Fossil SCM
Identify security-sensitive settings.
Commit
3bccd7fff28d8332a74a4e02dd2fa5746da2f3b34ba9b69282b85bc65bddb305
Parent
f98ef3c1034e1d8…
4 files changed
+5
-5
+17
-17
+17
-17
+3
+5
-5
| --- src/alerts.c | ||
| +++ src/alerts.c | ||
| @@ -936,11 +936,11 @@ | ||
| 936 | 936 | ** This is a short name used to identifies the repository in the Subject: |
| 937 | 937 | ** line of email alerts. Traditionally this name is included in square |
| 938 | 938 | ** brackets. Examples: "[fossil-src]", "[sqlite-src]". |
| 939 | 939 | */ |
| 940 | 940 | /* |
| 941 | -** SETTING: email-send-method width=5 default=off | |
| 941 | +** SETTING: email-send-method width=5 default=off sensitive | |
| 942 | 942 | ** Determine the method used to send email. Allowed values are |
| 943 | 943 | ** "off", "relay", "pipe", "dir", "db", and "stdout". The "off" value |
| 944 | 944 | ** means no email is ever sent. The "relay" value means emails are sent |
| 945 | 945 | ** to an Mail Sending Agent using SMTP located at email-send-relayhost. |
| 946 | 946 | ** The "pipe" value means email messages are piped into a command |
| @@ -949,33 +949,33 @@ | ||
| 949 | 949 | ** by the email-send-dir setting. The "db" value means that emails |
| 950 | 950 | ** are added to an SQLite database named by the* email-send-db setting. |
| 951 | 951 | ** The "stdout" value writes email text to standard output, for debugging. |
| 952 | 952 | */ |
| 953 | 953 | /* |
| 954 | -** SETTING: email-send-command width=40 | |
| 954 | +** SETTING: email-send-command width=40 sensitive | |
| 955 | 955 | ** This is a command to which outbound email content is piped when the |
| 956 | 956 | ** email-send-method is set to "pipe". The command must extract |
| 957 | 957 | ** recipient, sender, subject, and all other relevant information |
| 958 | 958 | ** from the email header. |
| 959 | 959 | */ |
| 960 | 960 | /* |
| 961 | -** SETTING: email-send-dir width=40 | |
| 961 | +** SETTING: email-send-dir width=40 sensitive | |
| 962 | 962 | ** This is a directory into which outbound emails are written as individual |
| 963 | 963 | ** files if the email-send-method is set to "dir". |
| 964 | 964 | */ |
| 965 | 965 | /* |
| 966 | -** SETTING: email-send-db width=40 | |
| 966 | +** SETTING: email-send-db width=40 sensitive | |
| 967 | 967 | ** This is an SQLite database file into which outbound emails are written |
| 968 | 968 | ** if the email-send-method is set to "db". |
| 969 | 969 | */ |
| 970 | 970 | /* |
| 971 | 971 | ** SETTING: email-self width=40 |
| 972 | 972 | ** This is the email address for the repository. Outbound emails add |
| 973 | 973 | ** this email address as the "From:" field. |
| 974 | 974 | */ |
| 975 | 975 | /* |
| 976 | -** SETTING: email-send-relayhost width=40 | |
| 976 | +** SETTING: email-send-relayhost width=40 sensitive | |
| 977 | 977 | ** This is the hostname and TCP port to which output email messages |
| 978 | 978 | ** are sent when email-send-method is "relay". There should be an |
| 979 | 979 | ** SMTP server configured as a Mail Submission Agent listening on the |
| 980 | 980 | ** designated host and port and all times. |
| 981 | 981 | */ |
| 982 | 982 |
| --- src/alerts.c | |
| +++ src/alerts.c | |
| @@ -936,11 +936,11 @@ | |
| 936 | ** This is a short name used to identifies the repository in the Subject: |
| 937 | ** line of email alerts. Traditionally this name is included in square |
| 938 | ** brackets. Examples: "[fossil-src]", "[sqlite-src]". |
| 939 | */ |
| 940 | /* |
| 941 | ** SETTING: email-send-method width=5 default=off |
| 942 | ** Determine the method used to send email. Allowed values are |
| 943 | ** "off", "relay", "pipe", "dir", "db", and "stdout". The "off" value |
| 944 | ** means no email is ever sent. The "relay" value means emails are sent |
| 945 | ** to an Mail Sending Agent using SMTP located at email-send-relayhost. |
| 946 | ** The "pipe" value means email messages are piped into a command |
| @@ -949,33 +949,33 @@ | |
| 949 | ** by the email-send-dir setting. The "db" value means that emails |
| 950 | ** are added to an SQLite database named by the* email-send-db setting. |
| 951 | ** The "stdout" value writes email text to standard output, for debugging. |
| 952 | */ |
| 953 | /* |
| 954 | ** SETTING: email-send-command width=40 |
| 955 | ** This is a command to which outbound email content is piped when the |
| 956 | ** email-send-method is set to "pipe". The command must extract |
| 957 | ** recipient, sender, subject, and all other relevant information |
| 958 | ** from the email header. |
| 959 | */ |
| 960 | /* |
| 961 | ** SETTING: email-send-dir width=40 |
| 962 | ** This is a directory into which outbound emails are written as individual |
| 963 | ** files if the email-send-method is set to "dir". |
| 964 | */ |
| 965 | /* |
| 966 | ** SETTING: email-send-db width=40 |
| 967 | ** This is an SQLite database file into which outbound emails are written |
| 968 | ** if the email-send-method is set to "db". |
| 969 | */ |
| 970 | /* |
| 971 | ** SETTING: email-self width=40 |
| 972 | ** This is the email address for the repository. Outbound emails add |
| 973 | ** this email address as the "From:" field. |
| 974 | */ |
| 975 | /* |
| 976 | ** SETTING: email-send-relayhost width=40 |
| 977 | ** This is the hostname and TCP port to which output email messages |
| 978 | ** are sent when email-send-method is "relay". There should be an |
| 979 | ** SMTP server configured as a Mail Submission Agent listening on the |
| 980 | ** designated host and port and all times. |
| 981 | */ |
| 982 |
| --- src/alerts.c | |
| +++ src/alerts.c | |
| @@ -936,11 +936,11 @@ | |
| 936 | ** This is a short name used to identifies the repository in the Subject: |
| 937 | ** line of email alerts. Traditionally this name is included in square |
| 938 | ** brackets. Examples: "[fossil-src]", "[sqlite-src]". |
| 939 | */ |
| 940 | /* |
| 941 | ** SETTING: email-send-method width=5 default=off sensitive |
| 942 | ** Determine the method used to send email. Allowed values are |
| 943 | ** "off", "relay", "pipe", "dir", "db", and "stdout". The "off" value |
| 944 | ** means no email is ever sent. The "relay" value means emails are sent |
| 945 | ** to an Mail Sending Agent using SMTP located at email-send-relayhost. |
| 946 | ** The "pipe" value means email messages are piped into a command |
| @@ -949,33 +949,33 @@ | |
| 949 | ** by the email-send-dir setting. The "db" value means that emails |
| 950 | ** are added to an SQLite database named by the* email-send-db setting. |
| 951 | ** The "stdout" value writes email text to standard output, for debugging. |
| 952 | */ |
| 953 | /* |
| 954 | ** SETTING: email-send-command width=40 sensitive |
| 955 | ** This is a command to which outbound email content is piped when the |
| 956 | ** email-send-method is set to "pipe". The command must extract |
| 957 | ** recipient, sender, subject, and all other relevant information |
| 958 | ** from the email header. |
| 959 | */ |
| 960 | /* |
| 961 | ** SETTING: email-send-dir width=40 sensitive |
| 962 | ** This is a directory into which outbound emails are written as individual |
| 963 | ** files if the email-send-method is set to "dir". |
| 964 | */ |
| 965 | /* |
| 966 | ** SETTING: email-send-db width=40 sensitive |
| 967 | ** This is an SQLite database file into which outbound emails are written |
| 968 | ** if the email-send-method is set to "db". |
| 969 | */ |
| 970 | /* |
| 971 | ** SETTING: email-self width=40 |
| 972 | ** This is the email address for the repository. Outbound emails add |
| 973 | ** this email address as the "From:" field. |
| 974 | */ |
| 975 | /* |
| 976 | ** SETTING: email-send-relayhost width=40 sensitive |
| 977 | ** This is the hostname and TCP port to which output email messages |
| 978 | ** are sent when email-send-method is "relay". There should be an |
| 979 | ** SMTP server configured as a Mail Submission Agent listening on the |
| 980 | ** designated host and port and all times. |
| 981 | */ |
| 982 |
M
src/db.c
+17
-17
| --- src/db.c | ||
| +++ src/db.c | ||
| @@ -3464,11 +3464,11 @@ | ||
| 3464 | 3464 | ** |
| 3465 | 3465 | ** When the admin-log setting is enabled, configuration changes are recorded |
| 3466 | 3466 | ** in the "admin_log" table of the repository. |
| 3467 | 3467 | */ |
| 3468 | 3468 | /* |
| 3469 | -** SETTING: allow-symlinks boolean default=off | |
| 3469 | +** SETTING: allow-symlinks boolean default=off sensitive | |
| 3470 | 3470 | ** |
| 3471 | 3471 | ** When allow-symlinks is OFF (which is the default and recommended setting) |
| 3472 | 3472 | ** symbolic links a treated like text files that contain a single line of |
| 3473 | 3473 | ** content which is the name of their target. If allow-symlinks is ON, |
| 3474 | 3474 | ** the symbolic links are actually followed. |
| @@ -3532,11 +3532,11 @@ | ||
| 3532 | 3532 | ** there is no cron job periodically running "fossil backoffice", |
| 3533 | 3533 | ** email notifications and other work normally done by the |
| 3534 | 3534 | ** backoffice will not occur. |
| 3535 | 3535 | */ |
| 3536 | 3536 | /* |
| 3537 | -** SETTING: backoffice-logfile width=40 | |
| 3537 | +** SETTING: backoffice-logfile width=40 sensitive | |
| 3538 | 3538 | ** If backoffice-logfile is not an empty string and is a valid |
| 3539 | 3539 | ** filename, then a one-line message is appended to that file |
| 3540 | 3540 | ** every time the backoffice runs. This can be used for debugging, |
| 3541 | 3541 | ** to ensure that backoffice is running appropriately. |
| 3542 | 3542 | */ |
| @@ -3609,11 +3609,11 @@ | ||
| 3609 | 3609 | /* |
| 3610 | 3610 | ** SETTING: crnl-glob width=40 versionable block-text |
| 3611 | 3611 | ** This is an alias for the crlf-glob setting. |
| 3612 | 3612 | */ |
| 3613 | 3613 | /* |
| 3614 | -** SETTING: default-perms width=16 default=u | |
| 3614 | +** SETTING: default-perms width=16 default=u sensitive | |
| 3615 | 3615 | ** Permissions given automatically to new users. For more |
| 3616 | 3616 | ** information on permissions see the Users page in Server |
| 3617 | 3617 | ** Administration of the HTTP UI. |
| 3618 | 3618 | */ |
| 3619 | 3619 | /* |
| @@ -3621,11 +3621,11 @@ | ||
| 3621 | 3621 | ** If enabled, permit files that may be binary |
| 3622 | 3622 | ** or that match the "binary-glob" setting to be used with |
| 3623 | 3623 | ** external diff programs. If disabled, skip these files. |
| 3624 | 3624 | */ |
| 3625 | 3625 | /* |
| 3626 | -** SETTING: diff-command width=40 | |
| 3626 | +** SETTING: diff-command width=40 sensitive | |
| 3627 | 3627 | ** The value is an external command to run when performing a diff. |
| 3628 | 3628 | ** If undefined, the internal text diff will be used. |
| 3629 | 3629 | */ |
| 3630 | 3630 | /* |
| 3631 | 3631 | ** SETTING: dont-push boolean default=off |
| @@ -3636,11 +3636,11 @@ | ||
| 3636 | 3636 | /* |
| 3637 | 3637 | ** SETTING: dotfiles boolean versionable default=off |
| 3638 | 3638 | ** If enabled, include --dotfiles option for all compatible commands. |
| 3639 | 3639 | */ |
| 3640 | 3640 | /* |
| 3641 | -** SETTING: editor width=32 | |
| 3641 | +** SETTING: editor width=32 sensitive | |
| 3642 | 3642 | ** The value is an external command that will launch the |
| 3643 | 3643 | ** text editor command used for check-in comments. |
| 3644 | 3644 | */ |
| 3645 | 3645 | /* |
| 3646 | 3646 | ** SETTING: empty-dirs width=40 versionable block-text |
| @@ -3679,16 +3679,16 @@ | ||
| 3679 | 3679 | ** An empty list prohibits editing via that page. Note that |
| 3680 | 3680 | ** it cannot edit binary files, so the list should not |
| 3681 | 3681 | ** contain any globs for, e.g., images or PDFs. |
| 3682 | 3682 | */ |
| 3683 | 3683 | /* |
| 3684 | -** SETTING: gdiff-command width=40 default=gdiff | |
| 3684 | +** SETTING: gdiff-command width=40 default=gdiff sensitive | |
| 3685 | 3685 | ** The value is an external command to run when performing a graphical |
| 3686 | 3686 | ** diff. If undefined, text diff will be used. |
| 3687 | 3687 | */ |
| 3688 | 3688 | /* |
| 3689 | -** SETTING: gmerge-command width=40 | |
| 3689 | +** SETTING: gmerge-command width=40 sensitive | |
| 3690 | 3690 | ** The value is a graphical merge conflict resolver command operating |
| 3691 | 3691 | ** on four files. Examples: |
| 3692 | 3692 | ** |
| 3693 | 3693 | ** kdiff3 "%baseline" "%original" "%merge" -o "%output" |
| 3694 | 3694 | ** xxdiff "%original" "%baseline" "%merge" -M "%output" |
| @@ -3819,11 +3819,11 @@ | ||
| 3819 | 3819 | ** the associated files within the checkout -AND- the "rm" |
| 3820 | 3820 | ** and "delete" commands will also remove the associated |
| 3821 | 3821 | ** files from within the checkout. |
| 3822 | 3822 | */ |
| 3823 | 3823 | /* |
| 3824 | -** SETTING: pgp-command width=40 | |
| 3824 | +** SETTING: pgp-command width=40 sensitive | |
| 3825 | 3825 | ** Command used to clear-sign manifests at check-in. |
| 3826 | 3826 | ** Default value is "gpg --clearsign -o" |
| 3827 | 3827 | */ |
| 3828 | 3828 | /* |
| 3829 | 3829 | ** SETTING: forbid-delta-manifests boolean default=off |
| @@ -3879,22 +3879,22 @@ | ||
| 3879 | 3879 | ** |
| 3880 | 3880 | ** If repolist-skin has a value of 2, then the repository is omitted from |
| 3881 | 3881 | ** the list in use cases 1 through 4, but not for 5 and 6. |
| 3882 | 3882 | */ |
| 3883 | 3883 | /* |
| 3884 | -** SETTING: self-register boolean default=off | |
| 3884 | +** SETTING: self-register boolean default=off sensitive | |
| 3885 | 3885 | ** Allow users to register themselves through the HTTP UI. |
| 3886 | 3886 | ** This is useful if you want to see other names than |
| 3887 | 3887 | ** "Anonymous" in e.g. ticketing system. On the other hand |
| 3888 | 3888 | ** users can not be deleted. |
| 3889 | 3889 | */ |
| 3890 | 3890 | /* |
| 3891 | -** SETTING: ssh-command width=40 | |
| 3891 | +** SETTING: ssh-command width=40 sensitive | |
| 3892 | 3892 | ** The command used to talk to a remote machine with the "ssh://" protocol. |
| 3893 | 3893 | */ |
| 3894 | 3894 | /* |
| 3895 | -** SETTING: ssl-ca-location width=40 | |
| 3895 | +** SETTING: ssl-ca-location width=40 sensitive | |
| 3896 | 3896 | ** The full pathname to a file containing PEM encoded |
| 3897 | 3897 | ** CA root certificates, or a directory of certificates |
| 3898 | 3898 | ** with filenames formed from the certificate hashes as |
| 3899 | 3899 | ** required by OpenSSL. |
| 3900 | 3900 | ** |
| @@ -3904,11 +3904,11 @@ | ||
| 3904 | 3904 | ** Checking your platform behaviour is required if the |
| 3905 | 3905 | ** exact contents of the CA root is critical for your |
| 3906 | 3906 | ** application. |
| 3907 | 3907 | */ |
| 3908 | 3908 | /* |
| 3909 | -** SETTING: ssl-identity width=40 | |
| 3909 | +** SETTING: ssl-identity width=40 sensitive | |
| 3910 | 3910 | ** The full pathname to a file containing a certificate |
| 3911 | 3911 | ** and private key in PEM format. Create by concatenating |
| 3912 | 3912 | ** the certificate and private key files. |
| 3913 | 3913 | ** |
| 3914 | 3914 | ** This identity will be presented to SSL servers to |
| @@ -3915,33 +3915,33 @@ | ||
| 3915 | 3915 | ** authenticate this client, in addition to the normal |
| 3916 | 3916 | ** password authentication. |
| 3917 | 3917 | */ |
| 3918 | 3918 | #ifdef FOSSIL_ENABLE_TCL |
| 3919 | 3919 | /* |
| 3920 | -** SETTING: tcl boolean default=off | |
| 3920 | +** SETTING: tcl boolean default=off sensitive | |
| 3921 | 3921 | ** If enabled Tcl integration commands will be added to the TH1 |
| 3922 | 3922 | ** interpreter, allowing arbitrary Tcl expressions and |
| 3923 | 3923 | ** scripts to be evaluated from TH1. Additionally, the Tcl |
| 3924 | 3924 | ** interpreter will be able to evaluate arbitrary TH1 |
| 3925 | 3925 | ** expressions and scripts. |
| 3926 | 3926 | */ |
| 3927 | 3927 | /* |
| 3928 | -** SETTING: tcl-setup width=40 block-text | |
| 3928 | +** SETTING: tcl-setup width=40 block-text sensitive | |
| 3929 | 3929 | ** This is the setup script to be evaluated after creating |
| 3930 | 3930 | ** and initializing the Tcl interpreter. By default, this |
| 3931 | 3931 | ** is empty and no extra setup is performed. |
| 3932 | 3932 | */ |
| 3933 | 3933 | #endif /* FOSSIL_ENABLE_TCL */ |
| 3934 | 3934 | /* |
| 3935 | -** SETTING: tclsh width=80 default=tclsh | |
| 3935 | +** SETTING: tclsh width=80 default=tclsh sensitive | |
| 3936 | 3936 | ** Name of the external TCL interpreter used for such things |
| 3937 | 3937 | ** as running the GUI diff viewer launched by the --tk option |
| 3938 | 3938 | ** of the various "diff" commands. |
| 3939 | 3939 | */ |
| 3940 | 3940 | #ifdef FOSSIL_ENABLE_TH1_DOCS |
| 3941 | 3941 | /* |
| 3942 | -** SETTING: th1-docs boolean default=off | |
| 3942 | +** SETTING: th1-docs boolean default=off sensitive | |
| 3943 | 3943 | ** If enabled, this allows embedded documentation files to contain |
| 3944 | 3944 | ** arbitrary TH1 scripts that are evaluated on the server. If native |
| 3945 | 3945 | ** Tcl integration is also enabled, this setting has the |
| 3946 | 3946 | ** potential to allow anybody with check-in privileges to |
| 3947 | 3947 | ** do almost anything that the associated operating system |
| @@ -3994,11 +3994,11 @@ | ||
| 3994 | 3994 | ** of a "fossil clone" or "fossil sync" command. The |
| 3995 | 3995 | ** default is false, in which case the -u option is |
| 3996 | 3996 | ** needed to clone or sync unversioned files. |
| 3997 | 3997 | */ |
| 3998 | 3998 | /* |
| 3999 | -** SETTING: web-browser width=30 | |
| 3999 | +** SETTING: web-browser width=30 sensitive | |
| 4000 | 4000 | ** A shell command used to launch your preferred |
| 4001 | 4001 | ** web browser when given a URL as an argument. |
| 4002 | 4002 | ** Defaults to "start" on windows, "open" on Mac, |
| 4003 | 4003 | ** and "firefox" on Unix. |
| 4004 | 4004 | */ |
| 4005 | 4005 |
| --- src/db.c | |
| +++ src/db.c | |
| @@ -3464,11 +3464,11 @@ | |
| 3464 | ** |
| 3465 | ** When the admin-log setting is enabled, configuration changes are recorded |
| 3466 | ** in the "admin_log" table of the repository. |
| 3467 | */ |
| 3468 | /* |
| 3469 | ** SETTING: allow-symlinks boolean default=off |
| 3470 | ** |
| 3471 | ** When allow-symlinks is OFF (which is the default and recommended setting) |
| 3472 | ** symbolic links a treated like text files that contain a single line of |
| 3473 | ** content which is the name of their target. If allow-symlinks is ON, |
| 3474 | ** the symbolic links are actually followed. |
| @@ -3532,11 +3532,11 @@ | |
| 3532 | ** there is no cron job periodically running "fossil backoffice", |
| 3533 | ** email notifications and other work normally done by the |
| 3534 | ** backoffice will not occur. |
| 3535 | */ |
| 3536 | /* |
| 3537 | ** SETTING: backoffice-logfile width=40 |
| 3538 | ** If backoffice-logfile is not an empty string and is a valid |
| 3539 | ** filename, then a one-line message is appended to that file |
| 3540 | ** every time the backoffice runs. This can be used for debugging, |
| 3541 | ** to ensure that backoffice is running appropriately. |
| 3542 | */ |
| @@ -3609,11 +3609,11 @@ | |
| 3609 | /* |
| 3610 | ** SETTING: crnl-glob width=40 versionable block-text |
| 3611 | ** This is an alias for the crlf-glob setting. |
| 3612 | */ |
| 3613 | /* |
| 3614 | ** SETTING: default-perms width=16 default=u |
| 3615 | ** Permissions given automatically to new users. For more |
| 3616 | ** information on permissions see the Users page in Server |
| 3617 | ** Administration of the HTTP UI. |
| 3618 | */ |
| 3619 | /* |
| @@ -3621,11 +3621,11 @@ | |
| 3621 | ** If enabled, permit files that may be binary |
| 3622 | ** or that match the "binary-glob" setting to be used with |
| 3623 | ** external diff programs. If disabled, skip these files. |
| 3624 | */ |
| 3625 | /* |
| 3626 | ** SETTING: diff-command width=40 |
| 3627 | ** The value is an external command to run when performing a diff. |
| 3628 | ** If undefined, the internal text diff will be used. |
| 3629 | */ |
| 3630 | /* |
| 3631 | ** SETTING: dont-push boolean default=off |
| @@ -3636,11 +3636,11 @@ | |
| 3636 | /* |
| 3637 | ** SETTING: dotfiles boolean versionable default=off |
| 3638 | ** If enabled, include --dotfiles option for all compatible commands. |
| 3639 | */ |
| 3640 | /* |
| 3641 | ** SETTING: editor width=32 |
| 3642 | ** The value is an external command that will launch the |
| 3643 | ** text editor command used for check-in comments. |
| 3644 | */ |
| 3645 | /* |
| 3646 | ** SETTING: empty-dirs width=40 versionable block-text |
| @@ -3679,16 +3679,16 @@ | |
| 3679 | ** An empty list prohibits editing via that page. Note that |
| 3680 | ** it cannot edit binary files, so the list should not |
| 3681 | ** contain any globs for, e.g., images or PDFs. |
| 3682 | */ |
| 3683 | /* |
| 3684 | ** SETTING: gdiff-command width=40 default=gdiff |
| 3685 | ** The value is an external command to run when performing a graphical |
| 3686 | ** diff. If undefined, text diff will be used. |
| 3687 | */ |
| 3688 | /* |
| 3689 | ** SETTING: gmerge-command width=40 |
| 3690 | ** The value is a graphical merge conflict resolver command operating |
| 3691 | ** on four files. Examples: |
| 3692 | ** |
| 3693 | ** kdiff3 "%baseline" "%original" "%merge" -o "%output" |
| 3694 | ** xxdiff "%original" "%baseline" "%merge" -M "%output" |
| @@ -3819,11 +3819,11 @@ | |
| 3819 | ** the associated files within the checkout -AND- the "rm" |
| 3820 | ** and "delete" commands will also remove the associated |
| 3821 | ** files from within the checkout. |
| 3822 | */ |
| 3823 | /* |
| 3824 | ** SETTING: pgp-command width=40 |
| 3825 | ** Command used to clear-sign manifests at check-in. |
| 3826 | ** Default value is "gpg --clearsign -o" |
| 3827 | */ |
| 3828 | /* |
| 3829 | ** SETTING: forbid-delta-manifests boolean default=off |
| @@ -3879,22 +3879,22 @@ | |
| 3879 | ** |
| 3880 | ** If repolist-skin has a value of 2, then the repository is omitted from |
| 3881 | ** the list in use cases 1 through 4, but not for 5 and 6. |
| 3882 | */ |
| 3883 | /* |
| 3884 | ** SETTING: self-register boolean default=off |
| 3885 | ** Allow users to register themselves through the HTTP UI. |
| 3886 | ** This is useful if you want to see other names than |
| 3887 | ** "Anonymous" in e.g. ticketing system. On the other hand |
| 3888 | ** users can not be deleted. |
| 3889 | */ |
| 3890 | /* |
| 3891 | ** SETTING: ssh-command width=40 |
| 3892 | ** The command used to talk to a remote machine with the "ssh://" protocol. |
| 3893 | */ |
| 3894 | /* |
| 3895 | ** SETTING: ssl-ca-location width=40 |
| 3896 | ** The full pathname to a file containing PEM encoded |
| 3897 | ** CA root certificates, or a directory of certificates |
| 3898 | ** with filenames formed from the certificate hashes as |
| 3899 | ** required by OpenSSL. |
| 3900 | ** |
| @@ -3904,11 +3904,11 @@ | |
| 3904 | ** Checking your platform behaviour is required if the |
| 3905 | ** exact contents of the CA root is critical for your |
| 3906 | ** application. |
| 3907 | */ |
| 3908 | /* |
| 3909 | ** SETTING: ssl-identity width=40 |
| 3910 | ** The full pathname to a file containing a certificate |
| 3911 | ** and private key in PEM format. Create by concatenating |
| 3912 | ** the certificate and private key files. |
| 3913 | ** |
| 3914 | ** This identity will be presented to SSL servers to |
| @@ -3915,33 +3915,33 @@ | |
| 3915 | ** authenticate this client, in addition to the normal |
| 3916 | ** password authentication. |
| 3917 | */ |
| 3918 | #ifdef FOSSIL_ENABLE_TCL |
| 3919 | /* |
| 3920 | ** SETTING: tcl boolean default=off |
| 3921 | ** If enabled Tcl integration commands will be added to the TH1 |
| 3922 | ** interpreter, allowing arbitrary Tcl expressions and |
| 3923 | ** scripts to be evaluated from TH1. Additionally, the Tcl |
| 3924 | ** interpreter will be able to evaluate arbitrary TH1 |
| 3925 | ** expressions and scripts. |
| 3926 | */ |
| 3927 | /* |
| 3928 | ** SETTING: tcl-setup width=40 block-text |
| 3929 | ** This is the setup script to be evaluated after creating |
| 3930 | ** and initializing the Tcl interpreter. By default, this |
| 3931 | ** is empty and no extra setup is performed. |
| 3932 | */ |
| 3933 | #endif /* FOSSIL_ENABLE_TCL */ |
| 3934 | /* |
| 3935 | ** SETTING: tclsh width=80 default=tclsh |
| 3936 | ** Name of the external TCL interpreter used for such things |
| 3937 | ** as running the GUI diff viewer launched by the --tk option |
| 3938 | ** of the various "diff" commands. |
| 3939 | */ |
| 3940 | #ifdef FOSSIL_ENABLE_TH1_DOCS |
| 3941 | /* |
| 3942 | ** SETTING: th1-docs boolean default=off |
| 3943 | ** If enabled, this allows embedded documentation files to contain |
| 3944 | ** arbitrary TH1 scripts that are evaluated on the server. If native |
| 3945 | ** Tcl integration is also enabled, this setting has the |
| 3946 | ** potential to allow anybody with check-in privileges to |
| 3947 | ** do almost anything that the associated operating system |
| @@ -3994,11 +3994,11 @@ | |
| 3994 | ** of a "fossil clone" or "fossil sync" command. The |
| 3995 | ** default is false, in which case the -u option is |
| 3996 | ** needed to clone or sync unversioned files. |
| 3997 | */ |
| 3998 | /* |
| 3999 | ** SETTING: web-browser width=30 |
| 4000 | ** A shell command used to launch your preferred |
| 4001 | ** web browser when given a URL as an argument. |
| 4002 | ** Defaults to "start" on windows, "open" on Mac, |
| 4003 | ** and "firefox" on Unix. |
| 4004 | */ |
| 4005 |
| --- src/db.c | |
| +++ src/db.c | |
| @@ -3464,11 +3464,11 @@ | |
| 3464 | ** |
| 3465 | ** When the admin-log setting is enabled, configuration changes are recorded |
| 3466 | ** in the "admin_log" table of the repository. |
| 3467 | */ |
| 3468 | /* |
| 3469 | ** SETTING: allow-symlinks boolean default=off sensitive |
| 3470 | ** |
| 3471 | ** When allow-symlinks is OFF (which is the default and recommended setting) |
| 3472 | ** symbolic links a treated like text files that contain a single line of |
| 3473 | ** content which is the name of their target. If allow-symlinks is ON, |
| 3474 | ** the symbolic links are actually followed. |
| @@ -3532,11 +3532,11 @@ | |
| 3532 | ** there is no cron job periodically running "fossil backoffice", |
| 3533 | ** email notifications and other work normally done by the |
| 3534 | ** backoffice will not occur. |
| 3535 | */ |
| 3536 | /* |
| 3537 | ** SETTING: backoffice-logfile width=40 sensitive |
| 3538 | ** If backoffice-logfile is not an empty string and is a valid |
| 3539 | ** filename, then a one-line message is appended to that file |
| 3540 | ** every time the backoffice runs. This can be used for debugging, |
| 3541 | ** to ensure that backoffice is running appropriately. |
| 3542 | */ |
| @@ -3609,11 +3609,11 @@ | |
| 3609 | /* |
| 3610 | ** SETTING: crnl-glob width=40 versionable block-text |
| 3611 | ** This is an alias for the crlf-glob setting. |
| 3612 | */ |
| 3613 | /* |
| 3614 | ** SETTING: default-perms width=16 default=u sensitive |
| 3615 | ** Permissions given automatically to new users. For more |
| 3616 | ** information on permissions see the Users page in Server |
| 3617 | ** Administration of the HTTP UI. |
| 3618 | */ |
| 3619 | /* |
| @@ -3621,11 +3621,11 @@ | |
| 3621 | ** If enabled, permit files that may be binary |
| 3622 | ** or that match the "binary-glob" setting to be used with |
| 3623 | ** external diff programs. If disabled, skip these files. |
| 3624 | */ |
| 3625 | /* |
| 3626 | ** SETTING: diff-command width=40 sensitive |
| 3627 | ** The value is an external command to run when performing a diff. |
| 3628 | ** If undefined, the internal text diff will be used. |
| 3629 | */ |
| 3630 | /* |
| 3631 | ** SETTING: dont-push boolean default=off |
| @@ -3636,11 +3636,11 @@ | |
| 3636 | /* |
| 3637 | ** SETTING: dotfiles boolean versionable default=off |
| 3638 | ** If enabled, include --dotfiles option for all compatible commands. |
| 3639 | */ |
| 3640 | /* |
| 3641 | ** SETTING: editor width=32 sensitive |
| 3642 | ** The value is an external command that will launch the |
| 3643 | ** text editor command used for check-in comments. |
| 3644 | */ |
| 3645 | /* |
| 3646 | ** SETTING: empty-dirs width=40 versionable block-text |
| @@ -3679,16 +3679,16 @@ | |
| 3679 | ** An empty list prohibits editing via that page. Note that |
| 3680 | ** it cannot edit binary files, so the list should not |
| 3681 | ** contain any globs for, e.g., images or PDFs. |
| 3682 | */ |
| 3683 | /* |
| 3684 | ** SETTING: gdiff-command width=40 default=gdiff sensitive |
| 3685 | ** The value is an external command to run when performing a graphical |
| 3686 | ** diff. If undefined, text diff will be used. |
| 3687 | */ |
| 3688 | /* |
| 3689 | ** SETTING: gmerge-command width=40 sensitive |
| 3690 | ** The value is a graphical merge conflict resolver command operating |
| 3691 | ** on four files. Examples: |
| 3692 | ** |
| 3693 | ** kdiff3 "%baseline" "%original" "%merge" -o "%output" |
| 3694 | ** xxdiff "%original" "%baseline" "%merge" -M "%output" |
| @@ -3819,11 +3819,11 @@ | |
| 3819 | ** the associated files within the checkout -AND- the "rm" |
| 3820 | ** and "delete" commands will also remove the associated |
| 3821 | ** files from within the checkout. |
| 3822 | */ |
| 3823 | /* |
| 3824 | ** SETTING: pgp-command width=40 sensitive |
| 3825 | ** Command used to clear-sign manifests at check-in. |
| 3826 | ** Default value is "gpg --clearsign -o" |
| 3827 | */ |
| 3828 | /* |
| 3829 | ** SETTING: forbid-delta-manifests boolean default=off |
| @@ -3879,22 +3879,22 @@ | |
| 3879 | ** |
| 3880 | ** If repolist-skin has a value of 2, then the repository is omitted from |
| 3881 | ** the list in use cases 1 through 4, but not for 5 and 6. |
| 3882 | */ |
| 3883 | /* |
| 3884 | ** SETTING: self-register boolean default=off sensitive |
| 3885 | ** Allow users to register themselves through the HTTP UI. |
| 3886 | ** This is useful if you want to see other names than |
| 3887 | ** "Anonymous" in e.g. ticketing system. On the other hand |
| 3888 | ** users can not be deleted. |
| 3889 | */ |
| 3890 | /* |
| 3891 | ** SETTING: ssh-command width=40 sensitive |
| 3892 | ** The command used to talk to a remote machine with the "ssh://" protocol. |
| 3893 | */ |
| 3894 | /* |
| 3895 | ** SETTING: ssl-ca-location width=40 sensitive |
| 3896 | ** The full pathname to a file containing PEM encoded |
| 3897 | ** CA root certificates, or a directory of certificates |
| 3898 | ** with filenames formed from the certificate hashes as |
| 3899 | ** required by OpenSSL. |
| 3900 | ** |
| @@ -3904,11 +3904,11 @@ | |
| 3904 | ** Checking your platform behaviour is required if the |
| 3905 | ** exact contents of the CA root is critical for your |
| 3906 | ** application. |
| 3907 | */ |
| 3908 | /* |
| 3909 | ** SETTING: ssl-identity width=40 sensitive |
| 3910 | ** The full pathname to a file containing a certificate |
| 3911 | ** and private key in PEM format. Create by concatenating |
| 3912 | ** the certificate and private key files. |
| 3913 | ** |
| 3914 | ** This identity will be presented to SSL servers to |
| @@ -3915,33 +3915,33 @@ | |
| 3915 | ** authenticate this client, in addition to the normal |
| 3916 | ** password authentication. |
| 3917 | */ |
| 3918 | #ifdef FOSSIL_ENABLE_TCL |
| 3919 | /* |
| 3920 | ** SETTING: tcl boolean default=off sensitive |
| 3921 | ** If enabled Tcl integration commands will be added to the TH1 |
| 3922 | ** interpreter, allowing arbitrary Tcl expressions and |
| 3923 | ** scripts to be evaluated from TH1. Additionally, the Tcl |
| 3924 | ** interpreter will be able to evaluate arbitrary TH1 |
| 3925 | ** expressions and scripts. |
| 3926 | */ |
| 3927 | /* |
| 3928 | ** SETTING: tcl-setup width=40 block-text sensitive |
| 3929 | ** This is the setup script to be evaluated after creating |
| 3930 | ** and initializing the Tcl interpreter. By default, this |
| 3931 | ** is empty and no extra setup is performed. |
| 3932 | */ |
| 3933 | #endif /* FOSSIL_ENABLE_TCL */ |
| 3934 | /* |
| 3935 | ** SETTING: tclsh width=80 default=tclsh sensitive |
| 3936 | ** Name of the external TCL interpreter used for such things |
| 3937 | ** as running the GUI diff viewer launched by the --tk option |
| 3938 | ** of the various "diff" commands. |
| 3939 | */ |
| 3940 | #ifdef FOSSIL_ENABLE_TH1_DOCS |
| 3941 | /* |
| 3942 | ** SETTING: th1-docs boolean default=off sensitive |
| 3943 | ** If enabled, this allows embedded documentation files to contain |
| 3944 | ** arbitrary TH1 scripts that are evaluated on the server. If native |
| 3945 | ** Tcl integration is also enabled, this setting has the |
| 3946 | ** potential to allow anybody with check-in privileges to |
| 3947 | ** do almost anything that the associated operating system |
| @@ -3994,11 +3994,11 @@ | |
| 3994 | ** of a "fossil clone" or "fossil sync" command. The |
| 3995 | ** default is false, in which case the -u option is |
| 3996 | ** needed to clone or sync unversioned files. |
| 3997 | */ |
| 3998 | /* |
| 3999 | ** SETTING: web-browser width=30 sensitive |
| 4000 | ** A shell command used to launch your preferred |
| 4001 | ** web browser when given a URL as an argument. |
| 4002 | ** Defaults to "start" on windows, "open" on Mac, |
| 4003 | ** and "firefox" on Unix. |
| 4004 | */ |
| 4005 |
M
src/db.c
+17
-17
| --- src/db.c | ||
| +++ src/db.c | ||
| @@ -3464,11 +3464,11 @@ | ||
| 3464 | 3464 | ** |
| 3465 | 3465 | ** When the admin-log setting is enabled, configuration changes are recorded |
| 3466 | 3466 | ** in the "admin_log" table of the repository. |
| 3467 | 3467 | */ |
| 3468 | 3468 | /* |
| 3469 | -** SETTING: allow-symlinks boolean default=off | |
| 3469 | +** SETTING: allow-symlinks boolean default=off sensitive | |
| 3470 | 3470 | ** |
| 3471 | 3471 | ** When allow-symlinks is OFF (which is the default and recommended setting) |
| 3472 | 3472 | ** symbolic links a treated like text files that contain a single line of |
| 3473 | 3473 | ** content which is the name of their target. If allow-symlinks is ON, |
| 3474 | 3474 | ** the symbolic links are actually followed. |
| @@ -3532,11 +3532,11 @@ | ||
| 3532 | 3532 | ** there is no cron job periodically running "fossil backoffice", |
| 3533 | 3533 | ** email notifications and other work normally done by the |
| 3534 | 3534 | ** backoffice will not occur. |
| 3535 | 3535 | */ |
| 3536 | 3536 | /* |
| 3537 | -** SETTING: backoffice-logfile width=40 | |
| 3537 | +** SETTING: backoffice-logfile width=40 sensitive | |
| 3538 | 3538 | ** If backoffice-logfile is not an empty string and is a valid |
| 3539 | 3539 | ** filename, then a one-line message is appended to that file |
| 3540 | 3540 | ** every time the backoffice runs. This can be used for debugging, |
| 3541 | 3541 | ** to ensure that backoffice is running appropriately. |
| 3542 | 3542 | */ |
| @@ -3609,11 +3609,11 @@ | ||
| 3609 | 3609 | /* |
| 3610 | 3610 | ** SETTING: crnl-glob width=40 versionable block-text |
| 3611 | 3611 | ** This is an alias for the crlf-glob setting. |
| 3612 | 3612 | */ |
| 3613 | 3613 | /* |
| 3614 | -** SETTING: default-perms width=16 default=u | |
| 3614 | +** SETTING: default-perms width=16 default=u sensitive | |
| 3615 | 3615 | ** Permissions given automatically to new users. For more |
| 3616 | 3616 | ** information on permissions see the Users page in Server |
| 3617 | 3617 | ** Administration of the HTTP UI. |
| 3618 | 3618 | */ |
| 3619 | 3619 | /* |
| @@ -3621,11 +3621,11 @@ | ||
| 3621 | 3621 | ** If enabled, permit files that may be binary |
| 3622 | 3622 | ** or that match the "binary-glob" setting to be used with |
| 3623 | 3623 | ** external diff programs. If disabled, skip these files. |
| 3624 | 3624 | */ |
| 3625 | 3625 | /* |
| 3626 | -** SETTING: diff-command width=40 | |
| 3626 | +** SETTING: diff-command width=40 sensitive | |
| 3627 | 3627 | ** The value is an external command to run when performing a diff. |
| 3628 | 3628 | ** If undefined, the internal text diff will be used. |
| 3629 | 3629 | */ |
| 3630 | 3630 | /* |
| 3631 | 3631 | ** SETTING: dont-push boolean default=off |
| @@ -3636,11 +3636,11 @@ | ||
| 3636 | 3636 | /* |
| 3637 | 3637 | ** SETTING: dotfiles boolean versionable default=off |
| 3638 | 3638 | ** If enabled, include --dotfiles option for all compatible commands. |
| 3639 | 3639 | */ |
| 3640 | 3640 | /* |
| 3641 | -** SETTING: editor width=32 | |
| 3641 | +** SETTING: editor width=32 sensitive | |
| 3642 | 3642 | ** The value is an external command that will launch the |
| 3643 | 3643 | ** text editor command used for check-in comments. |
| 3644 | 3644 | */ |
| 3645 | 3645 | /* |
| 3646 | 3646 | ** SETTING: empty-dirs width=40 versionable block-text |
| @@ -3679,16 +3679,16 @@ | ||
| 3679 | 3679 | ** An empty list prohibits editing via that page. Note that |
| 3680 | 3680 | ** it cannot edit binary files, so the list should not |
| 3681 | 3681 | ** contain any globs for, e.g., images or PDFs. |
| 3682 | 3682 | */ |
| 3683 | 3683 | /* |
| 3684 | -** SETTING: gdiff-command width=40 default=gdiff | |
| 3684 | +** SETTING: gdiff-command width=40 default=gdiff sensitive | |
| 3685 | 3685 | ** The value is an external command to run when performing a graphical |
| 3686 | 3686 | ** diff. If undefined, text diff will be used. |
| 3687 | 3687 | */ |
| 3688 | 3688 | /* |
| 3689 | -** SETTING: gmerge-command width=40 | |
| 3689 | +** SETTING: gmerge-command width=40 sensitive | |
| 3690 | 3690 | ** The value is a graphical merge conflict resolver command operating |
| 3691 | 3691 | ** on four files. Examples: |
| 3692 | 3692 | ** |
| 3693 | 3693 | ** kdiff3 "%baseline" "%original" "%merge" -o "%output" |
| 3694 | 3694 | ** xxdiff "%original" "%baseline" "%merge" -M "%output" |
| @@ -3819,11 +3819,11 @@ | ||
| 3819 | 3819 | ** the associated files within the checkout -AND- the "rm" |
| 3820 | 3820 | ** and "delete" commands will also remove the associated |
| 3821 | 3821 | ** files from within the checkout. |
| 3822 | 3822 | */ |
| 3823 | 3823 | /* |
| 3824 | -** SETTING: pgp-command width=40 | |
| 3824 | +** SETTING: pgp-command width=40 sensitive | |
| 3825 | 3825 | ** Command used to clear-sign manifests at check-in. |
| 3826 | 3826 | ** Default value is "gpg --clearsign -o" |
| 3827 | 3827 | */ |
| 3828 | 3828 | /* |
| 3829 | 3829 | ** SETTING: forbid-delta-manifests boolean default=off |
| @@ -3879,22 +3879,22 @@ | ||
| 3879 | 3879 | ** |
| 3880 | 3880 | ** If repolist-skin has a value of 2, then the repository is omitted from |
| 3881 | 3881 | ** the list in use cases 1 through 4, but not for 5 and 6. |
| 3882 | 3882 | */ |
| 3883 | 3883 | /* |
| 3884 | -** SETTING: self-register boolean default=off | |
| 3884 | +** SETTING: self-register boolean default=off sensitive | |
| 3885 | 3885 | ** Allow users to register themselves through the HTTP UI. |
| 3886 | 3886 | ** This is useful if you want to see other names than |
| 3887 | 3887 | ** "Anonymous" in e.g. ticketing system. On the other hand |
| 3888 | 3888 | ** users can not be deleted. |
| 3889 | 3889 | */ |
| 3890 | 3890 | /* |
| 3891 | -** SETTING: ssh-command width=40 | |
| 3891 | +** SETTING: ssh-command width=40 sensitive | |
| 3892 | 3892 | ** The command used to talk to a remote machine with the "ssh://" protocol. |
| 3893 | 3893 | */ |
| 3894 | 3894 | /* |
| 3895 | -** SETTING: ssl-ca-location width=40 | |
| 3895 | +** SETTING: ssl-ca-location width=40 sensitive | |
| 3896 | 3896 | ** The full pathname to a file containing PEM encoded |
| 3897 | 3897 | ** CA root certificates, or a directory of certificates |
| 3898 | 3898 | ** with filenames formed from the certificate hashes as |
| 3899 | 3899 | ** required by OpenSSL. |
| 3900 | 3900 | ** |
| @@ -3904,11 +3904,11 @@ | ||
| 3904 | 3904 | ** Checking your platform behaviour is required if the |
| 3905 | 3905 | ** exact contents of the CA root is critical for your |
| 3906 | 3906 | ** application. |
| 3907 | 3907 | */ |
| 3908 | 3908 | /* |
| 3909 | -** SETTING: ssl-identity width=40 | |
| 3909 | +** SETTING: ssl-identity width=40 sensitive | |
| 3910 | 3910 | ** The full pathname to a file containing a certificate |
| 3911 | 3911 | ** and private key in PEM format. Create by concatenating |
| 3912 | 3912 | ** the certificate and private key files. |
| 3913 | 3913 | ** |
| 3914 | 3914 | ** This identity will be presented to SSL servers to |
| @@ -3915,33 +3915,33 @@ | ||
| 3915 | 3915 | ** authenticate this client, in addition to the normal |
| 3916 | 3916 | ** password authentication. |
| 3917 | 3917 | */ |
| 3918 | 3918 | #ifdef FOSSIL_ENABLE_TCL |
| 3919 | 3919 | /* |
| 3920 | -** SETTING: tcl boolean default=off | |
| 3920 | +** SETTING: tcl boolean default=off sensitive | |
| 3921 | 3921 | ** If enabled Tcl integration commands will be added to the TH1 |
| 3922 | 3922 | ** interpreter, allowing arbitrary Tcl expressions and |
| 3923 | 3923 | ** scripts to be evaluated from TH1. Additionally, the Tcl |
| 3924 | 3924 | ** interpreter will be able to evaluate arbitrary TH1 |
| 3925 | 3925 | ** expressions and scripts. |
| 3926 | 3926 | */ |
| 3927 | 3927 | /* |
| 3928 | -** SETTING: tcl-setup width=40 block-text | |
| 3928 | +** SETTING: tcl-setup width=40 block-text sensitive | |
| 3929 | 3929 | ** This is the setup script to be evaluated after creating |
| 3930 | 3930 | ** and initializing the Tcl interpreter. By default, this |
| 3931 | 3931 | ** is empty and no extra setup is performed. |
| 3932 | 3932 | */ |
| 3933 | 3933 | #endif /* FOSSIL_ENABLE_TCL */ |
| 3934 | 3934 | /* |
| 3935 | -** SETTING: tclsh width=80 default=tclsh | |
| 3935 | +** SETTING: tclsh width=80 default=tclsh sensitive | |
| 3936 | 3936 | ** Name of the external TCL interpreter used for such things |
| 3937 | 3937 | ** as running the GUI diff viewer launched by the --tk option |
| 3938 | 3938 | ** of the various "diff" commands. |
| 3939 | 3939 | */ |
| 3940 | 3940 | #ifdef FOSSIL_ENABLE_TH1_DOCS |
| 3941 | 3941 | /* |
| 3942 | -** SETTING: th1-docs boolean default=off | |
| 3942 | +** SETTING: th1-docs boolean default=off sensitive | |
| 3943 | 3943 | ** If enabled, this allows embedded documentation files to contain |
| 3944 | 3944 | ** arbitrary TH1 scripts that are evaluated on the server. If native |
| 3945 | 3945 | ** Tcl integration is also enabled, this setting has the |
| 3946 | 3946 | ** potential to allow anybody with check-in privileges to |
| 3947 | 3947 | ** do almost anything that the associated operating system |
| @@ -3994,11 +3994,11 @@ | ||
| 3994 | 3994 | ** of a "fossil clone" or "fossil sync" command. The |
| 3995 | 3995 | ** default is false, in which case the -u option is |
| 3996 | 3996 | ** needed to clone or sync unversioned files. |
| 3997 | 3997 | */ |
| 3998 | 3998 | /* |
| 3999 | -** SETTING: web-browser width=30 | |
| 3999 | +** SETTING: web-browser width=30 sensitive | |
| 4000 | 4000 | ** A shell command used to launch your preferred |
| 4001 | 4001 | ** web browser when given a URL as an argument. |
| 4002 | 4002 | ** Defaults to "start" on windows, "open" on Mac, |
| 4003 | 4003 | ** and "firefox" on Unix. |
| 4004 | 4004 | */ |
| 4005 | 4005 |
| --- src/db.c | |
| +++ src/db.c | |
| @@ -3464,11 +3464,11 @@ | |
| 3464 | ** |
| 3465 | ** When the admin-log setting is enabled, configuration changes are recorded |
| 3466 | ** in the "admin_log" table of the repository. |
| 3467 | */ |
| 3468 | /* |
| 3469 | ** SETTING: allow-symlinks boolean default=off |
| 3470 | ** |
| 3471 | ** When allow-symlinks is OFF (which is the default and recommended setting) |
| 3472 | ** symbolic links a treated like text files that contain a single line of |
| 3473 | ** content which is the name of their target. If allow-symlinks is ON, |
| 3474 | ** the symbolic links are actually followed. |
| @@ -3532,11 +3532,11 @@ | |
| 3532 | ** there is no cron job periodically running "fossil backoffice", |
| 3533 | ** email notifications and other work normally done by the |
| 3534 | ** backoffice will not occur. |
| 3535 | */ |
| 3536 | /* |
| 3537 | ** SETTING: backoffice-logfile width=40 |
| 3538 | ** If backoffice-logfile is not an empty string and is a valid |
| 3539 | ** filename, then a one-line message is appended to that file |
| 3540 | ** every time the backoffice runs. This can be used for debugging, |
| 3541 | ** to ensure that backoffice is running appropriately. |
| 3542 | */ |
| @@ -3609,11 +3609,11 @@ | |
| 3609 | /* |
| 3610 | ** SETTING: crnl-glob width=40 versionable block-text |
| 3611 | ** This is an alias for the crlf-glob setting. |
| 3612 | */ |
| 3613 | /* |
| 3614 | ** SETTING: default-perms width=16 default=u |
| 3615 | ** Permissions given automatically to new users. For more |
| 3616 | ** information on permissions see the Users page in Server |
| 3617 | ** Administration of the HTTP UI. |
| 3618 | */ |
| 3619 | /* |
| @@ -3621,11 +3621,11 @@ | |
| 3621 | ** If enabled, permit files that may be binary |
| 3622 | ** or that match the "binary-glob" setting to be used with |
| 3623 | ** external diff programs. If disabled, skip these files. |
| 3624 | */ |
| 3625 | /* |
| 3626 | ** SETTING: diff-command width=40 |
| 3627 | ** The value is an external command to run when performing a diff. |
| 3628 | ** If undefined, the internal text diff will be used. |
| 3629 | */ |
| 3630 | /* |
| 3631 | ** SETTING: dont-push boolean default=off |
| @@ -3636,11 +3636,11 @@ | |
| 3636 | /* |
| 3637 | ** SETTING: dotfiles boolean versionable default=off |
| 3638 | ** If enabled, include --dotfiles option for all compatible commands. |
| 3639 | */ |
| 3640 | /* |
| 3641 | ** SETTING: editor width=32 |
| 3642 | ** The value is an external command that will launch the |
| 3643 | ** text editor command used for check-in comments. |
| 3644 | */ |
| 3645 | /* |
| 3646 | ** SETTING: empty-dirs width=40 versionable block-text |
| @@ -3679,16 +3679,16 @@ | |
| 3679 | ** An empty list prohibits editing via that page. Note that |
| 3680 | ** it cannot edit binary files, so the list should not |
| 3681 | ** contain any globs for, e.g., images or PDFs. |
| 3682 | */ |
| 3683 | /* |
| 3684 | ** SETTING: gdiff-command width=40 default=gdiff |
| 3685 | ** The value is an external command to run when performing a graphical |
| 3686 | ** diff. If undefined, text diff will be used. |
| 3687 | */ |
| 3688 | /* |
| 3689 | ** SETTING: gmerge-command width=40 |
| 3690 | ** The value is a graphical merge conflict resolver command operating |
| 3691 | ** on four files. Examples: |
| 3692 | ** |
| 3693 | ** kdiff3 "%baseline" "%original" "%merge" -o "%output" |
| 3694 | ** xxdiff "%original" "%baseline" "%merge" -M "%output" |
| @@ -3819,11 +3819,11 @@ | |
| 3819 | ** the associated files within the checkout -AND- the "rm" |
| 3820 | ** and "delete" commands will also remove the associated |
| 3821 | ** files from within the checkout. |
| 3822 | */ |
| 3823 | /* |
| 3824 | ** SETTING: pgp-command width=40 |
| 3825 | ** Command used to clear-sign manifests at check-in. |
| 3826 | ** Default value is "gpg --clearsign -o" |
| 3827 | */ |
| 3828 | /* |
| 3829 | ** SETTING: forbid-delta-manifests boolean default=off |
| @@ -3879,22 +3879,22 @@ | |
| 3879 | ** |
| 3880 | ** If repolist-skin has a value of 2, then the repository is omitted from |
| 3881 | ** the list in use cases 1 through 4, but not for 5 and 6. |
| 3882 | */ |
| 3883 | /* |
| 3884 | ** SETTING: self-register boolean default=off |
| 3885 | ** Allow users to register themselves through the HTTP UI. |
| 3886 | ** This is useful if you want to see other names than |
| 3887 | ** "Anonymous" in e.g. ticketing system. On the other hand |
| 3888 | ** users can not be deleted. |
| 3889 | */ |
| 3890 | /* |
| 3891 | ** SETTING: ssh-command width=40 |
| 3892 | ** The command used to talk to a remote machine with the "ssh://" protocol. |
| 3893 | */ |
| 3894 | /* |
| 3895 | ** SETTING: ssl-ca-location width=40 |
| 3896 | ** The full pathname to a file containing PEM encoded |
| 3897 | ** CA root certificates, or a directory of certificates |
| 3898 | ** with filenames formed from the certificate hashes as |
| 3899 | ** required by OpenSSL. |
| 3900 | ** |
| @@ -3904,11 +3904,11 @@ | |
| 3904 | ** Checking your platform behaviour is required if the |
| 3905 | ** exact contents of the CA root is critical for your |
| 3906 | ** application. |
| 3907 | */ |
| 3908 | /* |
| 3909 | ** SETTING: ssl-identity width=40 |
| 3910 | ** The full pathname to a file containing a certificate |
| 3911 | ** and private key in PEM format. Create by concatenating |
| 3912 | ** the certificate and private key files. |
| 3913 | ** |
| 3914 | ** This identity will be presented to SSL servers to |
| @@ -3915,33 +3915,33 @@ | |
| 3915 | ** authenticate this client, in addition to the normal |
| 3916 | ** password authentication. |
| 3917 | */ |
| 3918 | #ifdef FOSSIL_ENABLE_TCL |
| 3919 | /* |
| 3920 | ** SETTING: tcl boolean default=off |
| 3921 | ** If enabled Tcl integration commands will be added to the TH1 |
| 3922 | ** interpreter, allowing arbitrary Tcl expressions and |
| 3923 | ** scripts to be evaluated from TH1. Additionally, the Tcl |
| 3924 | ** interpreter will be able to evaluate arbitrary TH1 |
| 3925 | ** expressions and scripts. |
| 3926 | */ |
| 3927 | /* |
| 3928 | ** SETTING: tcl-setup width=40 block-text |
| 3929 | ** This is the setup script to be evaluated after creating |
| 3930 | ** and initializing the Tcl interpreter. By default, this |
| 3931 | ** is empty and no extra setup is performed. |
| 3932 | */ |
| 3933 | #endif /* FOSSIL_ENABLE_TCL */ |
| 3934 | /* |
| 3935 | ** SETTING: tclsh width=80 default=tclsh |
| 3936 | ** Name of the external TCL interpreter used for such things |
| 3937 | ** as running the GUI diff viewer launched by the --tk option |
| 3938 | ** of the various "diff" commands. |
| 3939 | */ |
| 3940 | #ifdef FOSSIL_ENABLE_TH1_DOCS |
| 3941 | /* |
| 3942 | ** SETTING: th1-docs boolean default=off |
| 3943 | ** If enabled, this allows embedded documentation files to contain |
| 3944 | ** arbitrary TH1 scripts that are evaluated on the server. If native |
| 3945 | ** Tcl integration is also enabled, this setting has the |
| 3946 | ** potential to allow anybody with check-in privileges to |
| 3947 | ** do almost anything that the associated operating system |
| @@ -3994,11 +3994,11 @@ | |
| 3994 | ** of a "fossil clone" or "fossil sync" command. The |
| 3995 | ** default is false, in which case the -u option is |
| 3996 | ** needed to clone or sync unversioned files. |
| 3997 | */ |
| 3998 | /* |
| 3999 | ** SETTING: web-browser width=30 |
| 4000 | ** A shell command used to launch your preferred |
| 4001 | ** web browser when given a URL as an argument. |
| 4002 | ** Defaults to "start" on windows, "open" on Mac, |
| 4003 | ** and "firefox" on Unix. |
| 4004 | */ |
| 4005 |
| --- src/db.c | |
| +++ src/db.c | |
| @@ -3464,11 +3464,11 @@ | |
| 3464 | ** |
| 3465 | ** When the admin-log setting is enabled, configuration changes are recorded |
| 3466 | ** in the "admin_log" table of the repository. |
| 3467 | */ |
| 3468 | /* |
| 3469 | ** SETTING: allow-symlinks boolean default=off sensitive |
| 3470 | ** |
| 3471 | ** When allow-symlinks is OFF (which is the default and recommended setting) |
| 3472 | ** symbolic links a treated like text files that contain a single line of |
| 3473 | ** content which is the name of their target. If allow-symlinks is ON, |
| 3474 | ** the symbolic links are actually followed. |
| @@ -3532,11 +3532,11 @@ | |
| 3532 | ** there is no cron job periodically running "fossil backoffice", |
| 3533 | ** email notifications and other work normally done by the |
| 3534 | ** backoffice will not occur. |
| 3535 | */ |
| 3536 | /* |
| 3537 | ** SETTING: backoffice-logfile width=40 sensitive |
| 3538 | ** If backoffice-logfile is not an empty string and is a valid |
| 3539 | ** filename, then a one-line message is appended to that file |
| 3540 | ** every time the backoffice runs. This can be used for debugging, |
| 3541 | ** to ensure that backoffice is running appropriately. |
| 3542 | */ |
| @@ -3609,11 +3609,11 @@ | |
| 3609 | /* |
| 3610 | ** SETTING: crnl-glob width=40 versionable block-text |
| 3611 | ** This is an alias for the crlf-glob setting. |
| 3612 | */ |
| 3613 | /* |
| 3614 | ** SETTING: default-perms width=16 default=u sensitive |
| 3615 | ** Permissions given automatically to new users. For more |
| 3616 | ** information on permissions see the Users page in Server |
| 3617 | ** Administration of the HTTP UI. |
| 3618 | */ |
| 3619 | /* |
| @@ -3621,11 +3621,11 @@ | |
| 3621 | ** If enabled, permit files that may be binary |
| 3622 | ** or that match the "binary-glob" setting to be used with |
| 3623 | ** external diff programs. If disabled, skip these files. |
| 3624 | */ |
| 3625 | /* |
| 3626 | ** SETTING: diff-command width=40 sensitive |
| 3627 | ** The value is an external command to run when performing a diff. |
| 3628 | ** If undefined, the internal text diff will be used. |
| 3629 | */ |
| 3630 | /* |
| 3631 | ** SETTING: dont-push boolean default=off |
| @@ -3636,11 +3636,11 @@ | |
| 3636 | /* |
| 3637 | ** SETTING: dotfiles boolean versionable default=off |
| 3638 | ** If enabled, include --dotfiles option for all compatible commands. |
| 3639 | */ |
| 3640 | /* |
| 3641 | ** SETTING: editor width=32 sensitive |
| 3642 | ** The value is an external command that will launch the |
| 3643 | ** text editor command used for check-in comments. |
| 3644 | */ |
| 3645 | /* |
| 3646 | ** SETTING: empty-dirs width=40 versionable block-text |
| @@ -3679,16 +3679,16 @@ | |
| 3679 | ** An empty list prohibits editing via that page. Note that |
| 3680 | ** it cannot edit binary files, so the list should not |
| 3681 | ** contain any globs for, e.g., images or PDFs. |
| 3682 | */ |
| 3683 | /* |
| 3684 | ** SETTING: gdiff-command width=40 default=gdiff sensitive |
| 3685 | ** The value is an external command to run when performing a graphical |
| 3686 | ** diff. If undefined, text diff will be used. |
| 3687 | */ |
| 3688 | /* |
| 3689 | ** SETTING: gmerge-command width=40 sensitive |
| 3690 | ** The value is a graphical merge conflict resolver command operating |
| 3691 | ** on four files. Examples: |
| 3692 | ** |
| 3693 | ** kdiff3 "%baseline" "%original" "%merge" -o "%output" |
| 3694 | ** xxdiff "%original" "%baseline" "%merge" -M "%output" |
| @@ -3819,11 +3819,11 @@ | |
| 3819 | ** the associated files within the checkout -AND- the "rm" |
| 3820 | ** and "delete" commands will also remove the associated |
| 3821 | ** files from within the checkout. |
| 3822 | */ |
| 3823 | /* |
| 3824 | ** SETTING: pgp-command width=40 sensitive |
| 3825 | ** Command used to clear-sign manifests at check-in. |
| 3826 | ** Default value is "gpg --clearsign -o" |
| 3827 | */ |
| 3828 | /* |
| 3829 | ** SETTING: forbid-delta-manifests boolean default=off |
| @@ -3879,22 +3879,22 @@ | |
| 3879 | ** |
| 3880 | ** If repolist-skin has a value of 2, then the repository is omitted from |
| 3881 | ** the list in use cases 1 through 4, but not for 5 and 6. |
| 3882 | */ |
| 3883 | /* |
| 3884 | ** SETTING: self-register boolean default=off sensitive |
| 3885 | ** Allow users to register themselves through the HTTP UI. |
| 3886 | ** This is useful if you want to see other names than |
| 3887 | ** "Anonymous" in e.g. ticketing system. On the other hand |
| 3888 | ** users can not be deleted. |
| 3889 | */ |
| 3890 | /* |
| 3891 | ** SETTING: ssh-command width=40 sensitive |
| 3892 | ** The command used to talk to a remote machine with the "ssh://" protocol. |
| 3893 | */ |
| 3894 | /* |
| 3895 | ** SETTING: ssl-ca-location width=40 sensitive |
| 3896 | ** The full pathname to a file containing PEM encoded |
| 3897 | ** CA root certificates, or a directory of certificates |
| 3898 | ** with filenames formed from the certificate hashes as |
| 3899 | ** required by OpenSSL. |
| 3900 | ** |
| @@ -3904,11 +3904,11 @@ | |
| 3904 | ** Checking your platform behaviour is required if the |
| 3905 | ** exact contents of the CA root is critical for your |
| 3906 | ** application. |
| 3907 | */ |
| 3908 | /* |
| 3909 | ** SETTING: ssl-identity width=40 sensitive |
| 3910 | ** The full pathname to a file containing a certificate |
| 3911 | ** and private key in PEM format. Create by concatenating |
| 3912 | ** the certificate and private key files. |
| 3913 | ** |
| 3914 | ** This identity will be presented to SSL servers to |
| @@ -3915,33 +3915,33 @@ | |
| 3915 | ** authenticate this client, in addition to the normal |
| 3916 | ** password authentication. |
| 3917 | */ |
| 3918 | #ifdef FOSSIL_ENABLE_TCL |
| 3919 | /* |
| 3920 | ** SETTING: tcl boolean default=off sensitive |
| 3921 | ** If enabled Tcl integration commands will be added to the TH1 |
| 3922 | ** interpreter, allowing arbitrary Tcl expressions and |
| 3923 | ** scripts to be evaluated from TH1. Additionally, the Tcl |
| 3924 | ** interpreter will be able to evaluate arbitrary TH1 |
| 3925 | ** expressions and scripts. |
| 3926 | */ |
| 3927 | /* |
| 3928 | ** SETTING: tcl-setup width=40 block-text sensitive |
| 3929 | ** This is the setup script to be evaluated after creating |
| 3930 | ** and initializing the Tcl interpreter. By default, this |
| 3931 | ** is empty and no extra setup is performed. |
| 3932 | */ |
| 3933 | #endif /* FOSSIL_ENABLE_TCL */ |
| 3934 | /* |
| 3935 | ** SETTING: tclsh width=80 default=tclsh sensitive |
| 3936 | ** Name of the external TCL interpreter used for such things |
| 3937 | ** as running the GUI diff viewer launched by the --tk option |
| 3938 | ** of the various "diff" commands. |
| 3939 | */ |
| 3940 | #ifdef FOSSIL_ENABLE_TH1_DOCS |
| 3941 | /* |
| 3942 | ** SETTING: th1-docs boolean default=off sensitive |
| 3943 | ** If enabled, this allows embedded documentation files to contain |
| 3944 | ** arbitrary TH1 scripts that are evaluated on the server. If native |
| 3945 | ** Tcl integration is also enabled, this setting has the |
| 3946 | ** potential to allow anybody with check-in privileges to |
| 3947 | ** do almost anything that the associated operating system |
| @@ -3994,11 +3994,11 @@ | |
| 3994 | ** of a "fossil clone" or "fossil sync" command. The |
| 3995 | ** default is false, in which case the -u option is |
| 3996 | ** needed to clone or sync unversioned files. |
| 3997 | */ |
| 3998 | /* |
| 3999 | ** SETTING: web-browser width=30 sensitive |
| 4000 | ** A shell command used to launch your preferred |
| 4001 | ** web browser when given a URL as an argument. |
| 4002 | ** Defaults to "start" on windows, "open" on Mac, |
| 4003 | ** and "firefox" on Unix. |
| 4004 | */ |
| 4005 |
+3
| --- src/mkindex.c | ||
| +++ src/mkindex.c | ||
| @@ -90,10 +90,11 @@ | ||
| 90 | 90 | #define CMDFLAG_SETTING 0x0020 /* A setting */ |
| 91 | 91 | #define CMDFLAG_VERSIONABLE 0x0040 /* A versionable setting */ |
| 92 | 92 | #define CMDFLAG_BLOCKTEXT 0x0080 /* Multi-line text setting */ |
| 93 | 93 | #define CMDFLAG_BOOLEAN 0x0100 /* A boolean setting */ |
| 94 | 94 | #define CMDFLAG_RAWCONTENT 0x0200 /* Do not interpret webpage content */ |
| 95 | +#define CMDFLAG_SENSITIVE 0x0400 /* Security-sensitive setting */ | |
| 95 | 96 | /**************************************************************************/ |
| 96 | 97 | |
| 97 | 98 | /* |
| 98 | 99 | ** Each entry looks like this: |
| 99 | 100 | */ |
| @@ -248,10 +249,12 @@ | ||
| 248 | 249 | }else if( j==10 && strncmp(&zLine[i], "block-text", j)==0 ){ |
| 249 | 250 | aEntry[nUsed].eType &= ~(CMDFLAG_BOOLEAN); |
| 250 | 251 | aEntry[nUsed].eType |= CMDFLAG_BLOCKTEXT; |
| 251 | 252 | }else if( j==11 && strncmp(&zLine[i], "versionable", j)==0 ){ |
| 252 | 253 | aEntry[nUsed].eType |= CMDFLAG_VERSIONABLE; |
| 254 | + }else if( j==9 && strncmp(&zLine[i], "sensitive", j)==0 ){ | |
| 255 | + aEntry[nUsed].eType |= CMDFLAG_SENSITIVE; | |
| 253 | 256 | }else if( j>6 && strncmp(&zLine[i], "width=", 6)==0 ){ |
| 254 | 257 | aEntry[nUsed].iWidth = atoi(&zLine[i+6]); |
| 255 | 258 | }else if( j>8 && strncmp(&zLine[i], "default=", 8)==0 ){ |
| 256 | 259 | aEntry[nUsed].zDflt = string_dup(&zLine[i+8], j-8); |
| 257 | 260 | }else if( j>9 && strncmp(&zLine[i], "variable=", 9)==0 ){ |
| 258 | 261 |
| --- src/mkindex.c | |
| +++ src/mkindex.c | |
| @@ -90,10 +90,11 @@ | |
| 90 | #define CMDFLAG_SETTING 0x0020 /* A setting */ |
| 91 | #define CMDFLAG_VERSIONABLE 0x0040 /* A versionable setting */ |
| 92 | #define CMDFLAG_BLOCKTEXT 0x0080 /* Multi-line text setting */ |
| 93 | #define CMDFLAG_BOOLEAN 0x0100 /* A boolean setting */ |
| 94 | #define CMDFLAG_RAWCONTENT 0x0200 /* Do not interpret webpage content */ |
| 95 | /**************************************************************************/ |
| 96 | |
| 97 | /* |
| 98 | ** Each entry looks like this: |
| 99 | */ |
| @@ -248,10 +249,12 @@ | |
| 248 | }else if( j==10 && strncmp(&zLine[i], "block-text", j)==0 ){ |
| 249 | aEntry[nUsed].eType &= ~(CMDFLAG_BOOLEAN); |
| 250 | aEntry[nUsed].eType |= CMDFLAG_BLOCKTEXT; |
| 251 | }else if( j==11 && strncmp(&zLine[i], "versionable", j)==0 ){ |
| 252 | aEntry[nUsed].eType |= CMDFLAG_VERSIONABLE; |
| 253 | }else if( j>6 && strncmp(&zLine[i], "width=", 6)==0 ){ |
| 254 | aEntry[nUsed].iWidth = atoi(&zLine[i+6]); |
| 255 | }else if( j>8 && strncmp(&zLine[i], "default=", 8)==0 ){ |
| 256 | aEntry[nUsed].zDflt = string_dup(&zLine[i+8], j-8); |
| 257 | }else if( j>9 && strncmp(&zLine[i], "variable=", 9)==0 ){ |
| 258 |
| --- src/mkindex.c | |
| +++ src/mkindex.c | |
| @@ -90,10 +90,11 @@ | |
| 90 | #define CMDFLAG_SETTING 0x0020 /* A setting */ |
| 91 | #define CMDFLAG_VERSIONABLE 0x0040 /* A versionable setting */ |
| 92 | #define CMDFLAG_BLOCKTEXT 0x0080 /* Multi-line text setting */ |
| 93 | #define CMDFLAG_BOOLEAN 0x0100 /* A boolean setting */ |
| 94 | #define CMDFLAG_RAWCONTENT 0x0200 /* Do not interpret webpage content */ |
| 95 | #define CMDFLAG_SENSITIVE 0x0400 /* Security-sensitive setting */ |
| 96 | /**************************************************************************/ |
| 97 | |
| 98 | /* |
| 99 | ** Each entry looks like this: |
| 100 | */ |
| @@ -248,10 +249,12 @@ | |
| 249 | }else if( j==10 && strncmp(&zLine[i], "block-text", j)==0 ){ |
| 250 | aEntry[nUsed].eType &= ~(CMDFLAG_BOOLEAN); |
| 251 | aEntry[nUsed].eType |= CMDFLAG_BLOCKTEXT; |
| 252 | }else if( j==11 && strncmp(&zLine[i], "versionable", j)==0 ){ |
| 253 | aEntry[nUsed].eType |= CMDFLAG_VERSIONABLE; |
| 254 | }else if( j==9 && strncmp(&zLine[i], "sensitive", j)==0 ){ |
| 255 | aEntry[nUsed].eType |= CMDFLAG_SENSITIVE; |
| 256 | }else if( j>6 && strncmp(&zLine[i], "width=", 6)==0 ){ |
| 257 | aEntry[nUsed].iWidth = atoi(&zLine[i+6]); |
| 258 | }else if( j>8 && strncmp(&zLine[i], "default=", 8)==0 ){ |
| 259 | aEntry[nUsed].zDflt = string_dup(&zLine[i+8], j-8); |
| 260 | }else if( j>9 && strncmp(&zLine[i], "variable=", 9)==0 ){ |
| 261 |