Fossil SCM
Add 'th1-docs' setting to control whether or not TH1 scripts are allowed in embedded documentation files.
Commit
4f0b0a6af275977612a6ab7a246d7f1d391cfbaa
Parent
5ce57f21bd993c6…
3 files changed
+1
+9
+2
-1
+1
| --- src/configure.c | ||
| +++ src/configure.c | ||
| @@ -97,10 +97,11 @@ | ||
| 97 | 97 | { "timeline-max-comment", CONFIGSET_SKIN }, |
| 98 | 98 | { "timeline-plaintext", CONFIGSET_SKIN }, |
| 99 | 99 | { "adunit", CONFIGSET_SKIN }, |
| 100 | 100 | { "adunit-omit-if-admin", CONFIGSET_SKIN }, |
| 101 | 101 | { "adunit-omit-if-user", CONFIGSET_SKIN }, |
| 102 | + { "th1-docs", CONFIGSET_TH1 }, | |
| 102 | 103 | { "th1-hooks", CONFIGSET_TH1 }, |
| 103 | 104 | { "th1-setup", CONFIGSET_TH1 }, |
| 104 | 105 | { "th1-uri-regexp", CONFIGSET_TH1 }, |
| 105 | 106 | |
| 106 | 107 | #ifdef FOSSIL_ENABLE_TCL |
| 107 | 108 |
| --- src/configure.c | |
| +++ src/configure.c | |
| @@ -97,10 +97,11 @@ | |
| 97 | { "timeline-max-comment", CONFIGSET_SKIN }, |
| 98 | { "timeline-plaintext", CONFIGSET_SKIN }, |
| 99 | { "adunit", CONFIGSET_SKIN }, |
| 100 | { "adunit-omit-if-admin", CONFIGSET_SKIN }, |
| 101 | { "adunit-omit-if-user", CONFIGSET_SKIN }, |
| 102 | { "th1-hooks", CONFIGSET_TH1 }, |
| 103 | { "th1-setup", CONFIGSET_TH1 }, |
| 104 | { "th1-uri-regexp", CONFIGSET_TH1 }, |
| 105 | |
| 106 | #ifdef FOSSIL_ENABLE_TCL |
| 107 |
| --- src/configure.c | |
| +++ src/configure.c | |
| @@ -97,10 +97,11 @@ | |
| 97 | { "timeline-max-comment", CONFIGSET_SKIN }, |
| 98 | { "timeline-plaintext", CONFIGSET_SKIN }, |
| 99 | { "adunit", CONFIGSET_SKIN }, |
| 100 | { "adunit-omit-if-admin", CONFIGSET_SKIN }, |
| 101 | { "adunit-omit-if-user", CONFIGSET_SKIN }, |
| 102 | { "th1-docs", CONFIGSET_TH1 }, |
| 103 | { "th1-hooks", CONFIGSET_TH1 }, |
| 104 | { "th1-setup", CONFIGSET_TH1 }, |
| 105 | { "th1-uri-regexp", CONFIGSET_TH1 }, |
| 106 | |
| 107 | #ifdef FOSSIL_ENABLE_TCL |
| 108 |
M
src/db.c
+9
| --- src/db.c | ||
| +++ src/db.c | ||
| @@ -2201,10 +2201,11 @@ | ||
| 2201 | 2201 | { "ssl-identity", 0, 40, 0, 0, "" }, |
| 2202 | 2202 | #ifdef FOSSIL_ENABLE_TCL |
| 2203 | 2203 | { "tcl", 0, 0, 0, 0, "off" }, |
| 2204 | 2204 | { "tcl-setup", 0, 40, 1, 1, "" }, |
| 2205 | 2205 | #endif |
| 2206 | + { "th1-docs", 0, 0, 0, 0, "off" }, | |
| 2206 | 2207 | { "th1-hooks", 0, 0, 0, 0, "off" }, |
| 2207 | 2208 | { "th1-setup", 0, 40, 1, 1, "" }, |
| 2208 | 2209 | { "th1-uri-regexp", 0, 40, 1, 0, "" }, |
| 2209 | 2210 | { "web-browser", 0, 32, 0, 0, "" }, |
| 2210 | 2211 | { "white-foreground", 0, 0, 0, 0, "off" }, |
| @@ -2408,10 +2409,18 @@ | ||
| 2408 | 2409 | ** expressions and scripts. Default: off. |
| 2409 | 2410 | ** |
| 2410 | 2411 | ** tcl-setup This is the setup script to be evaluated after creating |
| 2411 | 2412 | ** (versionable) and initializing the Tcl interpreter. By default, this |
| 2412 | 2413 | ** is empty and no extra setup is performed. |
| 2414 | +** | |
| 2415 | +** th1-docs WARNING: If enabled, this allows embedded documentation | |
| 2416 | +** files to contain TH1 scripts that are evaluated on the | |
| 2417 | +** server. If native Tcl integration is also enabled, this | |
| 2418 | +** setting has the potential to allow anybody with check-in | |
| 2419 | +** privileges to do practically anything the associated | |
| 2420 | +** operating system user account could do. Extreme caution | |
| 2421 | +** should be used when enabling this setting. | |
| 2413 | 2422 | ** |
| 2414 | 2423 | ** th1-hooks If enabled (and Fossil was compiled with support for TH1 |
| 2415 | 2424 | ** hooks), special TH1 commands will be called before and |
| 2416 | 2425 | ** after any Fossil command or web page. Default: off. |
| 2417 | 2426 | ** |
| 2418 | 2427 |
| --- src/db.c | |
| +++ src/db.c | |
| @@ -2201,10 +2201,11 @@ | |
| 2201 | { "ssl-identity", 0, 40, 0, 0, "" }, |
| 2202 | #ifdef FOSSIL_ENABLE_TCL |
| 2203 | { "tcl", 0, 0, 0, 0, "off" }, |
| 2204 | { "tcl-setup", 0, 40, 1, 1, "" }, |
| 2205 | #endif |
| 2206 | { "th1-hooks", 0, 0, 0, 0, "off" }, |
| 2207 | { "th1-setup", 0, 40, 1, 1, "" }, |
| 2208 | { "th1-uri-regexp", 0, 40, 1, 0, "" }, |
| 2209 | { "web-browser", 0, 32, 0, 0, "" }, |
| 2210 | { "white-foreground", 0, 0, 0, 0, "off" }, |
| @@ -2408,10 +2409,18 @@ | |
| 2408 | ** expressions and scripts. Default: off. |
| 2409 | ** |
| 2410 | ** tcl-setup This is the setup script to be evaluated after creating |
| 2411 | ** (versionable) and initializing the Tcl interpreter. By default, this |
| 2412 | ** is empty and no extra setup is performed. |
| 2413 | ** |
| 2414 | ** th1-hooks If enabled (and Fossil was compiled with support for TH1 |
| 2415 | ** hooks), special TH1 commands will be called before and |
| 2416 | ** after any Fossil command or web page. Default: off. |
| 2417 | ** |
| 2418 |
| --- src/db.c | |
| +++ src/db.c | |
| @@ -2201,10 +2201,11 @@ | |
| 2201 | { "ssl-identity", 0, 40, 0, 0, "" }, |
| 2202 | #ifdef FOSSIL_ENABLE_TCL |
| 2203 | { "tcl", 0, 0, 0, 0, "off" }, |
| 2204 | { "tcl-setup", 0, 40, 1, 1, "" }, |
| 2205 | #endif |
| 2206 | { "th1-docs", 0, 0, 0, 0, "off" }, |
| 2207 | { "th1-hooks", 0, 0, 0, 0, "off" }, |
| 2208 | { "th1-setup", 0, 40, 1, 1, "" }, |
| 2209 | { "th1-uri-regexp", 0, 40, 1, 0, "" }, |
| 2210 | { "web-browser", 0, 32, 0, 0, "" }, |
| 2211 | { "white-foreground", 0, 0, 0, 0, "off" }, |
| @@ -2408,10 +2409,18 @@ | |
| 2409 | ** expressions and scripts. Default: off. |
| 2410 | ** |
| 2411 | ** tcl-setup This is the setup script to be evaluated after creating |
| 2412 | ** (versionable) and initializing the Tcl interpreter. By default, this |
| 2413 | ** is empty and no extra setup is performed. |
| 2414 | ** |
| 2415 | ** th1-docs WARNING: If enabled, this allows embedded documentation |
| 2416 | ** files to contain TH1 scripts that are evaluated on the |
| 2417 | ** server. If native Tcl integration is also enabled, this |
| 2418 | ** setting has the potential to allow anybody with check-in |
| 2419 | ** privileges to do practically anything the associated |
| 2420 | ** operating system user account could do. Extreme caution |
| 2421 | ** should be used when enabling this setting. |
| 2422 | ** |
| 2423 | ** th1-hooks If enabled (and Fossil was compiled with support for TH1 |
| 2424 | ** hooks), special TH1 commands will be called before and |
| 2425 | ** after any Fossil command or web page. Default: off. |
| 2426 | ** |
| 2427 |
+2
-1
| --- src/doc.c | ||
| +++ src/doc.c | ||
| @@ -525,11 +525,12 @@ | ||
| 525 | 525 | style_header("Documentation"); |
| 526 | 526 | @ <blockquote><pre> |
| 527 | 527 | @ %h(blob_str(&filebody)) |
| 528 | 528 | @ </pre></blockquote> |
| 529 | 529 | style_footer(); |
| 530 | - }else if( fossil_strcmp(zMime, "application/x-th1")==0 ){ | |
| 530 | + }else if( db_get_boolean("th1-docs", 0) && | |
| 531 | + fossil_strcmp(zMime, "application/x-th1")==0 ){ | |
| 531 | 532 | style_header("Documentation"); |
| 532 | 533 | Th_Render(blob_str(&filebody)); |
| 533 | 534 | style_footer(); |
| 534 | 535 | }else{ |
| 535 | 536 | cgi_set_content_type(zMime); |
| 536 | 537 |
| --- src/doc.c | |
| +++ src/doc.c | |
| @@ -525,11 +525,12 @@ | |
| 525 | style_header("Documentation"); |
| 526 | @ <blockquote><pre> |
| 527 | @ %h(blob_str(&filebody)) |
| 528 | @ </pre></blockquote> |
| 529 | style_footer(); |
| 530 | }else if( fossil_strcmp(zMime, "application/x-th1")==0 ){ |
| 531 | style_header("Documentation"); |
| 532 | Th_Render(blob_str(&filebody)); |
| 533 | style_footer(); |
| 534 | }else{ |
| 535 | cgi_set_content_type(zMime); |
| 536 |
| --- src/doc.c | |
| +++ src/doc.c | |
| @@ -525,11 +525,12 @@ | |
| 525 | style_header("Documentation"); |
| 526 | @ <blockquote><pre> |
| 527 | @ %h(blob_str(&filebody)) |
| 528 | @ </pre></blockquote> |
| 529 | style_footer(); |
| 530 | }else if( db_get_boolean("th1-docs", 0) && |
| 531 | fossil_strcmp(zMime, "application/x-th1")==0 ){ |
| 532 | style_header("Documentation"); |
| 533 | Th_Render(blob_str(&filebody)); |
| 534 | style_footer(); |
| 535 | }else{ |
| 536 | cgi_set_content_type(zMime); |
| 537 |