Fossil SCM
Do not allow a login to occur if the USER.INFO field contains the text "expires YYYY-MM-DD" where YYYY-MM-DD is not in the future.
Commit
9271b4bb350532d953dcd39c3faa68ac440f734a
Parent
ba9d3f08a136c47…
1 file changed
+3
-1
+3
-1
| --- src/login.c | ||
| +++ src/login.c | ||
| @@ -216,11 +216,13 @@ | ||
| 216 | 216 | db_int(0, |
| 217 | 217 | "SELECT uid FROM user" |
| 218 | 218 | " WHERE login=%Q" |
| 219 | 219 | " AND length(cap)>0 AND length(pw)>0" |
| 220 | 220 | " AND login NOT IN ('anonymous','nobody','developer','reader')" |
| 221 | - " AND (pw=%Q OR (length(pw)<>40 AND pw=%Q))", | |
| 221 | + " AND (pw=%Q OR (length(pw)<>40 AND pw=%Q))" | |
| 222 | + " AND (info NOT LIKE '%%expires 20%%'" | |
| 223 | + " OR substr(info,instr(lower(info),'expires')+8,10)>datetime('now'))", | |
| 222 | 224 | zUsername, zSha1Pw, zPasswd |
| 223 | 225 | ); |
| 224 | 226 | free(zSha1Pw); |
| 225 | 227 | return uid; |
| 226 | 228 | } |
| 227 | 229 |
| --- src/login.c | |
| +++ src/login.c | |
| @@ -216,11 +216,13 @@ | |
| 216 | db_int(0, |
| 217 | "SELECT uid FROM user" |
| 218 | " WHERE login=%Q" |
| 219 | " AND length(cap)>0 AND length(pw)>0" |
| 220 | " AND login NOT IN ('anonymous','nobody','developer','reader')" |
| 221 | " AND (pw=%Q OR (length(pw)<>40 AND pw=%Q))", |
| 222 | zUsername, zSha1Pw, zPasswd |
| 223 | ); |
| 224 | free(zSha1Pw); |
| 225 | return uid; |
| 226 | } |
| 227 |
| --- src/login.c | |
| +++ src/login.c | |
| @@ -216,11 +216,13 @@ | |
| 216 | db_int(0, |
| 217 | "SELECT uid FROM user" |
| 218 | " WHERE login=%Q" |
| 219 | " AND length(cap)>0 AND length(pw)>0" |
| 220 | " AND login NOT IN ('anonymous','nobody','developer','reader')" |
| 221 | " AND (pw=%Q OR (length(pw)<>40 AND pw=%Q))" |
| 222 | " AND (info NOT LIKE '%%expires 20%%'" |
| 223 | " OR substr(info,instr(lower(info),'expires')+8,10)>datetime('now'))", |
| 224 | zUsername, zSha1Pw, zPasswd |
| 225 | ); |
| 226 | free(zSha1Pw); |
| 227 | return uid; |
| 228 | } |
| 229 |