iGlobal, ...){ | |
| 2507 | +void db_unset_mprintf(int iGlobal, const char *zFormat, ...){ | |
| 2508 | 2508 | va_list ap; |
| 2509 | 2509 | char *zName; |
| 2510 | 2510 | va_start(ap, iGlobal); |
| 2511 | 2511 | zName = vmprintf(zFormat, ap); |
| 2512 | 2512 | va_end(ap); |
| 2513 | 2513 |
| --- src/db.c | |
| +++ src/db.c | |
| @@ -2482,11 +2482,11 @@ | |
| 2482 | db_multi_exec("REPLACE INTO vvar(name,value) VALUES(%Q,%d)", zName, value); |
| 2483 | } |
| 2484 | |
| 2485 | /* Va-args versions of db_get(), db_set(), and db_unset() |
| 2486 | */ |
| 2487 | char *db_get_mprintf(const char *zFormat, const char *zDefault, ...){ |
| 2488 | va_list ap; |
| 2489 | char *zName; |
| 2490 | char *zResult; |
| 2491 | va_start(ap, zDefault); |
| 2492 | zName = vmprintf(zFormat, ap); |
| @@ -2493,20 +2493,20 @@ | |
| 2493 | va_end(ap); |
| 2494 | zResult = db_get(zName, zDefault); |
| 2495 | fossil_free(zName); |
| 2496 | return zResult; |
| 2497 | } |
| 2498 | void db_set_mprintf(const char *zFormat, const char *zNew, int iGlobal, ...){ |
| 2499 | va_list ap; |
| 2500 | char *zName; |
| 2501 | va_start(ap, iGlobal); |
| 2502 | zName = vmprintf(zFormat, ap); |
| 2503 | va_end(ap); |
| 2504 | db_set(zName, zNew, iGlobal); |
| 2505 | fossil_free(zName); |
| 2506 | } |
| 2507 | void db_unset_mprintf(const char *zFormat, int iGlobal, ...){ |
| 2508 | va_list ap; |
| 2509 | char *zName; |
| 2510 | va_start(ap, iGlobal); |
| 2511 | zName = vmprintf(zFormat, ap); |
| 2512 | va_end(ap); |
| 2513 |
| --- src/db.c | |
| +++ src/db.c | |
| @@ -2482,11 +2482,11 @@ | |
| 2482 | db_multi_exec("REPLACE INTO vvar(name,value) VALUES(%Q,%d)", zName, value); |
| 2483 | } |
| 2484 | |
| 2485 | /* Va-args versions of db_get(), db_set(), and db_unset() |
| 2486 | */ |
| 2487 | char *db_get_mprintf(const char *zDefault, const char *zFormat, ...){ |
| 2488 | va_list ap; |
| 2489 | char *zName; |
| 2490 | char *zResult; |
| 2491 | va_start(ap, zDefault); |
| 2492 | zName = vmprintf(zFormat, ap); |
| @@ -2493,20 +2493,20 @@ | |
| 2493 | va_end(ap); |
| 2494 | zResult = db_get(zName, zDefault); |
| 2495 | fossil_free(zName); |
| 2496 | return zResult; |
| 2497 | } |
| 2498 | void db_set_mprintf(const char *zNew, int iGlobal, const char *zFormat, ...){ |
| 2499 | va_list ap; |
| 2500 | char *zName; |
| 2501 | va_start(ap, iGlobal); |
| 2502 | zName = vmprintf(zFormat, ap); |
| 2503 | va_end(ap); |
| 2504 | db_set(zName, zNew, iGlobal); |
| 2505 | fossil_free(zName); |
| 2506 | } |
| 2507 | void db_unset_mprintf(int iGlobal, const char *zFormat, ...){ |
| 2508 | va_list ap; |
| 2509 | char *zName; |
| 2510 | va_start(ap, iGlobal); |
| 2511 | zName = vmprintf(zFormat, ap); |
| 2512 | va_end(ap); |
| 2513 |
+1
-1
| --- src/json.c | ||
| +++ src/json.c | ||
| @@ -1608,11 +1608,11 @@ | ||
| 1608 | 1608 | return NULL; |
| 1609 | 1609 | } |
| 1610 | 1610 | } |
| 1611 | 1611 | cson_value_free(colNamesV); |
| 1612 | 1612 | if(warnMsg){ |
| 1613 | - json_warn( FSL_JSON_W_ROW_TO_JSON_FAILED, warnMsg ); | |
| 1613 | + json_warn( FSL_JSON_W_ROW_TO_JSON_FAILED, "%s", warnMsg ); | |
| 1614 | 1614 | } |
| 1615 | 1615 | return cson_array_value(a); |
| 1616 | 1616 | } |
| 1617 | 1617 | |
| 1618 | 1618 | /* |
| 1619 | 1619 |
| --- src/json.c | |
| +++ src/json.c | |
| @@ -1608,11 +1608,11 @@ | |
| 1608 | return NULL; |
| 1609 | } |
| 1610 | } |
| 1611 | cson_value_free(colNamesV); |
| 1612 | if(warnMsg){ |
| 1613 | json_warn( FSL_JSON_W_ROW_TO_JSON_FAILED, warnMsg ); |
| 1614 | } |
| 1615 | return cson_array_value(a); |
| 1616 | } |
| 1617 | |
| 1618 | /* |
| 1619 |
| --- src/json.c | |
| +++ src/json.c | |
| @@ -1608,11 +1608,11 @@ | |
| 1608 | return NULL; |
| 1609 | } |
| 1610 | } |
| 1611 | cson_value_free(colNamesV); |
| 1612 | if(warnMsg){ |
| 1613 | json_warn( FSL_JSON_W_ROW_TO_JSON_FAILED, "%s", warnMsg ); |
| 1614 | } |
| 1615 | return cson_array_value(a); |
| 1616 | } |
| 1617 | |
| 1618 | /* |
| 1619 |
+2
-2
| --- src/json_branch.c | ||
| +++ src/json_branch.c | ||
| @@ -140,11 +140,11 @@ | ||
| 140 | 140 | sawConversionError = mprintf("Column-to-json failed @ %s:%d", |
| 141 | 141 | __FILE__,__LINE__); |
| 142 | 142 | } |
| 143 | 143 | } |
| 144 | 144 | if( sawConversionError ){ |
| 145 | - json_warn(FSL_JSON_W_COL_TO_JSON_FAILED,sawConversionError); | |
| 145 | + json_warn(FSL_JSON_W_COL_TO_JSON_FAILED,"%s",sawConversionError); | |
| 146 | 146 | free(sawConversionError); |
| 147 | 147 | } |
| 148 | 148 | return payV; |
| 149 | 149 | } |
| 150 | 150 | |
| @@ -359,11 +359,11 @@ | ||
| 359 | 359 | } |
| 360 | 360 | } |
| 361 | 361 | |
| 362 | 362 | rc = json_branch_new( &opt, &rid ); |
| 363 | 363 | if(rc){ |
| 364 | - json_set_err(rc, opt.rcErrMsg); | |
| 364 | + json_set_err(rc, "%s", opt.rcErrMsg); | |
| 365 | 365 | goto error; |
| 366 | 366 | } |
| 367 | 367 | assert(0 != rid); |
| 368 | 368 | payV = cson_value_new_object(); |
| 369 | 369 | pay = cson_value_get_object(payV); |
| 370 | 370 |
| --- src/json_branch.c | |
| +++ src/json_branch.c | |
| @@ -140,11 +140,11 @@ | |
| 140 | sawConversionError = mprintf("Column-to-json failed @ %s:%d", |
| 141 | __FILE__,__LINE__); |
| 142 | } |
| 143 | } |
| 144 | if( sawConversionError ){ |
| 145 | json_warn(FSL_JSON_W_COL_TO_JSON_FAILED,sawConversionError); |
| 146 | free(sawConversionError); |
| 147 | } |
| 148 | return payV; |
| 149 | } |
| 150 | |
| @@ -359,11 +359,11 @@ | |
| 359 | } |
| 360 | } |
| 361 | |
| 362 | rc = json_branch_new( &opt, &rid ); |
| 363 | if(rc){ |
| 364 | json_set_err(rc, opt.rcErrMsg); |
| 365 | goto error; |
| 366 | } |
| 367 | assert(0 != rid); |
| 368 | payV = cson_value_new_object(); |
| 369 | pay = cson_value_get_object(payV); |
| 370 |
| --- src/json_branch.c | |
| +++ src/json_branch.c | |
| @@ -140,11 +140,11 @@ | |
| 140 | sawConversionError = mprintf("Column-to-json failed @ %s:%d", |
| 141 | __FILE__,__LINE__); |
| 142 | } |
| 143 | } |
| 144 | if( sawConversionError ){ |
| 145 | json_warn(FSL_JSON_W_COL_TO_JSON_FAILED,"%s",sawConversionError); |
| 146 | free(sawConversionError); |
| 147 | } |
| 148 | return payV; |
| 149 | } |
| 150 | |
| @@ -359,11 +359,11 @@ | |
| 359 | } |
| 360 | } |
| 361 | |
| 362 | rc = json_branch_new( &opt, &rid ); |
| 363 | if(rc){ |
| 364 | json_set_err(rc, "%s", opt.rcErrMsg); |
| 365 | goto error; |
| 366 | } |
| 367 | assert(0 != rid); |
| 368 | payV = cson_value_new_object(); |
| 369 | pay = cson_value_get_object(payV); |
| 370 |
+1
-1
| --- src/printf.c | ||
| +++ src/printf.c | ||
| @@ -1148,11 +1148,11 @@ | ||
| 1148 | 1148 | z = vmprintf(zFormat, ap); |
| 1149 | 1149 | va_end(ap); |
| 1150 | 1150 | fossil_errorlog("warning: %s", z); |
| 1151 | 1151 | #ifdef FOSSIL_ENABLE_JSON |
| 1152 | 1152 | if(g.json.isJsonMode){ |
| 1153 | - json_warn( FSL_JSON_W_UNKNOWN, z ); | |
| 1153 | + json_warn( FSL_JSON_W_UNKNOWN, "%s", z ); | |
| 1154 | 1154 | }else |
| 1155 | 1155 | #endif |
| 1156 | 1156 | { |
| 1157 | 1157 | if( g.cgiOutput ){ |
| 1158 | 1158 | cgi_printf("<p class=\"generalError\">\n%h\n</p>\n", z); |
| 1159 | 1159 |
| --- src/printf.c | |
| +++ src/printf.c | |
| @@ -1148,11 +1148,11 @@ | |
| 1148 | z = vmprintf(zFormat, ap); |
| 1149 | va_end(ap); |
| 1150 | fossil_errorlog("warning: %s", z); |
| 1151 | #ifdef FOSSIL_ENABLE_JSON |
| 1152 | if(g.json.isJsonMode){ |
| 1153 | json_warn( FSL_JSON_W_UNKNOWN, z ); |
| 1154 | }else |
| 1155 | #endif |
| 1156 | { |
| 1157 | if( g.cgiOutput ){ |
| 1158 | cgi_printf("<p class=\"generalError\">\n%h\n</p>\n", z); |
| 1159 |
| --- src/printf.c | |
| +++ src/printf.c | |
| @@ -1148,11 +1148,11 @@ | |
| 1148 | z = vmprintf(zFormat, ap); |
| 1149 | va_end(ap); |
| 1150 | fossil_errorlog("warning: %s", z); |
| 1151 | #ifdef FOSSIL_ENABLE_JSON |
| 1152 | if(g.json.isJsonMode){ |
| 1153 | json_warn( FSL_JSON_W_UNKNOWN, "%s", z ); |
| 1154 | }else |
| 1155 | #endif |
| 1156 | { |
| 1157 | if( g.cgiOutput ){ |
| 1158 | cgi_printf("<p class=\"generalError\">\n%h\n</p>\n", z); |
| 1159 |
+1
-1
| --- src/setup.c | ||
| +++ src/setup.c | ||
| @@ -600,11 +600,11 @@ | ||
| 600 | 600 | free(z2); |
| 601 | 601 | } |
| 602 | 602 | |
| 603 | 603 | /* Begin generating the page |
| 604 | 604 | */ |
| 605 | - style_submenu_element("Cancel", cgi_referer("setup_ulist")); | |
| 605 | + style_submenu_element("Cancel", "%s", cgi_referer("setup_ulist")); | |
| 606 | 606 | if( uid ){ |
| 607 | 607 | style_header("Edit User %h", zLogin); |
| 608 | 608 | style_submenu_element("Access Log", "%R/access_log?u=%t", zLogin); |
| 609 | 609 | }else{ |
| 610 | 610 | style_header("Add A New User"); |
| 611 | 611 |
| --- src/setup.c | |
| +++ src/setup.c | |
| @@ -600,11 +600,11 @@ | |
| 600 | free(z2); |
| 601 | } |
| 602 | |
| 603 | /* Begin generating the page |
| 604 | */ |
| 605 | style_submenu_element("Cancel", cgi_referer("setup_ulist")); |
| 606 | if( uid ){ |
| 607 | style_header("Edit User %h", zLogin); |
| 608 | style_submenu_element("Access Log", "%R/access_log?u=%t", zLogin); |
| 609 | }else{ |
| 610 | style_header("Add A New User"); |
| 611 |
| --- src/setup.c | |
| +++ src/setup.c | |
| @@ -600,11 +600,11 @@ | |
| 600 | free(z2); |
| 601 | } |
| 602 | |
| 603 | /* Begin generating the page |
| 604 | */ |
| 605 | style_submenu_element("Cancel", "%s", cgi_referer("setup_ulist")); |
| 606 | if( uid ){ |
| 607 | style_header("Edit User %h", zLogin); |
| 608 | style_submenu_element("Access Log", "%R/access_log?u=%t", zLogin); |
| 609 | }else{ |
| 610 | style_header("Add A New User"); |
| 611 |
+8
-8
| --- src/skins.c | ||
| +++ src/skins.c | ||
| @@ -667,11 +667,11 @@ | ||
| 667 | 667 | static const char *skin_file_content(const char *zLabel, const char *zFile){ |
| 668 | 668 | const char *zResult; |
| 669 | 669 | if( fossil_strcmp(zLabel, "current")==0 ){ |
| 670 | 670 | zResult = db_get(zFile, ""); |
| 671 | 671 | }else if( sqlite3_strglob("draft[1-9]", zLabel)==0 ){ |
| 672 | - zResult = db_get_mprintf("%s-%s", "", zLabel, zFile); | |
| 672 | + zResult = db_get_mprintf("", "%s-%s", zLabel, zFile); | |
| 673 | 673 | }else{ |
| 674 | 674 | while( 1 ){ |
| 675 | 675 | char *zKey = mprintf("skins/%s/%s.txt", zLabel, zFile); |
| 676 | 676 | zResult = builtin_text(zKey); |
| 677 | 677 | fossil_free(zKey); |
| @@ -718,11 +718,11 @@ | ||
| 718 | 718 | iSkin = atoi(PD("sk","1")); |
| 719 | 719 | if( iSkin<1 || iSkin>9 ) iSkin = 1; |
| 720 | 720 | |
| 721 | 721 | /* Check that the user is authorized to edit this skin. */ |
| 722 | 722 | if( !g.perm.Setup ){ |
| 723 | - char *zAllowedEditors = db_get_mprintf("draft%d-users", "", iSkin); | |
| 723 | + char *zAllowedEditors = db_get_mprintf("", "draft%d-users", iSkin); | |
| 724 | 724 | Glob *pAllowedEditors; |
| 725 | 725 | if( zAllowedEditors[0] ){ |
| 726 | 726 | pAllowedEditors = glob_create(zAllowedEditors); |
| 727 | 727 | if( !glob_match(pAllowedEditors, zAllowedEditors) ){ |
| 728 | 728 | login_needed(0); |
| @@ -801,11 +801,11 @@ | ||
| 801 | 801 | static void skin_initialize_draft(int iSkin, const char *zTemplate){ |
| 802 | 802 | int i; |
| 803 | 803 | if( zTemplate==0 ) return; |
| 804 | 804 | for(i=0; i<count(azSkinFile); i++){ |
| 805 | 805 | const char *z = skin_file_content(zTemplate, azSkinFile[i]); |
| 806 | - db_set_mprintf("draft%d-%s", z, 0, iSkin, azSkinFile[i]); | |
| 806 | + db_set_mprintf(z, 0, "draft%d-%s", iSkin, azSkinFile[i]); | |
| 807 | 807 | } |
| 808 | 808 | } |
| 809 | 809 | |
| 810 | 810 | /* |
| 811 | 811 | ** Publish the draft skin iSkin as the new default. |
| @@ -838,11 +838,11 @@ | ||
| 838 | 838 | ); |
| 839 | 839 | } |
| 840 | 840 | |
| 841 | 841 | /* Publish draft iSkin */ |
| 842 | 842 | for(i=0; i<count(azSkinFile); i++){ |
| 843 | - char *zNew = db_get_mprintf("draft%d-%s", "", iSkin, azSkinFile[i]); | |
| 843 | + char *zNew = db_get_mprintf("", "draft%d-%s", iSkin, azSkinFile[i]); | |
| 844 | 844 | db_set(azSkinFile[i], zNew, 0); |
| 845 | 845 | } |
| 846 | 846 | } |
| 847 | 847 | |
| 848 | 848 | /* |
| @@ -872,11 +872,11 @@ | ||
| 872 | 872 | |
| 873 | 873 | /* Figure out if the current user is allowed to make administrative |
| 874 | 874 | ** changes and/or edits |
| 875 | 875 | */ |
| 876 | 876 | login_check_credentials(); |
| 877 | - zAllowedEditors = db_get_mprintf("draft%d-users", "", iSkin); | |
| 877 | + zAllowedEditors = db_get_mprintf("", "draft%d-users", iSkin); | |
| 878 | 878 | if( g.perm.Setup ){ |
| 879 | 879 | isSetup = isEditor = 1; |
| 880 | 880 | }else{ |
| 881 | 881 | Glob *pAllowedEditors; |
| 882 | 882 | isSetup = isEditor = 0; |
| @@ -890,12 +890,12 @@ | ||
| 890 | 890 | /* Initialize the skin, if requested and authorized. */ |
| 891 | 891 | if( P("init3")!=0 && isEditor ){ |
| 892 | 892 | skin_initialize_draft(iSkin, P("initskin")); |
| 893 | 893 | } |
| 894 | 894 | if( P("submit2")!=0 && isSetup ){ |
| 895 | - db_set_mprintf("draft%d-users", PD("editors",""), 0, iSkin); | |
| 896 | - zAllowedEditors = db_get_mprintf("draft%d-users", "", iSkin); | |
| 895 | + db_set_mprintf(PD("editors",""), 0, "draft%d-users", iSkin); | |
| 896 | + zAllowedEditors = db_get_mprintf("", "draft%d-users", iSkin); | |
| 897 | 897 | } |
| 898 | 898 | |
| 899 | 899 | /* Publish the draft skin */ |
| 900 | 900 | if( P("pub7")!=0 && PB("pub7ck1") && PB("pub7ck2") ){ |
| 901 | 901 | skin_publish(iSkin); |
| @@ -959,11 +959,11 @@ | ||
| 959 | 959 | @ |
| 960 | 960 | @ <a name='step3'></a> |
| 961 | 961 | @ <h1>Step 3: Initialize The Draft</h1> |
| 962 | 962 | @ |
| 963 | 963 | if( !isEditor ){ |
| 964 | - @ <p>You are not allowed to initialize draft%(iSkin). Contact | |
| 964 | + @ <p>You are not allowed to initialize draft%d(iSkin). Contact | |
| 965 | 965 | @ the administrator for this repository for more information. |
| 966 | 966 | }else{ |
| 967 | 967 | @ <p>Initialize the draft%d(iSkin) skin to one of the built-in skins |
| 968 | 968 | @ or a preexisting skin, to use as a baseline.</p> |
| 969 | 969 | @ |
| 970 | 970 |
| --- src/skins.c | |
| +++ src/skins.c | |
| @@ -667,11 +667,11 @@ | |
| 667 | static const char *skin_file_content(const char *zLabel, const char *zFile){ |
| 668 | const char *zResult; |
| 669 | if( fossil_strcmp(zLabel, "current")==0 ){ |
| 670 | zResult = db_get(zFile, ""); |
| 671 | }else if( sqlite3_strglob("draft[1-9]", zLabel)==0 ){ |
| 672 | zResult = db_get_mprintf("%s-%s", "", zLabel, zFile); |
| 673 | }else{ |
| 674 | while( 1 ){ |
| 675 | char *zKey = mprintf("skins/%s/%s.txt", zLabel, zFile); |
| 676 | zResult = builtin_text(zKey); |
| 677 | fossil_free(zKey); |
| @@ -718,11 +718,11 @@ | |
| 718 | iSkin = atoi(PD("sk","1")); |
| 719 | if( iSkin<1 || iSkin>9 ) iSkin = 1; |
| 720 | |
| 721 | /* Check that the user is authorized to edit this skin. */ |
| 722 | if( !g.perm.Setup ){ |
| 723 | char *zAllowedEditors = db_get_mprintf("draft%d-users", "", iSkin); |
| 724 | Glob *pAllowedEditors; |
| 725 | if( zAllowedEditors[0] ){ |
| 726 | pAllowedEditors = glob_create(zAllowedEditors); |
| 727 | if( !glob_match(pAllowedEditors, zAllowedEditors) ){ |
| 728 | login_needed(0); |
| @@ -801,11 +801,11 @@ | |
| 801 | static void skin_initialize_draft(int iSkin, const char *zTemplate){ |
| 802 | int i; |
| 803 | if( zTemplate==0 ) return; |
| 804 | for(i=0; i<count(azSkinFile); i++){ |
| 805 | const char *z = skin_file_content(zTemplate, azSkinFile[i]); |
| 806 | db_set_mprintf("draft%d-%s", z, 0, iSkin, azSkinFile[i]); |
| 807 | } |
| 808 | } |
| 809 | |
| 810 | /* |
| 811 | ** Publish the draft skin iSkin as the new default. |
| @@ -838,11 +838,11 @@ | |
| 838 | ); |
| 839 | } |
| 840 | |
| 841 | /* Publish draft iSkin */ |
| 842 | for(i=0; i<count(azSkinFile); i++){ |
| 843 | char *zNew = db_get_mprintf("draft%d-%s", "", iSkin, azSkinFile[i]); |
| 844 | db_set(azSkinFile[i], zNew, 0); |
| 845 | } |
| 846 | } |
| 847 | |
| 848 | /* |
| @@ -872,11 +872,11 @@ | |
| 872 | |
| 873 | /* Figure out if the current user is allowed to make administrative |
| 874 | ** changes and/or edits |
| 875 | */ |
| 876 | login_check_credentials(); |
| 877 | zAllowedEditors = db_get_mprintf("draft%d-users", "", iSkin); |
| 878 | if( g.perm.Setup ){ |
| 879 | isSetup = isEditor = 1; |
| 880 | }else{ |
| 881 | Glob *pAllowedEditors; |
| 882 | isSetup = isEditor = 0; |
| @@ -890,12 +890,12 @@ | |
| 890 | /* Initialize the skin, if requested and authorized. */ |
| 891 | if( P("init3")!=0 && isEditor ){ |
| 892 | skin_initialize_draft(iSkin, P("initskin")); |
| 893 | } |
| 894 | if( P("submit2")!=0 && isSetup ){ |
| 895 | db_set_mprintf("draft%d-users", PD("editors",""), 0, iSkin); |
| 896 | zAllowedEditors = db_get_mprintf("draft%d-users", "", iSkin); |
| 897 | } |
| 898 | |
| 899 | /* Publish the draft skin */ |
| 900 | if( P("pub7")!=0 && PB("pub7ck1") && PB("pub7ck2") ){ |
| 901 | skin_publish(iSkin); |
| @@ -959,11 +959,11 @@ | |
| 959 | @ |
| 960 | @ <a name='step3'></a> |
| 961 | @ <h1>Step 3: Initialize The Draft</h1> |
| 962 | @ |
| 963 | if( !isEditor ){ |
| 964 | @ <p>You are not allowed to initialize draft%(iSkin). Contact |
| 965 | @ the administrator for this repository for more information. |
| 966 | }else{ |
| 967 | @ <p>Initialize the draft%d(iSkin) skin to one of the built-in skins |
| 968 | @ or a preexisting skin, to use as a baseline.</p> |
| 969 | @ |
| 970 |
| --- src/skins.c | |
| +++ src/skins.c | |
| @@ -667,11 +667,11 @@ | |
| 667 | static const char *skin_file_content(const char *zLabel, const char *zFile){ |
| 668 | const char *zResult; |
| 669 | if( fossil_strcmp(zLabel, "current")==0 ){ |
| 670 | zResult = db_get(zFile, ""); |
| 671 | }else if( sqlite3_strglob("draft[1-9]", zLabel)==0 ){ |
| 672 | zResult = db_get_mprintf("", "%s-%s", zLabel, zFile); |
| 673 | }else{ |
| 674 | while( 1 ){ |
| 675 | char *zKey = mprintf("skins/%s/%s.txt", zLabel, zFile); |
| 676 | zResult = builtin_text(zKey); |
| 677 | fossil_free(zKey); |
| @@ -718,11 +718,11 @@ | |
| 718 | iSkin = atoi(PD("sk","1")); |
| 719 | if( iSkin<1 || iSkin>9 ) iSkin = 1; |
| 720 | |
| 721 | /* Check that the user is authorized to edit this skin. */ |
| 722 | if( !g.perm.Setup ){ |
| 723 | char *zAllowedEditors = db_get_mprintf("", "draft%d-users", iSkin); |
| 724 | Glob *pAllowedEditors; |
| 725 | if( zAllowedEditors[0] ){ |
| 726 | pAllowedEditors = glob_create(zAllowedEditors); |
| 727 | if( !glob_match(pAllowedEditors, zAllowedEditors) ){ |
| 728 | login_needed(0); |
| @@ -801,11 +801,11 @@ | |
| 801 | static void skin_initialize_draft(int iSkin, const char *zTemplate){ |
| 802 | int i; |
| 803 | if( zTemplate==0 ) return; |
| 804 | for(i=0; i<count(azSkinFile); i++){ |
| 805 | const char *z = skin_file_content(zTemplate, azSkinFile[i]); |
| 806 | db_set_mprintf(z, 0, "draft%d-%s", iSkin, azSkinFile[i]); |
| 807 | } |
| 808 | } |
| 809 | |
| 810 | /* |
| 811 | ** Publish the draft skin iSkin as the new default. |
| @@ -838,11 +838,11 @@ | |
| 838 | ); |
| 839 | } |
| 840 | |
| 841 | /* Publish draft iSkin */ |
| 842 | for(i=0; i<count(azSkinFile); i++){ |
| 843 | char *zNew = db_get_mprintf("", "draft%d-%s", iSkin, azSkinFile[i]); |
| 844 | db_set(azSkinFile[i], zNew, 0); |
| 845 | } |
| 846 | } |
| 847 | |
| 848 | /* |
| @@ -872,11 +872,11 @@ | |
| 872 | |
| 873 | /* Figure out if the current user is allowed to make administrative |
| 874 | ** changes and/or edits |
| 875 | */ |
| 876 | login_check_credentials(); |
| 877 | zAllowedEditors = db_get_mprintf("", "draft%d-users", iSkin); |
| 878 | if( g.perm.Setup ){ |
| 879 | isSetup = isEditor = 1; |
| 880 | }else{ |
| 881 | Glob *pAllowedEditors; |
| 882 | isSetup = isEditor = 0; |
| @@ -890,12 +890,12 @@ | |
| 890 | /* Initialize the skin, if requested and authorized. */ |
| 891 | if( P("init3")!=0 && isEditor ){ |
| 892 | skin_initialize_draft(iSkin, P("initskin")); |
| 893 | } |
| 894 | if( P("submit2")!=0 && isSetup ){ |
| 895 | db_set_mprintf(PD("editors",""), 0, "draft%d-users", iSkin); |
| 896 | zAllowedEditors = db_get_mprintf("", "draft%d-users", iSkin); |
| 897 | } |
| 898 | |
| 899 | /* Publish the draft skin */ |
| 900 | if( P("pub7")!=0 && PB("pub7ck1") && PB("pub7ck2") ){ |
| 901 | skin_publish(iSkin); |
| @@ -959,11 +959,11 @@ | |
| 959 | @ |
| 960 | @ <a name='step3'></a> |
| 961 | @ <h1>Step 3: Initialize The Draft</h1> |
| 962 | @ |
| 963 | if( !isEditor ){ |
| 964 | @ <p>You are not allowed to initialize draft%d(iSkin). Contact |
| 965 | @ the administrator for this repository for more information. |
| 966 | }else{ |
| 967 | @ <p>Initialize the draft%d(iSkin) skin to one of the built-in skins |
| 968 | @ or a preexisting skin, to use as a baseline.</p> |
| 969 | @ |
| 970 |