Fossil SCM
For sensitive settings, always explicitly set value and valueSource to null for non-setup users (or if they aren't set), to avoid the possibility of downstream clients perhaps picking up inherited properties in their place, depending on their programming environment.
Commit
451cda04522e59d89d4fd57bbccd37fb4aa48bea46b0137e4b51b4f38522f594
Parent
fd405e956359226…
1 file changed
+46
-48
+46
-48
| --- src/json_config.c | ||
| +++ src/json_config.c | ||
| @@ -261,58 +261,56 @@ | ||
| 261 | 261 | cson_object_set(jSet, "versionable", cson_value_new_bool(pSet->versionable)); |
| 262 | 262 | cson_object_set(jSet, "sensitive", cson_value_new_bool(pSet->sensitive)); |
| 263 | 263 | cson_object_set(jSet, "defaultValue", (pSet->def && pSet->def[0]) |
| 264 | 264 | ? json_new_string(pSet->def) |
| 265 | 265 | : cson_value_null()); |
| 266 | - if( pSet->sensitive && !g.perm.Setup ){ | |
| 267 | - /* Should we also allow non-Setup admins to see these? */ | |
| 268 | - continue; | |
| 269 | - } | |
| 270 | - if( pSet->versionable ){ | |
| 271 | - /* Check to see if this is overridden by a versionable settings file */ | |
| 272 | - Blob versionedPathname; | |
| 273 | - blob_zero(&versionedPathname); | |
| 274 | - if( 0!=zUuid ){ | |
| 275 | - /* Attempt to find a versioned setting stored in the given | |
| 276 | - ** check-in version. */ | |
| 277 | - db_bind_text(&qFoci, ":name", pSet->name); | |
| 278 | - if( SQLITE_ROW==db_step(&qFoci) ){ | |
| 279 | - int frid = fast_uuid_to_rid(db_column_text(&qFoci, 0)); | |
| 280 | - Blob content; | |
| 281 | - blob_zero(&content); | |
| 282 | - if( 0!=content_get(frid, &content) ){ | |
| 283 | - pSrc = json_new_string("versioned"); | |
| 284 | - pVal = json_new_string(blob_str(&content)); | |
| 285 | - } | |
| 286 | - blob_reset(&content); | |
| 287 | - } | |
| 288 | - db_reset(&qFoci); | |
| 289 | - } | |
| 290 | - if( 0==pSrc && g.localOpen ){ | |
| 291 | - /* Pull value from a local .fossil-settings/X file, if one exists. */ | |
| 292 | - blob_appendf(&versionedPathname, "%s.fossil-settings/%s", | |
| 293 | - g.zLocalRoot, pSet->name); | |
| 294 | - if( file_size(blob_str(&versionedPathname), ExtFILE)>=0 ){ | |
| 295 | - Blob content; | |
| 296 | - blob_zero(&content); | |
| 297 | - blob_read_from_file(&content, blob_str(&versionedPathname), ExtFILE); | |
| 298 | - pSrc = json_new_string("versioned"); | |
| 299 | - pVal = json_new_string(blob_str(&content)); | |
| 300 | - blob_reset(&content); | |
| 301 | - } | |
| 302 | - blob_reset(&versionedPathname); | |
| 303 | - } | |
| 304 | - } | |
| 305 | - if( 0==pSrc ){ | |
| 306 | - /* We had no versioned value, so use the value from | |
| 307 | - ** localdb.vvar or repository.config (in that order). */ | |
| 308 | - db_bind_text(&q, ":name", pSet->name); | |
| 309 | - if( SQLITE_ROW==db_step(&q) ){ | |
| 310 | - pSrc = json_new_string(db_column_text(&q, 0)); | |
| 311 | - pVal = json_new_string(db_column_text(&q, 1)); | |
| 312 | - } | |
| 313 | - db_reset(&q); | |
| 266 | + if( 0==pSet->sensitive || 0!=g.perm.Setup ){ | |
| 267 | + if( pSet->versionable ){ | |
| 268 | + /* Check to see if this is overridden by a versionable settings file */ | |
| 269 | + Blob versionedPathname; | |
| 270 | + blob_zero(&versionedPathname); | |
| 271 | + if( 0!=zUuid ){ | |
| 272 | + /* Attempt to find a versioned setting stored in the given | |
| 273 | + ** check-in version. */ | |
| 274 | + db_bind_text(&qFoci, ":name", pSet->name); | |
| 275 | + if( SQLITE_ROW==db_step(&qFoci) ){ | |
| 276 | + int frid = fast_uuid_to_rid(db_column_text(&qFoci, 0)); | |
| 277 | + Blob content; | |
| 278 | + blob_zero(&content); | |
| 279 | + if( 0!=content_get(frid, &content) ){ | |
| 280 | + pSrc = json_new_string("versioned"); | |
| 281 | + pVal = json_new_string(blob_str(&content)); | |
| 282 | + } | |
| 283 | + blob_reset(&content); | |
| 284 | + } | |
| 285 | + db_reset(&qFoci); | |
| 286 | + } | |
| 287 | + if( 0==pSrc && g.localOpen ){ | |
| 288 | + /* Pull value from a local .fossil-settings/X file, if one exists. */ | |
| 289 | + blob_appendf(&versionedPathname, "%s.fossil-settings/%s", | |
| 290 | + g.zLocalRoot, pSet->name); | |
| 291 | + if( file_size(blob_str(&versionedPathname), ExtFILE)>=0 ){ | |
| 292 | + Blob content; | |
| 293 | + blob_zero(&content); | |
| 294 | + blob_read_from_file(&content, blob_str(&versionedPathname), ExtFILE); | |
| 295 | + pSrc = json_new_string("versioned"); | |
| 296 | + pVal = json_new_string(blob_str(&content)); | |
| 297 | + blob_reset(&content); | |
| 298 | + } | |
| 299 | + blob_reset(&versionedPathname); | |
| 300 | + } | |
| 301 | + } | |
| 302 | + if( 0==pSrc ){ | |
| 303 | + /* We had no versioned value, so use the value from | |
| 304 | + ** localdb.vvar or repository.config (in that order). */ | |
| 305 | + db_bind_text(&q, ":name", pSet->name); | |
| 306 | + if( SQLITE_ROW==db_step(&q) ){ | |
| 307 | + pSrc = json_new_string(db_column_text(&q, 0)); | |
| 308 | + pVal = json_new_string(db_column_text(&q, 1)); | |
| 309 | + } | |
| 310 | + db_reset(&q); | |
| 311 | + } | |
| 314 | 312 | } |
| 315 | 313 | cson_object_set(jSet, "valueSource", pSrc ? pSrc : cson_value_null()); |
| 316 | 314 | cson_object_set(jSet, "value", pVal ? pVal : cson_value_null()); |
| 317 | 315 | }/*aSetting loop*/ |
| 318 | 316 | db_finalize(&q); |
| 319 | 317 |
| --- src/json_config.c | |
| +++ src/json_config.c | |
| @@ -261,58 +261,56 @@ | |
| 261 | cson_object_set(jSet, "versionable", cson_value_new_bool(pSet->versionable)); |
| 262 | cson_object_set(jSet, "sensitive", cson_value_new_bool(pSet->sensitive)); |
| 263 | cson_object_set(jSet, "defaultValue", (pSet->def && pSet->def[0]) |
| 264 | ? json_new_string(pSet->def) |
| 265 | : cson_value_null()); |
| 266 | if( pSet->sensitive && !g.perm.Setup ){ |
| 267 | /* Should we also allow non-Setup admins to see these? */ |
| 268 | continue; |
| 269 | } |
| 270 | if( pSet->versionable ){ |
| 271 | /* Check to see if this is overridden by a versionable settings file */ |
| 272 | Blob versionedPathname; |
| 273 | blob_zero(&versionedPathname); |
| 274 | if( 0!=zUuid ){ |
| 275 | /* Attempt to find a versioned setting stored in the given |
| 276 | ** check-in version. */ |
| 277 | db_bind_text(&qFoci, ":name", pSet->name); |
| 278 | if( SQLITE_ROW==db_step(&qFoci) ){ |
| 279 | int frid = fast_uuid_to_rid(db_column_text(&qFoci, 0)); |
| 280 | Blob content; |
| 281 | blob_zero(&content); |
| 282 | if( 0!=content_get(frid, &content) ){ |
| 283 | pSrc = json_new_string("versioned"); |
| 284 | pVal = json_new_string(blob_str(&content)); |
| 285 | } |
| 286 | blob_reset(&content); |
| 287 | } |
| 288 | db_reset(&qFoci); |
| 289 | } |
| 290 | if( 0==pSrc && g.localOpen ){ |
| 291 | /* Pull value from a local .fossil-settings/X file, if one exists. */ |
| 292 | blob_appendf(&versionedPathname, "%s.fossil-settings/%s", |
| 293 | g.zLocalRoot, pSet->name); |
| 294 | if( file_size(blob_str(&versionedPathname), ExtFILE)>=0 ){ |
| 295 | Blob content; |
| 296 | blob_zero(&content); |
| 297 | blob_read_from_file(&content, blob_str(&versionedPathname), ExtFILE); |
| 298 | pSrc = json_new_string("versioned"); |
| 299 | pVal = json_new_string(blob_str(&content)); |
| 300 | blob_reset(&content); |
| 301 | } |
| 302 | blob_reset(&versionedPathname); |
| 303 | } |
| 304 | } |
| 305 | if( 0==pSrc ){ |
| 306 | /* We had no versioned value, so use the value from |
| 307 | ** localdb.vvar or repository.config (in that order). */ |
| 308 | db_bind_text(&q, ":name", pSet->name); |
| 309 | if( SQLITE_ROW==db_step(&q) ){ |
| 310 | pSrc = json_new_string(db_column_text(&q, 0)); |
| 311 | pVal = json_new_string(db_column_text(&q, 1)); |
| 312 | } |
| 313 | db_reset(&q); |
| 314 | } |
| 315 | cson_object_set(jSet, "valueSource", pSrc ? pSrc : cson_value_null()); |
| 316 | cson_object_set(jSet, "value", pVal ? pVal : cson_value_null()); |
| 317 | }/*aSetting loop*/ |
| 318 | db_finalize(&q); |
| 319 |
| --- src/json_config.c | |
| +++ src/json_config.c | |
| @@ -261,58 +261,56 @@ | |
| 261 | cson_object_set(jSet, "versionable", cson_value_new_bool(pSet->versionable)); |
| 262 | cson_object_set(jSet, "sensitive", cson_value_new_bool(pSet->sensitive)); |
| 263 | cson_object_set(jSet, "defaultValue", (pSet->def && pSet->def[0]) |
| 264 | ? json_new_string(pSet->def) |
| 265 | : cson_value_null()); |
| 266 | if( 0==pSet->sensitive || 0!=g.perm.Setup ){ |
| 267 | if( pSet->versionable ){ |
| 268 | /* Check to see if this is overridden by a versionable settings file */ |
| 269 | Blob versionedPathname; |
| 270 | blob_zero(&versionedPathname); |
| 271 | if( 0!=zUuid ){ |
| 272 | /* Attempt to find a versioned setting stored in the given |
| 273 | ** check-in version. */ |
| 274 | db_bind_text(&qFoci, ":name", pSet->name); |
| 275 | if( SQLITE_ROW==db_step(&qFoci) ){ |
| 276 | int frid = fast_uuid_to_rid(db_column_text(&qFoci, 0)); |
| 277 | Blob content; |
| 278 | blob_zero(&content); |
| 279 | if( 0!=content_get(frid, &content) ){ |
| 280 | pSrc = json_new_string("versioned"); |
| 281 | pVal = json_new_string(blob_str(&content)); |
| 282 | } |
| 283 | blob_reset(&content); |
| 284 | } |
| 285 | db_reset(&qFoci); |
| 286 | } |
| 287 | if( 0==pSrc && g.localOpen ){ |
| 288 | /* Pull value from a local .fossil-settings/X file, if one exists. */ |
| 289 | blob_appendf(&versionedPathname, "%s.fossil-settings/%s", |
| 290 | g.zLocalRoot, pSet->name); |
| 291 | if( file_size(blob_str(&versionedPathname), ExtFILE)>=0 ){ |
| 292 | Blob content; |
| 293 | blob_zero(&content); |
| 294 | blob_read_from_file(&content, blob_str(&versionedPathname), ExtFILE); |
| 295 | pSrc = json_new_string("versioned"); |
| 296 | pVal = json_new_string(blob_str(&content)); |
| 297 | blob_reset(&content); |
| 298 | } |
| 299 | blob_reset(&versionedPathname); |
| 300 | } |
| 301 | } |
| 302 | if( 0==pSrc ){ |
| 303 | /* We had no versioned value, so use the value from |
| 304 | ** localdb.vvar or repository.config (in that order). */ |
| 305 | db_bind_text(&q, ":name", pSet->name); |
| 306 | if( SQLITE_ROW==db_step(&q) ){ |
| 307 | pSrc = json_new_string(db_column_text(&q, 0)); |
| 308 | pVal = json_new_string(db_column_text(&q, 1)); |
| 309 | } |
| 310 | db_reset(&q); |
| 311 | } |
| 312 | } |
| 313 | cson_object_set(jSet, "valueSource", pSrc ? pSrc : cson_value_null()); |
| 314 | cson_object_set(jSet, "value", pVal ? pVal : cson_value_null()); |
| 315 | }/*aSetting loop*/ |
| 316 | db_finalize(&q); |
| 317 |