Fossil SCM

Fix the /alerts page so that access is provided even for users that are not logged in as long as a complete subscription code is provided as the "name" query parameter.

drh 2022-07-29 19:03 trunk
Commit a27c908f5d89b30eaf82a34e0d881236f252ad424a8e24bff50bc9cc6504739e
Parent f045c5dd2631d92…
1 file changed +1 -6
~ src/alerts.c
M src/alerts.c
+1 -6
--- src/alerts.c
+++ src/alerts.c
@@ -1748,15 +1748,10 @@
17481748
 if( alert_webpages_disabled() ){
17491749
 db_commit_transaction();
17501750
 return;
17511751
 }
17521752
 login_check_credentials();
1753
- if( !g.perm.EmailAlert ){
1754
- db_commit_transaction();
1755
- login_needed(g.anon.EmailAlert);
1756
- /*NOTREACHED*/
1757
- }
17581753
 isLogin = login_is_individual();
17591754
 zName = P("name");
17601755
 nName = zName ? (int)strlen(zName) : 0;
17611756
 if( g.perm.Admin && P("sid")!=0 ){
17621757
 sid = atoi(P("sid"));
@@ -1767,11 +1762,11 @@
17671762
 " THEN subscriberId ELSE 0 END"
17681763
 " FROM subscriber WHERE subscriberCode>=hextoblob(%Q)"
17691764
 " LIMIT 1", zName, zName);
17701765
 if( sid ) keepAlive = 1;
17711766
 }
1772
- if( sid==0 && isLogin ){
1767
+ if( sid==0 && isLogin && g.perm.EmailAlert ){
17731768
 sid = db_int(0, "SELECT subscriberId FROM subscriber"
17741769
 " WHERE suname=%Q", g.zLogin);
17751770
 }
17761771
 if( sid==0 ){
17771772
 db_commit_transaction();
17781773
--- src/alerts.c
+++ src/alerts.c
@@ -1748,15 +1748,10 @@
1748 if( alert_webpages_disabled() ){
1749 db_commit_transaction();
1750 return;
1751 }
1752 login_check_credentials();
1753 if( !g.perm.EmailAlert ){
1754 db_commit_transaction();
1755 login_needed(g.anon.EmailAlert);
1756 /*NOTREACHED*/
1757 }
1758 isLogin = login_is_individual();
1759 zName = P("name");
1760 nName = zName ? (int)strlen(zName) : 0;
1761 if( g.perm.Admin && P("sid")!=0 ){
1762 sid = atoi(P("sid"));
@@ -1767,11 +1762,11 @@
1767 " THEN subscriberId ELSE 0 END"
1768 " FROM subscriber WHERE subscriberCode>=hextoblob(%Q)"
1769 " LIMIT 1", zName, zName);
1770 if( sid ) keepAlive = 1;
1771 }
1772 if( sid==0 && isLogin ){
1773 sid = db_int(0, "SELECT subscriberId FROM subscriber"
1774 " WHERE suname=%Q", g.zLogin);
1775 }
1776 if( sid==0 ){
1777 db_commit_transaction();
1778
--- src/alerts.c
+++ src/alerts.c
@@ -1748,15 +1748,10 @@
1748 if( alert_webpages_disabled() ){
1749 db_commit_transaction();
1750 return;
1751 }
1752 login_check_credentials();
 
 
 
 
 
1753 isLogin = login_is_individual();
1754 zName = P("name");
1755 nName = zName ? (int)strlen(zName) : 0;
1756 if( g.perm.Admin && P("sid")!=0 ){
1757 sid = atoi(P("sid"));
@@ -1767,11 +1762,11 @@
1762 " THEN subscriberId ELSE 0 END"
1763 " FROM subscriber WHERE subscriberCode>=hextoblob(%Q)"
1764 " LIMIT 1", zName, zName);
1765 if( sid ) keepAlive = 1;
1766 }
1767 if( sid==0 && isLogin && g.perm.EmailAlert ){
1768 sid = db_int(0, "SELECT subscriberId FROM subscriber"
1769 " WHERE suname=%Q", g.zLogin);
1770 }
1771 if( sid==0 ){
1772 db_commit_transaction();
1773

Keyboard Shortcuts

Open search /
Next entry (timeline) j
Previous entry (timeline) k
Open focused entry Enter
Show this help ?
Toggle theme Top nav button