Fossil SCM
Make sure auto-hyperlink works for anonymous.
Commit
a2730fea395dd1a72d1cc3ac98ddd49f4173e97b
Parent
9066bf13717c56e…
1 file changed
+13
-2
+13
-2
| --- src/login.c | ||
| +++ src/login.c | ||
| @@ -1005,17 +1005,18 @@ | ||
| 1005 | 1005 | g.isHuman = 1; |
| 1006 | 1006 | } |
| 1007 | 1007 | |
| 1008 | 1008 | /* Set the capabilities */ |
| 1009 | 1009 | login_replace_capabilities(zCap, 0); |
| 1010 | - login_set_anon_nobody_capabilities(); | |
| 1011 | 1010 | |
| 1012 | 1011 | /* The auto-hyperlink setting allows hyperlinks to be displayed for users |
| 1013 | 1012 | ** who do not have the "h" permission as long as their UserAgent string |
| 1014 | 1013 | ** makes it appear that they are human. Check to see if auto-hyperlink is |
| 1015 | 1014 | ** enabled for this repository and make appropriate adjustments to the |
| 1016 | - ** permission flags if it is. | |
| 1015 | + ** permission flags if it is. This should be done before the permissions | |
| 1016 | + ** are (potentially) copied to the anonymous permission set; otherwise, | |
| 1017 | + ** those will be out-of-sync. | |
| 1017 | 1018 | */ |
| 1018 | 1019 | if( zCap[0] |
| 1019 | 1020 | && !g.perm.Hyperlink |
| 1020 | 1021 | && g.isHuman |
| 1021 | 1022 | && db_get_boolean("auto-hyperlink",1) |
| @@ -1022,10 +1023,20 @@ | ||
| 1022 | 1023 | ){ |
| 1023 | 1024 | g.perm.Hyperlink = 1; |
| 1024 | 1025 | g.javascriptHyperlink = 1; |
| 1025 | 1026 | } |
| 1026 | 1027 | |
| 1028 | + /* | |
| 1029 | + ** At this point, the capabilities for the logged in user are not going | |
| 1030 | + ** to be modified anymore; therefore, we can copy them over to the ones | |
| 1031 | + ** for the anonymous user. | |
| 1032 | + ** | |
| 1033 | + ** WARNING: In the future, please do not add code after this point that | |
| 1034 | + ** modifies the capabilities for the logged in user. | |
| 1035 | + */ | |
| 1036 | + login_set_anon_nobody_capabilities(); | |
| 1037 | + | |
| 1027 | 1038 | /* If the public-pages glob pattern is defined and REQUEST_URI matches |
| 1028 | 1039 | ** one of the globs in public-pages, then also add in all default-perms |
| 1029 | 1040 | ** permissions. |
| 1030 | 1041 | */ |
| 1031 | 1042 | zPublicPages = db_get("public-pages",0); |
| 1032 | 1043 |
| --- src/login.c | |
| +++ src/login.c | |
| @@ -1005,17 +1005,18 @@ | |
| 1005 | g.isHuman = 1; |
| 1006 | } |
| 1007 | |
| 1008 | /* Set the capabilities */ |
| 1009 | login_replace_capabilities(zCap, 0); |
| 1010 | login_set_anon_nobody_capabilities(); |
| 1011 | |
| 1012 | /* The auto-hyperlink setting allows hyperlinks to be displayed for users |
| 1013 | ** who do not have the "h" permission as long as their UserAgent string |
| 1014 | ** makes it appear that they are human. Check to see if auto-hyperlink is |
| 1015 | ** enabled for this repository and make appropriate adjustments to the |
| 1016 | ** permission flags if it is. |
| 1017 | */ |
| 1018 | if( zCap[0] |
| 1019 | && !g.perm.Hyperlink |
| 1020 | && g.isHuman |
| 1021 | && db_get_boolean("auto-hyperlink",1) |
| @@ -1022,10 +1023,20 @@ | |
| 1022 | ){ |
| 1023 | g.perm.Hyperlink = 1; |
| 1024 | g.javascriptHyperlink = 1; |
| 1025 | } |
| 1026 | |
| 1027 | /* If the public-pages glob pattern is defined and REQUEST_URI matches |
| 1028 | ** one of the globs in public-pages, then also add in all default-perms |
| 1029 | ** permissions. |
| 1030 | */ |
| 1031 | zPublicPages = db_get("public-pages",0); |
| 1032 |
| --- src/login.c | |
| +++ src/login.c | |
| @@ -1005,17 +1005,18 @@ | |
| 1005 | g.isHuman = 1; |
| 1006 | } |
| 1007 | |
| 1008 | /* Set the capabilities */ |
| 1009 | login_replace_capabilities(zCap, 0); |
| 1010 | |
| 1011 | /* The auto-hyperlink setting allows hyperlinks to be displayed for users |
| 1012 | ** who do not have the "h" permission as long as their UserAgent string |
| 1013 | ** makes it appear that they are human. Check to see if auto-hyperlink is |
| 1014 | ** enabled for this repository and make appropriate adjustments to the |
| 1015 | ** permission flags if it is. This should be done before the permissions |
| 1016 | ** are (potentially) copied to the anonymous permission set; otherwise, |
| 1017 | ** those will be out-of-sync. |
| 1018 | */ |
| 1019 | if( zCap[0] |
| 1020 | && !g.perm.Hyperlink |
| 1021 | && g.isHuman |
| 1022 | && db_get_boolean("auto-hyperlink",1) |
| @@ -1022,10 +1023,20 @@ | |
| 1023 | ){ |
| 1024 | g.perm.Hyperlink = 1; |
| 1025 | g.javascriptHyperlink = 1; |
| 1026 | } |
| 1027 | |
| 1028 | /* |
| 1029 | ** At this point, the capabilities for the logged in user are not going |
| 1030 | ** to be modified anymore; therefore, we can copy them over to the ones |
| 1031 | ** for the anonymous user. |
| 1032 | ** |
| 1033 | ** WARNING: In the future, please do not add code after this point that |
| 1034 | ** modifies the capabilities for the logged in user. |
| 1035 | */ |
| 1036 | login_set_anon_nobody_capabilities(); |
| 1037 | |
| 1038 | /* If the public-pages glob pattern is defined and REQUEST_URI matches |
| 1039 | ** one of the globs in public-pages, then also add in all default-perms |
| 1040 | ** permissions. |
| 1041 | */ |
| 1042 | zPublicPages = db_get("public-pages",0); |
| 1043 |