Fossil SCM
Repurposed the check for "d" cap in the Security Audit page to warn that it should be removed from use. It checks the anonymous, developer, and reader users for it only, not any one-off uses. It also doesn't check Setup or Admin, but presumably whatever we reuse "d" for in the future will be granted to them by default.
Commit
8059b9cac1709ddc1418de88981e2eeaa0f554cc7e5993f873e9f419d203602b
Parent
7454cce841beaf8…
1 file changed
+13
-8
+13
-8
| --- src/security_audit.c | ||
| +++ src/security_audit.c | ||
| @@ -94,10 +94,12 @@ | ||
| 94 | 94 | ** accessed using the Admin/Security-Audit menu option |
| 95 | 95 | ** from any of the default skins. |
| 96 | 96 | */ |
| 97 | 97 | void secaudit0_page(void){ |
| 98 | 98 | const char *zAnonCap; /* Capabilities of user "anonymous" and "nobody" */ |
| 99 | + const char *zDevCap; /* Capabilities of user group "developer" */ | |
| 100 | + const char *zReadCap; /* Capabilities of user group "reader" */ | |
| 99 | 101 | const char *zPubPages; /* GLOB pattern for public pages */ |
| 100 | 102 | const char *zSelfCap; /* Capabilities of self-registered users */ |
| 101 | 103 | int hasSelfReg = 0; /* True if able to self-register */ |
| 102 | 104 | char *z; |
| 103 | 105 | int n; |
| @@ -116,10 +118,12 @@ | ||
| 116 | 118 | ** means that any anonymous user on the internet can access all content. |
| 117 | 119 | ** "Private" repos require (non-anonymous) login to access all content, |
| 118 | 120 | ** though some content may be accessible anonymously. |
| 119 | 121 | */ |
| 120 | 122 | zAnonCap = db_text("", "SELECT fullcap(NULL)"); |
| 123 | + zDevCap = db_text("", "SELECT fullcap('v')"); | |
| 124 | + zReadCap = db_text("", "SELECT fullcap('u')"); | |
| 121 | 125 | zPubPages = db_get("public-pages",0); |
| 122 | 126 | hasSelfReg = db_get_boolean("self-register",0); |
| 123 | 127 | pCap = capability_add(0, db_get("default-perms",0)); |
| 124 | 128 | capability_expand(pCap); |
| 125 | 129 | zSelfCap = capability_string(pCap); |
| @@ -278,19 +282,20 @@ | ||
| 278 | 282 | @ privileges (<a href="%R/setup_ucap_list">capabilities</a> "fq5") |
| 279 | 283 | @ from users "anonymous" and "nobody" |
| 280 | 284 | @ on the <a href="setup_ulist">User Configuration</a> page. |
| 281 | 285 | } |
| 282 | 286 | |
| 283 | - /* Anonymous users probably should not be allowed to delete | |
| 284 | - ** wiki or tickets. | |
| 285 | - */ | |
| 286 | - if( hasAnyCap(zAnonCap, "d") ){ | |
| 287 | + /* Obsolete: */ | |
| 288 | + if( hasAnyCap(zAnonCap, "d") || | |
| 289 | + hasAnyCap(zDevCap, "d") || | |
| 290 | + hasAnyCap(zReadCap, "d") ){ | |
| 287 | 291 | @ <li><p><b>WARNING:</b> |
| 288 | - @ Anonymous users can delete wiki and tickets. | |
| 289 | - @ <p>Fix this by removing the "Delete" | |
| 290 | - @ privilege from users "anonymous" and "nobody" on the | |
| 291 | - @ <a href="setup_ulist">User Configuration</a> page. | |
| 292 | + @ One or more users has the <a | |
| 293 | + @ href="https://fossil-scm.org/forum/forumpost/43c78f4bef">obsolete</a> | |
| 294 | + @ "d" capability. You should remove it using the | |
| 295 | + @ <a href="setup_ulist">User Configuration</a> page in case we | |
| 296 | + @ ever reuse the letter for another purpose. | |
| 292 | 297 | } |
| 293 | 298 | |
| 294 | 299 | /* If anonymous users are allowed to create new Wiki, then |
| 295 | 300 | ** wiki moderation should be activated to pervent spam. |
| 296 | 301 | */ |
| 297 | 302 |
| --- src/security_audit.c | |
| +++ src/security_audit.c | |
| @@ -94,10 +94,12 @@ | |
| 94 | ** accessed using the Admin/Security-Audit menu option |
| 95 | ** from any of the default skins. |
| 96 | */ |
| 97 | void secaudit0_page(void){ |
| 98 | const char *zAnonCap; /* Capabilities of user "anonymous" and "nobody" */ |
| 99 | const char *zPubPages; /* GLOB pattern for public pages */ |
| 100 | const char *zSelfCap; /* Capabilities of self-registered users */ |
| 101 | int hasSelfReg = 0; /* True if able to self-register */ |
| 102 | char *z; |
| 103 | int n; |
| @@ -116,10 +118,12 @@ | |
| 116 | ** means that any anonymous user on the internet can access all content. |
| 117 | ** "Private" repos require (non-anonymous) login to access all content, |
| 118 | ** though some content may be accessible anonymously. |
| 119 | */ |
| 120 | zAnonCap = db_text("", "SELECT fullcap(NULL)"); |
| 121 | zPubPages = db_get("public-pages",0); |
| 122 | hasSelfReg = db_get_boolean("self-register",0); |
| 123 | pCap = capability_add(0, db_get("default-perms",0)); |
| 124 | capability_expand(pCap); |
| 125 | zSelfCap = capability_string(pCap); |
| @@ -278,19 +282,20 @@ | |
| 278 | @ privileges (<a href="%R/setup_ucap_list">capabilities</a> "fq5") |
| 279 | @ from users "anonymous" and "nobody" |
| 280 | @ on the <a href="setup_ulist">User Configuration</a> page. |
| 281 | } |
| 282 | |
| 283 | /* Anonymous users probably should not be allowed to delete |
| 284 | ** wiki or tickets. |
| 285 | */ |
| 286 | if( hasAnyCap(zAnonCap, "d") ){ |
| 287 | @ <li><p><b>WARNING:</b> |
| 288 | @ Anonymous users can delete wiki and tickets. |
| 289 | @ <p>Fix this by removing the "Delete" |
| 290 | @ privilege from users "anonymous" and "nobody" on the |
| 291 | @ <a href="setup_ulist">User Configuration</a> page. |
| 292 | } |
| 293 | |
| 294 | /* If anonymous users are allowed to create new Wiki, then |
| 295 | ** wiki moderation should be activated to pervent spam. |
| 296 | */ |
| 297 |
| --- src/security_audit.c | |
| +++ src/security_audit.c | |
| @@ -94,10 +94,12 @@ | |
| 94 | ** accessed using the Admin/Security-Audit menu option |
| 95 | ** from any of the default skins. |
| 96 | */ |
| 97 | void secaudit0_page(void){ |
| 98 | const char *zAnonCap; /* Capabilities of user "anonymous" and "nobody" */ |
| 99 | const char *zDevCap; /* Capabilities of user group "developer" */ |
| 100 | const char *zReadCap; /* Capabilities of user group "reader" */ |
| 101 | const char *zPubPages; /* GLOB pattern for public pages */ |
| 102 | const char *zSelfCap; /* Capabilities of self-registered users */ |
| 103 | int hasSelfReg = 0; /* True if able to self-register */ |
| 104 | char *z; |
| 105 | int n; |
| @@ -116,10 +118,12 @@ | |
| 118 | ** means that any anonymous user on the internet can access all content. |
| 119 | ** "Private" repos require (non-anonymous) login to access all content, |
| 120 | ** though some content may be accessible anonymously. |
| 121 | */ |
| 122 | zAnonCap = db_text("", "SELECT fullcap(NULL)"); |
| 123 | zDevCap = db_text("", "SELECT fullcap('v')"); |
| 124 | zReadCap = db_text("", "SELECT fullcap('u')"); |
| 125 | zPubPages = db_get("public-pages",0); |
| 126 | hasSelfReg = db_get_boolean("self-register",0); |
| 127 | pCap = capability_add(0, db_get("default-perms",0)); |
| 128 | capability_expand(pCap); |
| 129 | zSelfCap = capability_string(pCap); |
| @@ -278,19 +282,20 @@ | |
| 282 | @ privileges (<a href="%R/setup_ucap_list">capabilities</a> "fq5") |
| 283 | @ from users "anonymous" and "nobody" |
| 284 | @ on the <a href="setup_ulist">User Configuration</a> page. |
| 285 | } |
| 286 | |
| 287 | /* Obsolete: */ |
| 288 | if( hasAnyCap(zAnonCap, "d") || |
| 289 | hasAnyCap(zDevCap, "d") || |
| 290 | hasAnyCap(zReadCap, "d") ){ |
| 291 | @ <li><p><b>WARNING:</b> |
| 292 | @ One or more users has the <a |
| 293 | @ href="https://fossil-scm.org/forum/forumpost/43c78f4bef">obsolete</a> |
| 294 | @ "d" capability. You should remove it using the |
| 295 | @ <a href="setup_ulist">User Configuration</a> page in case we |
| 296 | @ ever reuse the letter for another purpose. |
| 297 | } |
| 298 | |
| 299 | /* If anonymous users are allowed to create new Wiki, then |
| 300 | ** wiki moderation should be activated to pervent spam. |
| 301 | */ |
| 302 |