Fossil SCM
The RSS feed is restricted to the permissions granted to user 'nobody'. Ticket [09ba8cea6f]
Commit
78a6270fdc6ee90ae2edeac25ec94f2004cf6624
Parent
49cffc01871f7cb…
1 file changed
+30
-2
+30
-2
| --- src/rss.c | ||
| +++ src/rss.c | ||
| @@ -47,15 +47,43 @@ | ||
| 47 | 47 | @ (SELECT count(*) FROM plink WHERE pid=blob.rid AND isprim), |
| 48 | 48 | @ (SELECT count(*) FROM plink WHERE cid=blob.rid) |
| 49 | 49 | @ FROM event, blob |
| 50 | 50 | @ WHERE blob.rid=event.objid |
| 51 | 51 | ; |
| 52 | + | |
| 53 | + login_check_credentials(); | |
| 54 | + if( !g.okRead && !g.okRdTkt && !g.okRdWiki ){ | |
| 55 | + return; | |
| 56 | + } | |
| 57 | + | |
| 52 | 58 | blob_zero(&bSQL); |
| 53 | 59 | blob_append( &bSQL, zSQL1, -1 ); |
| 54 | 60 | |
| 55 | 61 | if( zType[0]!='a' ){ |
| 56 | - blob_appendf(&bSQL, " AND event.type=%Q", zType); | |
| 62 | + if( zType[0]=='c' && !g.okRead ) zType = "x"; | |
| 63 | + if( zType[0]=='w' && !g.okRdWiki ) zType = "x"; | |
| 64 | + if( zType[0]=='t' && !g.okRdTkt ) zType = "x"; | |
| 65 | + blob_appendf(&bSQL, " AND event.type=%Q", zType); | |
| 66 | + }else{ | |
| 67 | + if( !g.okRead ){ | |
| 68 | + if( g.okRdTkt && g.okRdWiki ){ | |
| 69 | + blob_append(&bSQL, " AND event.type!='ci'", -1); | |
| 70 | + }else if( g.okRdTkt ){ | |
| 71 | + blob_append(&bSQL, " AND event.type=='t'", -1); | |
| 72 | + }else{ | |
| 73 | + blob_append(&bSQL, " AND event.type=='w'", -1); | |
| 74 | + } | |
| 75 | + }else if( !g.okRdWiki ){ | |
| 76 | + if( g.okRdTkt ){ | |
| 77 | + blob_append(&bSQL, " AND event.type!='w'", -1); | |
| 78 | + }else{ | |
| 79 | + blob_append(&bSQL, " AND event.type=='ci'", -1); | |
| 80 | + } | |
| 81 | + }else if( !g.okRdTkt ){ | |
| 82 | + assert( !g.okRdTkt &&& g.okRead && g.okRdWiki ); | |
| 83 | + blob_append(&bSQL, " AND event.type!='t'", -1); | |
| 84 | + } | |
| 57 | 85 | } |
| 58 | 86 | |
| 59 | 87 | blob_append( &bSQL, " ORDER BY event.mtime DESC", -1 ); |
| 60 | 88 | |
| 61 | 89 | cgi_set_content_type("application/rss+xml"); |
| @@ -78,11 +106,11 @@ | ||
| 78 | 106 | @ <title>%h(zProjectName)</title> |
| 79 | 107 | @ <link>%s(g.zBaseURL)</link> |
| 80 | 108 | @ <description>%h(zProjectDescr)</description> |
| 81 | 109 | @ <pubDate>%s(zPubDate)</pubDate> |
| 82 | 110 | @ <generator>Fossil version %s(MANIFEST_VERSION) %s(MANIFEST_DATE)</generator> |
| 83 | - db_prepare(&q, blob_buffer(&bSQL)); | |
| 111 | + db_prepare(&q, blob_str(&bSQL)); | |
| 84 | 112 | blob_reset( &bSQL ); |
| 85 | 113 | while( db_step(&q)==SQLITE_ROW && nLine<=20 ){ |
| 86 | 114 | const char *zId = db_column_text(&q, 1); |
| 87 | 115 | const char *zCom = db_column_text(&q, 3); |
| 88 | 116 | const char *zAuthor = db_column_text(&q, 4); |
| 89 | 117 |
| --- src/rss.c | |
| +++ src/rss.c | |
| @@ -47,15 +47,43 @@ | |
| 47 | @ (SELECT count(*) FROM plink WHERE pid=blob.rid AND isprim), |
| 48 | @ (SELECT count(*) FROM plink WHERE cid=blob.rid) |
| 49 | @ FROM event, blob |
| 50 | @ WHERE blob.rid=event.objid |
| 51 | ; |
| 52 | blob_zero(&bSQL); |
| 53 | blob_append( &bSQL, zSQL1, -1 ); |
| 54 | |
| 55 | if( zType[0]!='a' ){ |
| 56 | blob_appendf(&bSQL, " AND event.type=%Q", zType); |
| 57 | } |
| 58 | |
| 59 | blob_append( &bSQL, " ORDER BY event.mtime DESC", -1 ); |
| 60 | |
| 61 | cgi_set_content_type("application/rss+xml"); |
| @@ -78,11 +106,11 @@ | |
| 78 | @ <title>%h(zProjectName)</title> |
| 79 | @ <link>%s(g.zBaseURL)</link> |
| 80 | @ <description>%h(zProjectDescr)</description> |
| 81 | @ <pubDate>%s(zPubDate)</pubDate> |
| 82 | @ <generator>Fossil version %s(MANIFEST_VERSION) %s(MANIFEST_DATE)</generator> |
| 83 | db_prepare(&q, blob_buffer(&bSQL)); |
| 84 | blob_reset( &bSQL ); |
| 85 | while( db_step(&q)==SQLITE_ROW && nLine<=20 ){ |
| 86 | const char *zId = db_column_text(&q, 1); |
| 87 | const char *zCom = db_column_text(&q, 3); |
| 88 | const char *zAuthor = db_column_text(&q, 4); |
| 89 |
| --- src/rss.c | |
| +++ src/rss.c | |
| @@ -47,15 +47,43 @@ | |
| 47 | @ (SELECT count(*) FROM plink WHERE pid=blob.rid AND isprim), |
| 48 | @ (SELECT count(*) FROM plink WHERE cid=blob.rid) |
| 49 | @ FROM event, blob |
| 50 | @ WHERE blob.rid=event.objid |
| 51 | ; |
| 52 | |
| 53 | login_check_credentials(); |
| 54 | if( !g.okRead && !g.okRdTkt && !g.okRdWiki ){ |
| 55 | return; |
| 56 | } |
| 57 | |
| 58 | blob_zero(&bSQL); |
| 59 | blob_append( &bSQL, zSQL1, -1 ); |
| 60 | |
| 61 | if( zType[0]!='a' ){ |
| 62 | if( zType[0]=='c' && !g.okRead ) zType = "x"; |
| 63 | if( zType[0]=='w' && !g.okRdWiki ) zType = "x"; |
| 64 | if( zType[0]=='t' && !g.okRdTkt ) zType = "x"; |
| 65 | blob_appendf(&bSQL, " AND event.type=%Q", zType); |
| 66 | }else{ |
| 67 | if( !g.okRead ){ |
| 68 | if( g.okRdTkt && g.okRdWiki ){ |
| 69 | blob_append(&bSQL, " AND event.type!='ci'", -1); |
| 70 | }else if( g.okRdTkt ){ |
| 71 | blob_append(&bSQL, " AND event.type=='t'", -1); |
| 72 | }else{ |
| 73 | blob_append(&bSQL, " AND event.type=='w'", -1); |
| 74 | } |
| 75 | }else if( !g.okRdWiki ){ |
| 76 | if( g.okRdTkt ){ |
| 77 | blob_append(&bSQL, " AND event.type!='w'", -1); |
| 78 | }else{ |
| 79 | blob_append(&bSQL, " AND event.type=='ci'", -1); |
| 80 | } |
| 81 | }else if( !g.okRdTkt ){ |
| 82 | assert( !g.okRdTkt &&& g.okRead && g.okRdWiki ); |
| 83 | blob_append(&bSQL, " AND event.type!='t'", -1); |
| 84 | } |
| 85 | } |
| 86 | |
| 87 | blob_append( &bSQL, " ORDER BY event.mtime DESC", -1 ); |
| 88 | |
| 89 | cgi_set_content_type("application/rss+xml"); |
| @@ -78,11 +106,11 @@ | |
| 106 | @ <title>%h(zProjectName)</title> |
| 107 | @ <link>%s(g.zBaseURL)</link> |
| 108 | @ <description>%h(zProjectDescr)</description> |
| 109 | @ <pubDate>%s(zPubDate)</pubDate> |
| 110 | @ <generator>Fossil version %s(MANIFEST_VERSION) %s(MANIFEST_DATE)</generator> |
| 111 | db_prepare(&q, blob_str(&bSQL)); |
| 112 | blob_reset( &bSQL ); |
| 113 | while( db_step(&q)==SQLITE_ROW && nLine<=20 ){ |
| 114 | const char *zId = db_column_text(&q, 1); |
| 115 | const char *zCom = db_column_text(&q, 3); |
| 116 | const char *zAuthor = db_column_text(&q, 4); |
| 117 |