Fossil SCM
Add a security audit warning if the strict-manifest-syntax flag is switched off.
Commit
3105bedff2deca050dd6f7767977d5b8cc1cd299f7e8e3c4822a654c1fd7056f
Parent
4df8c856ee7201b…
1 file changed
+8
+8
| --- src/security_audit.c | ||
| +++ src/security_audit.c | ||
| @@ -281,10 +281,18 @@ | ||
| 281 | 281 | @ <p>Fix this by removing the "Mod-Wiki", "Mod-Tkt", and "Mod-Forum" |
| 282 | 282 | @ privileges (<a href="%R/setup_ucap_list">capabilities</a> "fq5") |
| 283 | 283 | @ from users "anonymous" and "nobody" |
| 284 | 284 | @ on the <a href="setup_ulist">User Configuration</a> page. |
| 285 | 285 | } |
| 286 | + | |
| 287 | + /* The strict-manifest-syntax setting should be on. */ | |
| 288 | + if( db_get_boolean("strict-manifest-syntax",1)==0 ){ | |
| 289 | + @ <li><p><b>WARNING:</b> | |
| 290 | + @ The "strict-manifest-syntax" flag is off. This is a security | |
| 291 | + @ risk. Turn this setting on (its default) to protect the users | |
| 292 | + @ of this repository. | |
| 293 | + } | |
| 286 | 294 | |
| 287 | 295 | /* Obsolete: */ |
| 288 | 296 | if( hasAnyCap(zAnonCap, "d") || |
| 289 | 297 | hasAnyCap(zDevCap, "d") || |
| 290 | 298 | hasAnyCap(zReadCap, "d") ){ |
| 291 | 299 |
| --- src/security_audit.c | |
| +++ src/security_audit.c | |
| @@ -281,10 +281,18 @@ | |
| 281 | @ <p>Fix this by removing the "Mod-Wiki", "Mod-Tkt", and "Mod-Forum" |
| 282 | @ privileges (<a href="%R/setup_ucap_list">capabilities</a> "fq5") |
| 283 | @ from users "anonymous" and "nobody" |
| 284 | @ on the <a href="setup_ulist">User Configuration</a> page. |
| 285 | } |
| 286 | |
| 287 | /* Obsolete: */ |
| 288 | if( hasAnyCap(zAnonCap, "d") || |
| 289 | hasAnyCap(zDevCap, "d") || |
| 290 | hasAnyCap(zReadCap, "d") ){ |
| 291 |
| --- src/security_audit.c | |
| +++ src/security_audit.c | |
| @@ -281,10 +281,18 @@ | |
| 281 | @ <p>Fix this by removing the "Mod-Wiki", "Mod-Tkt", and "Mod-Forum" |
| 282 | @ privileges (<a href="%R/setup_ucap_list">capabilities</a> "fq5") |
| 283 | @ from users "anonymous" and "nobody" |
| 284 | @ on the <a href="setup_ulist">User Configuration</a> page. |
| 285 | } |
| 286 | |
| 287 | /* The strict-manifest-syntax setting should be on. */ |
| 288 | if( db_get_boolean("strict-manifest-syntax",1)==0 ){ |
| 289 | @ <li><p><b>WARNING:</b> |
| 290 | @ The "strict-manifest-syntax" flag is off. This is a security |
| 291 | @ risk. Turn this setting on (its default) to protect the users |
| 292 | @ of this repository. |
| 293 | } |
| 294 | |
| 295 | /* Obsolete: */ |
| 296 | if( hasAnyCap(zAnonCap, "d") || |
| 297 | hasAnyCap(zDevCap, "d") || |
| 298 | hasAnyCap(zReadCap, "d") ){ |
| 299 |