Fossil SCM
admin pages without errors in HTML validator
Commit
a62bfaf55d7fcd5ee62eed527e4c68b52b7021c2
Parent
286d4bcaa0fb8c6…
4 files changed
+219
-215
+29
-26
+9
-9
+89
+219
-215
| --- src/setup.c | ||
| +++ src/setup.c | ||
| @@ -99,41 +99,39 @@ | ||
| 99 | 99 | return; |
| 100 | 100 | } |
| 101 | 101 | |
| 102 | 102 | style_submenu_element("Add", "Add User", "setup_uedit"); |
| 103 | 103 | style_header("User List"); |
| 104 | - @ <table border="0" cellpadding="0" cellspacing="25"> | |
| 105 | - @ <tr><td valign="top"> | |
| 106 | - @ <b>Users:</b> | |
| 107 | - @ <table border="1" cellpadding="10"><tr><td> | |
| 108 | - @ <table cellspacing=0 cellpadding=0 border=0> | |
| 104 | + @ <table class="usetupLayoutTable"> | |
| 105 | + @ <tr><td class="usetupColumnLayout"> | |
| 106 | + @ <span class="note">Users:</span> | |
| 107 | + @ <table class="usetupUserList"> | |
| 109 | 108 | @ <tr> |
| 110 | - @ <th align="right">User ID</th><td width="20"> </td> | |
| 111 | - @ <th>Capabilities</th><td width="15"> </td> | |
| 112 | - @ <th>Contact Info</th> | |
| 109 | + @ <th class="usetupListUser" style="text-align: right;padding-right: 20px;">User ID</th> | |
| 110 | + @ <th class="usetupListCap" style="text-align: center;padding-right: 15px;">Capabilities</th> | |
| 111 | + @ <th class="usetupListCon" style="text-align: left;">Contact Info</th> | |
| 113 | 112 | @ </tr> |
| 114 | 113 | db_prepare(&s, "SELECT uid, login, cap, info FROM user ORDER BY login"); |
| 115 | 114 | while( db_step(&s)==SQLITE_ROW ){ |
| 116 | 115 | const char *zCap = db_column_text(&s, 2); |
| 117 | 116 | if( strstr(zCap, "s") ) zCap = "s"; |
| 118 | 117 | @ <tr> |
| 119 | - @ <td align="right"> | |
| 118 | + @ <td class="usetupListUser" style="text-align: right;padding-right: 20px;white-space:nowrap;"> | |
| 120 | 119 | if( g.okAdmin && (zCap[0]!='s' || g.okSetup) ){ |
| 121 | 120 | @ <a href="setup_uedit?id=%d(db_column_int(&s,0))"> |
| 122 | 121 | } |
| 123 | - @ <nobr>%h(db_column_text(&s,1))</nobr> | |
| 122 | + @ %h(db_column_text(&s,1)) | |
| 124 | 123 | if( g.okAdmin ){ |
| 125 | 124 | @ </a> |
| 126 | 125 | } |
| 127 | - @ </td><td> </td> | |
| 128 | - @ <td align="center">%s(zCap)</td> | |
| 129 | - @ <td> </td> | |
| 130 | - @ <td align="left">%s(db_column_text(&s,3))</td> | |
| 126 | + @ </td> | |
| 127 | + @ <td class="usetupListCap" style="text-align: center;padding-right: 15px;">%s(zCap)</td> | |
| 128 | + @ <td class="usetupListCon" style="text-align: left;">%s(db_column_text(&s,3))</td> | |
| 131 | 129 | @ </tr> |
| 132 | 130 | } |
| 133 | - @ </table></td></tr></table> | |
| 134 | - @ <td valign="top"> | |
| 131 | + @ </table> | |
| 132 | + @ </td><td class="usetupColumnLayout"> | |
| 135 | 133 | @ <span class="note">Notes:</span> |
| 136 | 134 | @ <ol> |
| 137 | 135 | @ <li><p>The permission flags are as follows:</p> |
| 138 | 136 | @ <table> |
| 139 | 137 | @ <tr><td valign="top"><b>a</b></td> |
| @@ -181,31 +179,33 @@ | ||
| 181 | 179 | @ user <tt>developer</tt></td></tr> |
| 182 | 180 | @ <tr><td valign="top"><b>w</b></td> |
| 183 | 181 | @ <td><i>Write-Tkt:</i> Edit tickets</td></tr> |
| 184 | 182 | @ <tr><td valign="top"><b>z</b></td> |
| 185 | 183 | @ <td><i>Zip download:</i> Download a baseline via the |
| 186 | - @ <tt>/zip</tt> URL even without check<b>o</b>ut | |
| 187 | - @ and <b>h</b>istory permissions</td></tr> | |
| 184 | + @ <tt>/zip</tt> URL even without check<span class="capability">o</span>ut | |
| 185 | + @ and <span class="capability">h</span>istory permissions</td></tr> | |
| 188 | 186 | @ </table> |
| 189 | 187 | @ </li> |
| 190 | 188 | @ |
| 191 | 189 | @ <li><p> |
| 192 | - @ Every user, logged in or not, inherits the privileges of <b>nobody</b>. | |
| 190 | + @ Every user, logged in or not, inherits the privileges of <span class="usertype">nobody</span>. | |
| 193 | 191 | @ </p></li> |
| 194 | 192 | @ |
| 195 | 193 | @ <li><p> |
| 196 | - @ Any human can login as <b>anonymous</b> since the password is | |
| 197 | - @ clearly displayed on the login page for them to type. The purpose | |
| 194 | + @ Any human can login as <span class="usertype">anonymous</span> since the | |
| 195 | + @ password is clearly displayed on the login page for them to type. The purpose | |
| 198 | 196 | @ of requiring anonymous to log in is to prevent access by spiders. |
| 199 | 197 | @ Every logged-in user inherits the combined privileges of |
| 200 | - @ <b>anonymous</b> and | |
| 201 | - @ <b>nobody</b>. | |
| 198 | + @ <span class="usertype">anonymous</span> and | |
| 199 | + @ <span class="usertype">nobody</span>. | |
| 202 | 200 | @ </p></li> |
| 203 | 201 | @ |
| 204 | 202 | @ <li><p> |
| 205 | - @ Users with privilege <b>v</b> inherit the combined privileges of | |
| 206 | - @ <b>developer</b>, <b>anonymous</b>, and <b>nobody</b>. | |
| 203 | + @ Users with privilege <span class="capability">v</span> inherit the combined | |
| 204 | + @ privileges of <span class="usertype">developer</span>, | |
| 205 | + @ <span class="usertype">anonymous</span>, and | |
| 206 | + @ <span class="usertype">nobody</span>. | |
| 207 | 207 | @ </p></li> |
| 208 | 208 | @ |
| 209 | 209 | @ </ol> |
| 210 | 210 | @ </td></tr></table> |
| 211 | 211 | style_footer(); |
| @@ -323,12 +323,12 @@ | ||
| 323 | 323 | } |
| 324 | 324 | if( uid>0 && |
| 325 | 325 | db_exists("SELECT 1 FROM user WHERE login=%Q AND uid!=%d", zLogin, uid) |
| 326 | 326 | ){ |
| 327 | 327 | style_header("User Creation Error"); |
| 328 | - @ <font color="red">Login "%h(zLogin)" is already used by a different | |
| 329 | - @ user.</font> | |
| 328 | + @ <span class="loginError">Login "%h(zLogin)" is already used by a different | |
| 329 | + @ user.</span> | |
| 330 | 330 | @ |
| 331 | 331 | @ <p><a href="setup_uedit?id=%d(uid)">[Bummer]</a></p> |
| 332 | 332 | style_footer(); |
| 333 | 333 | return; |
| 334 | 334 | } |
| @@ -353,65 +353,65 @@ | ||
| 353 | 353 | if( uid ){ |
| 354 | 354 | zLogin = db_text("", "SELECT login FROM user WHERE uid=%d", uid); |
| 355 | 355 | zInfo = db_text("", "SELECT info FROM user WHERE uid=%d", uid); |
| 356 | 356 | zCap = db_text("", "SELECT cap FROM user WHERE uid=%d", uid); |
| 357 | 357 | zPw = db_text("", "SELECT pw FROM user WHERE uid=%d", uid); |
| 358 | - if( strchr(zCap, 'a') ) oaa = " checked"; | |
| 359 | - if( strchr(zCap, 'b') ) oab = " checked"; | |
| 360 | - if( strchr(zCap, 'c') ) oac = " checked"; | |
| 361 | - if( strchr(zCap, 'd') ) oad = " checked"; | |
| 362 | - if( strchr(zCap, 'e') ) oae = " checked"; | |
| 363 | - if( strchr(zCap, 'f') ) oaf = " checked"; | |
| 364 | - if( strchr(zCap, 'g') ) oag = " checked"; | |
| 365 | - if( strchr(zCap, 'h') ) oah = " checked"; | |
| 366 | - if( strchr(zCap, 'i') ) oai = " checked"; | |
| 367 | - if( strchr(zCap, 'j') ) oaj = " checked"; | |
| 368 | - if( strchr(zCap, 'k') ) oak = " checked"; | |
| 369 | - if( strchr(zCap, 'm') ) oam = " checked"; | |
| 370 | - if( strchr(zCap, 'n') ) oan = " checked"; | |
| 371 | - if( strchr(zCap, 'o') ) oao = " checked"; | |
| 372 | - if( strchr(zCap, 'p') ) oap = " checked"; | |
| 373 | - if( strchr(zCap, 'r') ) oar = " checked"; | |
| 374 | - if( strchr(zCap, 's') ) oas = " checked"; | |
| 375 | - if( strchr(zCap, 't') ) oat = " checked"; | |
| 376 | - if( strchr(zCap, 'u') ) oau = " checked"; | |
| 377 | - if( strchr(zCap, 'v') ) oav = " checked"; | |
| 378 | - if( strchr(zCap, 'w') ) oaw = " checked"; | |
| 379 | - if( strchr(zCap, 'z') ) oaz = " checked"; | |
| 358 | + if( strchr(zCap, 'a') ) oaa = " checked=\"checked\""; | |
| 359 | + if( strchr(zCap, 'b') ) oab = " checked=\"checked\""; | |
| 360 | + if( strchr(zCap, 'c') ) oac = " checked=\"checked\""; | |
| 361 | + if( strchr(zCap, 'd') ) oad = " checked=\"checked\""; | |
| 362 | + if( strchr(zCap, 'e') ) oae = " checked=\"checked\""; | |
| 363 | + if( strchr(zCap, 'f') ) oaf = " checked=\"checked\""; | |
| 364 | + if( strchr(zCap, 'g') ) oag = " checked=\"checked\""; | |
| 365 | + if( strchr(zCap, 'h') ) oah = " checked=\"checked\""; | |
| 366 | + if( strchr(zCap, 'i') ) oai = " checked=\"checked\""; | |
| 367 | + if( strchr(zCap, 'j') ) oaj = " checked=\"checked\""; | |
| 368 | + if( strchr(zCap, 'k') ) oak = " checked=\"checked\""; | |
| 369 | + if( strchr(zCap, 'm') ) oam = " checked=\"checked\""; | |
| 370 | + if( strchr(zCap, 'n') ) oan = " checked=\"checked\""; | |
| 371 | + if( strchr(zCap, 'o') ) oao = " checked=\"checked\""; | |
| 372 | + if( strchr(zCap, 'p') ) oap = " checked=\"checked\""; | |
| 373 | + if( strchr(zCap, 'r') ) oar = " checked=\"checked\""; | |
| 374 | + if( strchr(zCap, 's') ) oas = " checked=\"checked\""; | |
| 375 | + if( strchr(zCap, 't') ) oat = " checked=\"checked\""; | |
| 376 | + if( strchr(zCap, 'u') ) oau = " checked=\"checked\""; | |
| 377 | + if( strchr(zCap, 'v') ) oav = " checked=\"checked\""; | |
| 378 | + if( strchr(zCap, 'w') ) oaw = " checked=\"checked\""; | |
| 379 | + if( strchr(zCap, 'z') ) oaz = " checked=\"checked\""; | |
| 380 | 380 | } |
| 381 | 381 | |
| 382 | 382 | /* figure out inherited permissions */ |
| 383 | 383 | memset(inherit, 0, sizeof(inherit)); |
| 384 | 384 | if( strcmp(zLogin, "developer") ){ |
| 385 | 385 | char *z1, *z2; |
| 386 | 386 | z1 = z2 = db_text(0,"SELECT cap FROM user WHERE login='developer'"); |
| 387 | 387 | while( z1 && *z1 ){ |
| 388 | - inherit[0x7f & *(z1++)] = "<font color=\"red\">•</font>"; | |
| 388 | + inherit[0x7f & *(z1++)] = "<span class=\"ueditInheritDeveloper\">•</span>"; | |
| 389 | 389 | } |
| 390 | 390 | free(z2); |
| 391 | 391 | } |
| 392 | 392 | if( strcmp(zLogin, "reader") ){ |
| 393 | 393 | char *z1, *z2; |
| 394 | 394 | z1 = z2 = db_text(0,"SELECT cap FROM user WHERE login='reader'"); |
| 395 | 395 | while( z1 && *z1 ){ |
| 396 | - inherit[0x7f & *(z1++)] = "<font color=\"black\">•</font>"; | |
| 396 | + inherit[0x7f & *(z1++)] = "<span class=\"ueditInheritReader\">•</span>"; | |
| 397 | 397 | } |
| 398 | 398 | free(z2); |
| 399 | 399 | } |
| 400 | 400 | if( strcmp(zLogin, "anonymous") ){ |
| 401 | 401 | char *z1, *z2; |
| 402 | 402 | z1 = z2 = db_text(0,"SELECT cap FROM user WHERE login='anonymous'"); |
| 403 | 403 | while( z1 && *z1 ){ |
| 404 | - inherit[0x7f & *(z1++)] = "<font color=\"blue\">•</font>"; | |
| 404 | + inherit[0x7f & *(z1++)] = "<span class=\"ueditInheritAnonymous\">•</span>"; | |
| 405 | 405 | } |
| 406 | 406 | free(z2); |
| 407 | 407 | } |
| 408 | 408 | if( strcmp(zLogin, "nobody") ){ |
| 409 | 409 | char *z1, *z2; |
| 410 | 410 | z1 = z2 = db_text(0,"SELECT cap FROM user WHERE login='nobody'"); |
| 411 | 411 | while( z1 && *z1 ){ |
| 412 | - inherit[0x7f & *(z1++)] = "<font color=\"green\">•</font>"; | |
| 412 | + inherit[0x7f & *(z1++)] = "<span class=\"ueditInheritNobody\">•</span>"; | |
| 413 | 413 | } |
| 414 | 414 | free(z2); |
| 415 | 415 | } |
| 416 | 416 | |
| 417 | 417 | /* Begin generating the page |
| @@ -420,77 +420,79 @@ | ||
| 420 | 420 | if( uid ){ |
| 421 | 421 | style_header(mprintf("Edit User %h", zLogin)); |
| 422 | 422 | }else{ |
| 423 | 423 | style_header("Add A New User"); |
| 424 | 424 | } |
| 425 | - @ <table align="left" hspace="20" vspace="10"><tr><td> | |
| 426 | - @ <form action="%s(g.zPath)" method="POST"> | |
| 425 | + @ <div class="ueditCapBox"> | |
| 426 | + @ <form action="%s(g.zPath)" method="post"><div> | |
| 427 | 427 | login_insert_csrf_secret(); |
| 428 | 428 | @ <table> |
| 429 | 429 | @ <tr> |
| 430 | - @ <td align="right"><nobr>User ID:</nobr></td> | |
| 431 | - if( uid ){ | |
| 432 | - @ <td>%d(uid) <input type="hidden" name="id" value="%d(uid)"></td> | |
| 433 | - }else{ | |
| 434 | - @ <td>(new user)<input type="hidden" name="id" value=0></td> | |
| 435 | - } | |
| 436 | - @ </tr> | |
| 437 | - @ <tr> | |
| 438 | - @ <td align="right"><nobr>Login:</nobr></td> | |
| 439 | - @ <td><input type="text" name="login" value="%h(zLogin)"></td> | |
| 440 | - @ </tr> | |
| 441 | - @ <tr> | |
| 442 | - @ <td align="right"><nobr>Contact Info:</nobr></td> | |
| 443 | - @ <td><input type="text" name="info" size=40 value="%h(zInfo)"></td> | |
| 444 | - @ </tr> | |
| 445 | - @ <tr> | |
| 446 | - @ <td align="right" valign="top">Capabilities:</td> | |
| 430 | + @ <td class="usetupEditLabel">User ID:</td> | |
| 431 | + if( uid ){ | |
| 432 | + @ <td>%d(uid) <input type="hidden" name="id" value="%d(uid)" /></td> | |
| 433 | + }else{ | |
| 434 | + @ <td>(new user)<input type="hidden" name="id" value="0" /></td> | |
| 435 | + } | |
| 436 | + @ </tr> | |
| 437 | + @ <tr> | |
| 438 | + @ <td class="usetupEditLabel">Login:</td> | |
| 439 | + @ <td><input type="text" name="login" value="%h(zLogin)" /></td> | |
| 440 | + @ </tr> | |
| 441 | + @ <tr> | |
| 442 | + @ <td class="usetupEditLabel">Contact Info:</td> | |
| 443 | + @ <td><input type="text" name="info" size="40" value="%h(zInfo)" /></td> | |
| 444 | + @ </tr> | |
| 445 | + @ <tr> | |
| 446 | + @ <td class="usetupEditLabel">Capabilities:</td> | |
| 447 | 447 | @ <td> |
| 448 | 448 | #define B(x) inherit[x] |
| 449 | 449 | if( g.okSetup ){ |
| 450 | - @ <input type="checkbox" name="as"%s(oas)/>%s(B('s'))Setup<br> | |
| 451 | - } | |
| 452 | - @ <input type="checkbox" name="aa"%s(oaa)/>%s(B('a'))Admin<br> | |
| 453 | - @ <input type="checkbox" name="ad"%s(oad)/>%s(B('d'))Delete<br> | |
| 454 | - @ <input type="checkbox" name="ae"%s(oae)/>%s(B('e'))Email<br> | |
| 455 | - @ <input type="checkbox" name="ap"%s(oap)/>%s(B('p'))Password<br> | |
| 456 | - @ <input type="checkbox" name="ai"%s(oai)/>%s(B('i'))Check-In<br> | |
| 457 | - @ <input type="checkbox" name="ao"%s(oao)/>%s(B('o'))Check-Out<br> | |
| 458 | - @ <input type="checkbox" name="ah"%s(oah)/>%s(B('h'))History<br> | |
| 459 | - @ <input type="checkbox" name="au"%s(oau)/>%s(B('u'))Reader<br> | |
| 460 | - @ <input type="checkbox" name="av"%s(oav)/>%s(B('v'))Developer<br> | |
| 461 | - @ <input type="checkbox" name="ag"%s(oag)/>%s(B('g'))Clone<br> | |
| 462 | - @ <input type="checkbox" name="aj"%s(oaj)/>%s(B('j'))Read Wiki<br> | |
| 463 | - @ <input type="checkbox" name="af"%s(oaf)/>%s(B('f'))New Wiki<br> | |
| 464 | - @ <input type="checkbox" name="am"%s(oam)/>%s(B('m'))Append Wiki<br> | |
| 465 | - @ <input type="checkbox" name="ak"%s(oak)/>%s(B('k'))Write Wiki<br> | |
| 466 | - @ <input type="checkbox" name="ab"%s(oab)/>%s(B('b'))Attachments<br> | |
| 467 | - @ <input type="checkbox" name="ar"%s(oar)/>%s(B('r'))Read Ticket<br> | |
| 468 | - @ <input type="checkbox" name="an"%s(oan)/>%s(B('n'))New Ticket<br> | |
| 469 | - @ <input type="checkbox" name="ac"%s(oac)/>%s(B('c'))Append Ticket<br> | |
| 470 | - @ <input type="checkbox" name="aw"%s(oaw)/>%s(B('w'))Write Ticket<br> | |
| 471 | - @ <input type="checkbox" name="at"%s(oat)/>%s(B('t'))Ticket Report<br> | |
| 472 | - @ <input type="checkbox" name="az"%s(oaz)/>%s(B('z'))Download Zip | |
| 450 | + @ <input type="checkbox" name="as"%s(oas) />%s(B('s'))Setup<br /> | |
| 451 | + } | |
| 452 | + @ <input type="checkbox" name="aa"%s(oaa) />%s(B('a'))Admin<br /> | |
| 453 | + @ <input type="checkbox" name="ad"%s(oad) />%s(B('d'))Delete<br /> | |
| 454 | + @ <input type="checkbox" name="ae"%s(oae) />%s(B('e'))Email<br /> | |
| 455 | + @ <input type="checkbox" name="ap"%s(oap) />%s(B('p'))Password<br /> | |
| 456 | + @ <input type="checkbox" name="ai"%s(oai) />%s(B('i'))Check-In<br /> | |
| 457 | + @ <input type="checkbox" name="ao"%s(oao) />%s(B('o'))Check-Out<br /> | |
| 458 | + @ <input type="checkbox" name="ah"%s(oah) />%s(B('h'))History<br /> | |
| 459 | + @ <input type="checkbox" name="au"%s(oau) />%s(B('u'))Reader<br /> | |
| 460 | + @ <input type="checkbox" name="av"%s(oav) />%s(B('v'))Developer<br /> | |
| 461 | + @ <input type="checkbox" name="ag"%s(oag) />%s(B('g'))Clone<br /> | |
| 462 | + @ <input type="checkbox" name="aj"%s(oaj) />%s(B('j'))Read Wiki<br /> | |
| 463 | + @ <input type="checkbox" name="af"%s(oaf) />%s(B('f'))New Wiki<br /> | |
| 464 | + @ <input type="checkbox" name="am"%s(oam) />%s(B('m'))Append Wiki<br /> | |
| 465 | + @ <input type="checkbox" name="ak"%s(oak) />%s(B('k'))Write Wiki<br /> | |
| 466 | + @ <input type="checkbox" name="ab"%s(oab) />%s(B('b'))Attachments<br /> | |
| 467 | + @ <input type="checkbox" name="ar"%s(oar) />%s(B('r'))Read Ticket<br /> | |
| 468 | + @ <input type="checkbox" name="an"%s(oan) />%s(B('n'))New Ticket<br /> | |
| 469 | + @ <input type="checkbox" name="ac"%s(oac) />%s(B('c'))Append Ticket<br /> | |
| 470 | + @ <input type="checkbox" name="aw"%s(oaw) />%s(B('w'))Write Ticket<br /> | |
| 471 | + @ <input type="checkbox" name="at"%s(oat) />%s(B('t'))Ticket Report<br /> | |
| 472 | + @ <input type="checkbox" name="az"%s(oaz) />%s(B('z'))Download Zip | |
| 473 | 473 | @ </td> |
| 474 | 474 | @ </tr> |
| 475 | 475 | @ <tr> |
| 476 | 476 | @ <td align="right">Password:</td> |
| 477 | 477 | if( zPw[0] ){ |
| 478 | 478 | /* Obscure the password for all users */ |
| 479 | - @ <td><input type="password" name="pw" value="**********"></td> | |
| 479 | + @ <td><input type="password" name="pw" value="**********" /></td> | |
| 480 | 480 | }else{ |
| 481 | 481 | /* Show an empty password as an empty input field */ |
| 482 | - @ <td><input type="password" name="pw" value=""></td> | |
| 482 | + @ <td><input type="password" name="pw" value="" /></td> | |
| 483 | 483 | } |
| 484 | 484 | @ </tr> |
| 485 | 485 | if( !higherUser ){ |
| 486 | 486 | @ <tr> |
| 487 | - @ <td> </td> | |
| 488 | - @ <td><input type="submit" name="submit" value="Apply Changes"> | |
| 487 | + @ <td> </td> | |
| 488 | + @ <td><input type="submit" name="submit" value="Apply Changes" /></td> | |
| 489 | 489 | @ </tr> |
| 490 | 490 | } |
| 491 | - @ </table></td></tr></table> | |
| 491 | + @ </table> | |
| 492 | + @ </div></form> | |
| 493 | + @ </div> | |
| 492 | 494 | @ <h2>Privileges And Capabilities:</h2> |
| 493 | 495 | @ <ul> |
| 494 | 496 | if( higherUser ){ |
| 495 | 497 | @ <li><p><font color="blue"><b> |
| 496 | 498 | @ User %h(zLogin) has Setup privileges and you only have Admin privileges |
| @@ -497,95 +499,97 @@ | ||
| 497 | 499 | @ so you are not permitted to make changes to %h(zLogin). |
| 498 | 500 | @ </b></font></p></li> |
| 499 | 501 | @ |
| 500 | 502 | } |
| 501 | 503 | @ <li><p> |
| 502 | - @ The <b>Setup</b> user can make arbitrary configuration changes. | |
| 503 | - @ An <b>Admin</b> user can add other users and change user privileges | |
| 504 | + @ The <span class="capability">Setup</span> user can make arbitrary configuration changes. | |
| 505 | + @ An <span class="usertype">Admin</span> user can add other users and change user privileges | |
| 504 | 506 | @ and reset user passwords. Both automatically get all other privileges |
| 505 | 507 | @ listed below. Use these two settings with discretion. |
| 506 | 508 | @ </p></li> |
| 507 | 509 | @ |
| 508 | 510 | @ <li><p> |
| 509 | - @ The "<font color="green"><big>•</big></font>" mark indicates | |
| 510 | - @ the privileges of "nobody" that are available to all users | |
| 511 | + @ The "<span class="ueditInheritNobody"><big>•</big></span>" mark indicates | |
| 512 | + @ the privileges of <span class="usertype">nobody</span> that are available to all users | |
| 511 | 513 | @ regardless of whether or not they are logged in. |
| 512 | 514 | @ </p></li> |
| 513 | 515 | @ |
| 514 | 516 | @ <li><p> |
| 515 | - @ The "<font color="blue"><big>•</big></font>" mark indicates | |
| 516 | - @ the privileges of "anonymous" that are inherited by all logged-in users. | |
| 517 | + @ The "<span class="ueditInheritAnonymous"><big>•</big></span>" mark indicates | |
| 518 | + @ the privileges of <span class="usertype">anonymous</span> that are inherited by all logged-in users. | |
| 519 | + @ </p></li> | |
| 520 | + @ | |
| 521 | + @ <li><p> | |
| 522 | + @ The "<span class="ueditInheritDeveloper"><big>•</big></span>" mark indicates | |
| 523 | + @ the privileges of <span class="usertype">developer</span> that are inherited by all users with | |
| 524 | + @ the <span class="capability">Developer</span> privilege. | |
| 517 | 525 | @ </p></li> |
| 518 | 526 | @ |
| 519 | 527 | @ <li><p> |
| 520 | - @ The "<font color="red"><big>•</big></font>" mark indicates | |
| 521 | - @ the privileges of "developer" that are inherited by all users with | |
| 522 | - @ the <b>Developer</b> privilege. | |
| 528 | + @ The "<span class="ueditInheritReader"><big>•</big></span>" mark indicates | |
| 529 | + @ the privileges of <span class="usertype">reader</span> that are inherited by all users with | |
| 530 | + @ the <span class="capability">Reader</span> privilege. | |
| 523 | 531 | @ </p></li> |
| 524 | 532 | @ |
| 525 | 533 | @ <li><p> |
| 526 | - @ The "<font color="black"><big>•</big></font>" mark indicates | |
| 527 | - @ the privileges of "reader" that are inherited by all users with | |
| 528 | - @ the <b>Reader</b> privilege. | |
| 529 | - @ </p></li> | |
| 530 | - @ | |
| 531 | - @ <li><p> | |
| 532 | - @ The <b>Delete</b> privilege give the user the ability to erase | |
| 534 | + @ The <span class="capability">Delete</span> privilege give the user the ability to erase | |
| 533 | 535 | @ wiki, tickets, and attachments that have been added by anonymous |
| 534 | 536 | @ users. This capability is intended for deletion of spam. The |
| 535 | 537 | @ delete capability is only in effect for 24 hours after the item |
| 536 | - @ is first posted. The Setup user can delete anything at any time. | |
| 538 | + @ is first posted. The <span class="usertype">Setup</span> user can delete anything at any time. | |
| 537 | 539 | @ </p></li> |
| 538 | 540 | @ |
| 539 | 541 | @ <li><p> |
| 540 | - @ The <b>History</b> privilege allows a user to see most hyperlinks. | |
| 542 | + @ The <span class="capability">History</span> privilege allows a user to see most hyperlinks. | |
| 541 | 543 | @ This is recommended ON for most logged-in users but OFF for |
| 542 | 544 | @ user "nobody" to avoid problems with spiders trying to walk every |
| 543 | 545 | @ historical version of every baseline and file. |
| 544 | 546 | @ </p></li> |
| 545 | 547 | @ |
| 546 | 548 | @ <li><p> |
| 547 | - @ The <b>Zip</b> privilege allows a user to see the "download as ZIP" | |
| 549 | + @ The <span class="capability">Zip</span> privilege allows a user to see the "download as ZIP" | |
| 548 | 550 | @ hyperlink and permits access to the <tt>/zip</tt> page. This allows |
| 549 | 551 | @ users to download ZIP archives without granting other rights like |
| 550 | - @ <b>Read</b> or <b>History</b>. This privilege is recommended for | |
| 551 | - @ user <b>nobody</b> so that automatic package downloaders can obtain | |
| 552 | + @ <span class="capability">Read</span> or <span class="capability">History</span>. This privilege is recommended for | |
| 553 | + @ user <span class="usertype">nobody</span> so that automatic package downloaders can obtain | |
| 552 | 554 | @ the sources without going through the login procedure. |
| 553 | 555 | @ </p></li> |
| 554 | 556 | @ |
| 555 | 557 | @ <li><p> |
| 556 | - @ The <b>Check-in</b> privilege allows remote users to "push". | |
| 557 | - @ The <b>Check-out</b> privilege allows remote users to "pull". | |
| 558 | - @ The <b>Clone</b> privilege allows remote users to "clone". | |
| 559 | - @ </li><p> | |
| 558 | + @ The <span class="capability">Check-in</span> privilege allows remote users to "push". | |
| 559 | + @ The <span class="capability">Check-out</span> privilege allows remote users to "pull". | |
| 560 | + @ The <span class="capability">Clone</span> privilege allows remote users to "clone". | |
| 561 | + @ </p></li> | |
| 560 | 562 | @ |
| 561 | 563 | @ <li><p> |
| 562 | - @ The <b>Read Wiki</b>, <b>New Wiki</b>, <b>Append Wiki</b>, and | |
| 564 | + @ The <span class="capability">Read Wiki</span>, <span class="capability">New Wiki</span>, <span class="capability">Append Wiki</span>, and | |
| 563 | 565 | @ <b>Write Wiki</b> privileges control access to wiki pages. The |
| 564 | - @ <b>Read Ticket</b>, <b>New Ticket</b>, <b>Append Ticket</b>, and | |
| 565 | - @ <b>Write Ticket</b> privileges control access to trouble tickets. | |
| 566 | - @ The <b>Ticket Report</b> privilege allows the user to create or edit | |
| 566 | + @ <span class="capability">Read Ticket</span>, <span class="capability">New Ticket</span>, <span class="capability">Append Ticket</span>, and | |
| 567 | + @ <span class="capability">Write Ticket</span> privileges control access to trouble tickets. | |
| 568 | + @ The <span class="capability">Ticket Report</span> privilege allows the user to create or edit | |
| 567 | 569 | @ ticket report formats. |
| 568 | 570 | @ </p></li> |
| 569 | 571 | @ |
| 570 | 572 | @ <li><p> |
| 571 | - @ Users with the <b>Password</b> privilege are allowed to change their | |
| 572 | - @ own password. Recommended ON for most users but OFF for special | |
| 573 | - @ users "developer", "anonymous", and "nobody". | |
| 573 | + @ Users with the <span class="capability">Password</span> privilege are allowed | |
| 574 | + @ to change their own password. Recommended ON for most users but OFF for special | |
| 575 | + @ users <span class="usertype">developer</span>, <span class="usertype">anonymous</span>, | |
| 576 | + @ and <span class="usertype">nobody</span>. | |
| 574 | 577 | @ </p></li> |
| 575 | 578 | @ |
| 576 | 579 | @ <li><p> |
| 577 | - @ The <b>EMail</b> privilege allows the display of sensitive information | |
| 578 | - @ such as the email address of users and contact information on tickets. | |
| 579 | - @ Recommended OFF for "anonymous" and for "nobody" but ON for | |
| 580 | - @ "developer". | |
| 580 | + @ The <span class="capability">EMail</span> privilege allows the display of | |
| 581 | + @ sensitive information such as the email address of users and contact information | |
| 582 | + @ on tickets. Recommended OFF for <span class="usertype">anonymousy</span> and for | |
| 583 | + @ <span class="usertype">nobody</span> but ON for <span class="usertype">developer</span>. | |
| 581 | 584 | @ </p></li> |
| 582 | 585 | @ |
| 583 | 586 | @ <li><p> |
| 584 | - @ The <b>Attachment</b> privilege is needed in order to add attachments | |
| 585 | - @ to tickets or wiki. Write privilege on the ticket or wiki is also | |
| 586 | - @ required.</p></li> | |
| 587 | + @ The <span class="capability">Attachment</span> privilege is needed in order to | |
| 588 | + @ add attachments to tickets or wiki. Write privilege on the ticket or wiki is | |
| 589 | + @ also required. | |
| 590 | + @ </p></li> | |
| 587 | 591 | @ |
| 588 | 592 | @ <li><p> |
| 589 | 593 | @ Login is prohibited if the password is an empty string. |
| 590 | 594 | @ </p></li> |
| 591 | 595 | @ </ul> |
| @@ -592,42 +596,42 @@ | ||
| 592 | 596 | @ |
| 593 | 597 | @ <h2>Special Logins</h2> |
| 594 | 598 | @ |
| 595 | 599 | @ <ul> |
| 596 | 600 | @ <li><p> |
| 597 | - @ No login is required for user "<b>nobody</b>". The capabilities | |
| 598 | - @ of the <b>nobody</b> user are inherited by all users, regardless of | |
| 599 | - @ whether or not they are logged in. To disable universal access | |
| 600 | - @ to the repository, make sure no user named "<b>nobody</b>" exists or | |
| 601 | - @ that the <b>nobody</b> user has no capabilities enabled. | |
| 602 | - @ The password for <b>nobody</b> is ignore. To avoid problems with | |
| 603 | - @ spiders overloading the server, it is recommended | |
| 604 | - @ that the 'h' (History) capability be turned off for the <b>nobody</b> | |
| 605 | - @ user. | |
| 606 | - @ </p></li> | |
| 607 | - @ | |
| 608 | - @ <li><p> | |
| 609 | - @ Login is required for user "<b>anonymous</b>" but the password | |
| 610 | - @ is displayed on the login screen beside the password entry box | |
| 611 | - @ so anybody who can read should be able to login as anonymous. | |
| 612 | - @ On the other hand, spiders and web-crawlers will typically not | |
| 613 | - @ be able to login. Set the capabilities of the anonymous user | |
| 614 | - @ to things that you want any human to be able to do, but not any | |
| 615 | - @ spider. Every other logged-in user inherits the privileges of | |
| 616 | - @ <b>anonymous</b>. | |
| 617 | - @ </p></li> | |
| 618 | - @ | |
| 619 | - @ <li><p> | |
| 620 | - @ The "<b>developer</b>" user is intended as a template for trusted users | |
| 621 | - @ with check-in privileges. When adding new trusted users, simply | |
| 622 | - @ select the <b>Developer</b> privilege to cause the new user to inherit | |
| 623 | - @ all privileges of the "developer" user. Similarly, the "<b>reader</b>" | |
| 624 | - @ user is a template for users who are allowed more access than anonymous, | |
| 625 | - @ but less than a developer. | |
| 626 | - @ </p></li> | |
| 627 | - @ </ul> | |
| 628 | - @ </form> | |
| 601 | + @ No login is required for user <span class="usertype">nobody</span>. The | |
| 602 | + @ capabilities of the <span class="usertype">nobody</span> user are inherited by | |
| 603 | + @ all users, regardless of whether or not they are logged in. To disable universal | |
| 604 | + @ access to the repository, make sure no user named <span class="usertype">nobody</span> | |
| 605 | + @ exists or that the <span class="usertype">nobody</span> user has no capabilities | |
| 606 | + @ enabled. The password for <span class="usertype">nobody</span> is ignore. To | |
| 607 | + @ avoid problems with spiders overloading the server, it is recommended | |
| 608 | + @ that the <span class="capability">h</span> (History) capability be turned off | |
| 609 | + @ for the <span class="usertype">nobody</span> user. | |
| 610 | + @ </p></li> | |
| 611 | + @ | |
| 612 | + @ <li><p> | |
| 613 | + @ Login is required for user <span class="usertype">anonymous</span> but the | |
| 614 | + @ password is displayed on the login screen beside the password entry box | |
| 615 | + @ so anybody who can read should be able to login as anonymous. | |
| 616 | + @ On the other hand, spiders and web-crawlers will typically not | |
| 617 | + @ be able to login. Set the capabilities of the <span class="usertype">anonymous</span> | |
| 618 | + @ user to things that you want any human to be able to do, but not any | |
| 619 | + @ spider. Every other logged-in user inherits the privileges of | |
| 620 | + @ <span class="usertype">anonymous</span>. | |
| 621 | + @ </p></li> | |
| 622 | + @ | |
| 623 | + @ <li><p> | |
| 624 | + @ The <span class="usertype">developer</span> user is intended as a template | |
| 625 | + @ for trusted users with check-in privileges. When adding new trusted users, | |
| 626 | + @ simply select the <span class="capability">developer</span> privilege to cause | |
| 627 | + @ the new user to inherit all privileges of the <span class="usertype">developer</span> | |
| 628 | + @ user. Similarly, the <span class="usertype">reader</span> user is a template | |
| 629 | + @ for users who are allowed more access than <span class="usertype">anonymous</span>, | |
| 630 | + @ but less than a <span class="usertype">developer</span>. | |
| 631 | + @ </p></li> | |
| 632 | + @ </ul> | |
| 629 | 633 | style_footer(); |
| 630 | 634 | } |
| 631 | 635 | |
| 632 | 636 | |
| 633 | 637 | /* |
| @@ -651,13 +655,13 @@ | ||
| 651 | 655 | db_set(zVar, iQ ? "1" : "0", 0); |
| 652 | 656 | iVal = iQ; |
| 653 | 657 | } |
| 654 | 658 | } |
| 655 | 659 | if( iVal ){ |
| 656 | - @ <input type="checkbox" name="%s(zQParm)" checked><b>%s(zLabel)</b></input> | |
| 660 | + @ <input type="checkbox" name="%s(zQParm)" checked="checked" /><b>%s(zLabel)</b> | |
| 657 | 661 | }else{ |
| 658 | - @ <input type="checkbox" name="%s(zQParm)"><b>%s(zLabel)</b></input> | |
| 662 | + @ <input type="checkbox" name="%s(zQParm)" /><b>%s(zLabel)</b> | |
| 659 | 663 | } |
| 660 | 664 | } |
| 661 | 665 | |
| 662 | 666 | /* |
| 663 | 667 | ** Generate an entry box for an attribute. |
| @@ -674,11 +678,11 @@ | ||
| 674 | 678 | if( zQ && strcmp(zQ,zVal)!=0 ){ |
| 675 | 679 | login_verify_csrf_secret(); |
| 676 | 680 | db_set(zVar, zQ, 0); |
| 677 | 681 | zVal = zQ; |
| 678 | 682 | } |
| 679 | - @ <input type="text" name="%s(zQParm)" value="%h(zVal)" size="%d(width)"> | |
| 683 | + @ <input type="text" name="%s(zQParm)" value="%h(zVal)" size="%d(width)" /> | |
| 680 | 684 | @ <b>%s(zLabel)</b> |
| 681 | 685 | } |
| 682 | 686 | |
| 683 | 687 | /* |
| 684 | 688 | ** Generate a text box for an attribute. |
| @@ -715,57 +719,57 @@ | ||
| 715 | 719 | login_needed(); |
| 716 | 720 | } |
| 717 | 721 | |
| 718 | 722 | style_header("Access Control Settings"); |
| 719 | 723 | db_begin_transaction(); |
| 720 | - @ <form action="%s(g.zBaseURL)/setup_access" method="POST"> | |
| 724 | + @ <form action="%s(g.zBaseURL)/setup_access" method="post"><div> | |
| 721 | 725 | login_insert_csrf_secret(); |
| 722 | - @ <hr> | |
| 726 | + @ <hr /> | |
| 723 | 727 | onoff_attribute("Require password for local access", |
| 724 | 728 | "localauth", "localauth", 0); |
| 725 | 729 | @ <p>When enabled, the password sign-in is required for |
| 726 | 730 | @ web access coming from 127.0.0.1. When disabled, web access |
| 727 | 731 | @ from 127.0.0.1 is allows without any login - the user id is selected |
| 728 | 732 | @ from the ~/.fossil database. Password login is always required |
| 729 | 733 | @ for incoming web connections on internet addresses other than |
| 730 | - @ 127.0.0.1.</p></li> | |
| 734 | + @ 127.0.0.1.</p> | |
| 731 | 735 | |
| 732 | - @ <hr> | |
| 736 | + @ <hr /> | |
| 733 | 737 | onoff_attribute("Allow REMOTE_USER authentication", |
| 734 | 738 | "remote_user_ok", "remote_user_ok", 0); |
| 735 | 739 | @ <p>When enabled, if the REMOTE_USER environment variable is set to the |
| 736 | 740 | @ login name of a valid user and no other login credentials are available, |
| 737 | 741 | @ then the REMOTE_USER is accepted as an authenticated user. |
| 738 | - @ </p></li> | |
| 742 | + @ </p> | |
| 739 | 743 | |
| 740 | - @ <hr> | |
| 744 | + @ <hr /> | |
| 741 | 745 | entry_attribute("Login expiration time", 6, "cookie-expire", "cex", "8766"); |
| 742 | 746 | @ <p>The number of hours for which a login is valid. This must be a |
| 743 | 747 | @ positive number. The default is 8760 hours which is approximately equal |
| 744 | 748 | @ to a year.</p> |
| 745 | 749 | |
| 746 | - @ <hr> | |
| 750 | + @ <hr /> | |
| 747 | 751 | entry_attribute("Download packet limit", 10, "max-download", "mxdwn", |
| 748 | 752 | "5000000"); |
| 749 | 753 | @ <p>Fossil tries to limit out-bound sync, clone, and pull packets |
| 750 | 754 | @ to this many bytes, uncompressed. If the client requires more data |
| 751 | 755 | @ than this, then the client will issue multiple HTTP requests. |
| 752 | 756 | @ Values below 1 million are not recommended. 5 million is a |
| 753 | 757 | @ reasonable number.</p> |
| 754 | 758 | |
| 755 | - @ <hr> | |
| 759 | + @ <hr /> | |
| 756 | 760 | onoff_attribute("Show javascript button to fill in CAPTCHA", |
| 757 | 761 | "auto-captcha", "autocaptcha", 0); |
| 758 | 762 | @ <p>When enabled, a button appears on the login screen for user |
| 759 | 763 | @ "anonymous" that will automatically fill in the CAPTCHA password. |
| 760 | 764 | @ This is less secure that forcing the user to do it manually, but is |
| 761 | 765 | @ probably secure enough and it is certainly more convenient for |
| 762 | 766 | @ anonymous users.</p> |
| 763 | 767 | |
| 764 | - @ <hr> | |
| 765 | - @ <p><input type="submit" name="submit" value="Apply Changes"></p> | |
| 766 | - @ </form> | |
| 768 | + @ <hr /> | |
| 769 | + @ <p><input type="submit" name="submit" value="Apply Changes" /></p> | |
| 770 | + @ </div></form> | |
| 767 | 771 | db_end_transaction(0); |
| 768 | 772 | style_footer(); |
| 769 | 773 | } |
| 770 | 774 | |
| 771 | 775 | /* |
| @@ -777,42 +781,42 @@ | ||
| 777 | 781 | login_needed(); |
| 778 | 782 | } |
| 779 | 783 | |
| 780 | 784 | style_header("Timeline Display Preferences"); |
| 781 | 785 | db_begin_transaction(); |
| 782 | - @ <form action="%s(g.zBaseURL)/setup_timeline" method="POST"> | |
| 786 | + @ <form action="%s(g.zBaseURL)/setup_timeline" method="post"><div> | |
| 783 | 787 | login_insert_csrf_secret(); |
| 784 | 788 | |
| 785 | - @ <hr> | |
| 789 | + @ <hr /> | |
| 786 | 790 | onoff_attribute("Allow block-markup in timeline", |
| 787 | 791 | "timeline-block-markup", "tbm", 0); |
| 788 | 792 | @ <p>In timeline displays, check-in comments can be displayed with or |
| 789 | 793 | @ without block markup (paragraphs, tables, etc.)</p> |
| 790 | 794 | |
| 791 | - @ <hr> | |
| 795 | + @ <hr /> | |
| 792 | 796 | onoff_attribute("Use Universal Coordinated Time (UTC)", |
| 793 | 797 | "timeline-utc", "utc", 1); |
| 794 | 798 | @ <p>Show times as UTC (also sometimes called Greenwich Mean Time (GMT) or |
| 795 | 799 | @ Zulu) instead of in local time.</p> |
| 796 | 800 | |
| 797 | - @ <hr> | |
| 801 | + @ <hr /> | |
| 798 | 802 | onoff_attribute("Show version differences by default", |
| 799 | 803 | "show-version-diffs", "vdiff", 0); |
| 800 | 804 | @ <p>On the version-information pages linked from the timeline can either |
| 801 | 805 | @ show complete diffs of all file changes, or can just list the names of |
| 802 | 806 | @ the files that have changed. Users can get to either page by |
| 803 | 807 | @ clicking. This setting selects the default.</p> |
| 804 | 808 | |
| 805 | - @ <hr> | |
| 809 | + @ <hr /> | |
| 806 | 810 | entry_attribute("Max timeline comment length", 6, |
| 807 | 811 | "timeline-max-comment", "tmc", "0"); |
| 808 | 812 | @ <p>The maximum length of a comment to be displayed in a timeline. |
| 809 | 813 | @ "0" there is no length limit.</p> |
| 810 | 814 | |
| 811 | - @ <hr> | |
| 812 | - @ <p><input type="submit" name="submit" value="Apply Changes"></p> | |
| 813 | - @ </form> | |
| 815 | + @ <hr /> | |
| 816 | + @ <p><input type="submit" name="submit" value="Apply Changes" /></p> | |
| 817 | + @ </div></form> | |
| 814 | 818 | db_end_transaction(0); |
| 815 | 819 | style_footer(); |
| 816 | 820 | } |
| 817 | 821 | |
| 818 | 822 | /* |
| @@ -824,11 +828,11 @@ | ||
| 824 | 828 | login_needed(); |
| 825 | 829 | } |
| 826 | 830 | |
| 827 | 831 | style_header("WWW Configuration"); |
| 828 | 832 | db_begin_transaction(); |
| 829 | - @ <form action="%s(g.zBaseURL)/setup_config" method="POST"> | |
| 833 | + @ <form action="%s(g.zBaseURL)/setup_config" method="post"><div> | |
| 830 | 834 | login_insert_csrf_secret(); |
| 831 | 835 | @ <hr /> |
| 832 | 836 | entry_attribute("Project Name", 60, "project-name", "pn", ""); |
| 833 | 837 | @ <p>Give your project a name so visitors know what this site is about. |
| 834 | 838 | @ The project name will also be used as the RSS feed title.</p> |
| @@ -841,16 +845,16 @@ | ||
| 841 | 845 | entry_attribute("Index Page", 60, "index-page", "idxpg", "/home"); |
| 842 | 846 | @ <p>Enter the pathname of the page to display when the "Home" menu |
| 843 | 847 | @ option is selected and when no pathname is |
| 844 | 848 | @ specified in the URL. For example, if you visit the url:</p> |
| 845 | 849 | @ |
| 846 | - @ <blockquote>%h(g.zBaseURL)</blockquote> | |
| 850 | + @ <blockquote><p>%h(g.zBaseURL)</p></blockquote> | |
| 847 | 851 | @ |
| 848 | 852 | @ <p>And you have specified an index page of "/home" the above will |
| 849 | 853 | @ automatically redirect to:</p> |
| 850 | 854 | @ |
| 851 | - @ <blockquote>%h(g.zBaseURL)/home</blockquote> | |
| 855 | + @ <blockquote><p>%h(g.zBaseURL)/home</p></blockquote> | |
| 852 | 856 | @ |
| 853 | 857 | @ <p>The default "/home" page displays a Wiki page with the same name |
| 854 | 858 | @ as the Project Name specified above. Some sites prefer to redirect |
| 855 | 859 | @ to a documentation page (ex: "/doc/tip/index.wiki") or to "/timeline".</p> |
| 856 | 860 | @ <hr /> |
| @@ -865,12 +869,12 @@ | ||
| 865 | 869 | @ users to inject dangerous HTML, CSS and JavaScript code into your wiki.</p> |
| 866 | 870 | @ <p>This should <strong>only</strong> be enabled when wiki editing is limited |
| 867 | 871 | @ to trusted users. It should <strong>not</strong> be used on a publically |
| 868 | 872 | @ editable wiki.</p> |
| 869 | 873 | @ <hr /> |
| 870 | - @ <p><input type="submit" name="submit" value="Apply Changes"></p> | |
| 871 | - @ </form> | |
| 874 | + @ <p><input type="submit" name="submit" value="Apply Changes" /></p> | |
| 875 | + @ </div></form> | |
| 872 | 876 | db_end_transaction(0); |
| 873 | 877 | style_footer(); |
| 874 | 878 | } |
| 875 | 879 | |
| 876 | 880 | /* |
| @@ -931,21 +935,21 @@ | ||
| 931 | 935 | cgi_replace_parameter("header", zDefaultHeader); |
| 932 | 936 | }else{ |
| 933 | 937 | textarea_attribute(0, 0, 0, "header", "header", zDefaultHeader); |
| 934 | 938 | } |
| 935 | 939 | style_header("Edit Page Header"); |
| 936 | - @ <form action="%s(g.zBaseURL)/setup_header" method="POST"> | |
| 940 | + @ <form action="%s(g.zBaseURL)/setup_header" method="post"><div> | |
| 937 | 941 | login_insert_csrf_secret(); |
| 938 | 942 | @ <p>Edit HTML text with embedded TH1 (a TCL dialect) that will be used to |
| 939 | 943 | @ generate the beginning of every page through start of the main |
| 940 | 944 | @ menu.</p> |
| 941 | 945 | textarea_attribute("", 40, 80, "header", "header", zDefaultHeader); |
| 942 | 946 | @ <br /> |
| 943 | - @ <input type="submit" name="submit" value="Apply Changes"> | |
| 944 | - @ <input type="submit" name="clear" value="Revert To Default"> | |
| 945 | - @ </form> | |
| 946 | - @ <hr> | |
| 947 | + @ <input type="submit" name="submit" value="Apply Changes" /> | |
| 948 | + @ <input type="submit" name="clear" value="Revert To Default" /> | |
| 949 | + @ </div></form> | |
| 950 | + @ <hr /> | |
| 947 | 951 | @ The default header is shown below for reference. Other examples |
| 948 | 952 | @ of headers can be seen on the <a href="setup_skin">skins page</a>. |
| 949 | 953 | @ See also the <a href="setup_editcss">CSS</a> and |
| 950 | 954 | @ <a href="setup_footer">footer</a> editing screeens. |
| 951 | 955 | @ <blockquote><pre> |
| @@ -969,20 +973,20 @@ | ||
| 969 | 973 | cgi_replace_parameter("footer", zDefaultFooter); |
| 970 | 974 | }else{ |
| 971 | 975 | textarea_attribute(0, 0, 0, "footer", "footer", zDefaultFooter); |
| 972 | 976 | } |
| 973 | 977 | style_header("Edit Page Footer"); |
| 974 | - @ <form action="%s(g.zBaseURL)/setup_footer" method="POST"> | |
| 978 | + @ <form action="%s(g.zBaseURL)/setup_footer" method="post"><div> | |
| 975 | 979 | login_insert_csrf_secret(); |
| 976 | 980 | @ <p>Edit HTML text with embedded TH1 (a TCL dialect) that will be used to |
| 977 | 981 | @ generate the end of every page.</p> |
| 978 | 982 | textarea_attribute("", 20, 80, "footer", "footer", zDefaultFooter); |
| 979 | 983 | @ <br /> |
| 980 | - @ <input type="submit" name="submit" value="Apply Changes"> | |
| 981 | - @ <input type="submit" name="clear" value="Revert To Default"> | |
| 982 | - @ </form> | |
| 983 | - @ <hr> | |
| 984 | + @ <input type="submit" name="submit" value="Apply Changes" /> | |
| 985 | + @ <input type="submit" name="clear" value="Revert To Default" /> | |
| 986 | + @ </div></form> | |
| 987 | + @ <hr /> | |
| 984 | 988 | @ The default footer is shown below for reference. Other examples |
| 985 | 989 | @ of footers can be seen on the <a href="setup_skin">skins page</a>. |
| 986 | 990 | @ See also the <a href="setup_editcss">CSS</a> and |
| 987 | 991 | @ <a href="setup_header">header</a> editing screens. |
| 988 | 992 | @ <blockquote><pre> |
| @@ -1032,31 +1036,31 @@ | ||
| 1032 | 1036 | cgi_redirect("setup_logo"); |
| 1033 | 1037 | } |
| 1034 | 1038 | style_header("Edit Project Logo"); |
| 1035 | 1039 | @ <p>The current project logo has a MIME-Type of <b>%h(zMime)</b> and looks |
| 1036 | 1040 | @ like this:</p> |
| 1037 | - @ <blockquote><img src="%s(g.zTop)/logo" alt="logo"></blockquote> | |
| 1041 | + @ <blockquote><p><img src="%s(g.zTop)/logo" alt="logo" /></p></blockquote> | |
| 1038 | 1042 | @ |
| 1039 | 1043 | @ <p>The logo is accessible to all users at this URL: |
| 1040 | 1044 | @ <a href="%s(g.zBaseURL)/logo">%s(g.zBaseURL)/logo</a>. |
| 1041 | 1045 | @ The logo may or may not appear on each |
| 1042 | 1046 | @ page depending on the <a href="setup_editcss">CSS</a> and |
| 1043 | 1047 | @ <a href="setup_header">header setup</a>.</p> |
| 1044 | 1048 | @ |
| 1045 | - @ <form action="%s(g.zBaseURL)/setup_logo" method="POST" | |
| 1046 | - @ enctype="multipart/form-data"> | |
| 1049 | + @ <form action="%s(g.zBaseURL)/setup_logo" method="post" | |
| 1050 | + @ enctype="multipart/form-data"><div> | |
| 1047 | 1051 | @ <p>To set a new logo image, select a file to use as the logo using |
| 1048 | 1052 | @ the entry box below and then press the "Change Logo" button.</p> |
| 1049 | 1053 | login_insert_csrf_secret(); |
| 1050 | 1054 | @ Logo Image file: |
| 1051 | - @ <input type="file" name="im" size="60" accepts="image/*"><br> | |
| 1052 | - @ <input type="submit" name="set" value="Change Logo"> | |
| 1053 | - @ <input type="submit" name="clr" value="Revert To Default"> | |
| 1054 | - @ </form> | |
| 1055 | + @ <input type="file" name="im" size="60" accept="image/*" /><br /> | |
| 1056 | + @ <input type="submit" name="set" value="Change Logo" /> | |
| 1057 | + @ <input type="submit" name="clr" value="Revert To Default" /> | |
| 1058 | + @ </div></form> | |
| 1055 | 1059 | @ |
| 1056 | 1060 | @ <p><span class="note">Note:</span> Your browser has probably cached the logo image, so |
| 1057 | 1061 | @ you will probably need to press the Reload button on your browser after |
| 1058 | 1062 | @ changing the logo to provoke your browser to reload the new logo image. |
| 1059 | 1063 | @ </p> |
| 1060 | 1064 | style_footer(); |
| 1061 | 1065 | db_end_transaction(0); |
| 1062 | 1066 | } |
| 1063 | 1067 |
| --- src/setup.c | |
| +++ src/setup.c | |
| @@ -99,41 +99,39 @@ | |
| 99 | return; |
| 100 | } |
| 101 | |
| 102 | style_submenu_element("Add", "Add User", "setup_uedit"); |
| 103 | style_header("User List"); |
| 104 | @ <table border="0" cellpadding="0" cellspacing="25"> |
| 105 | @ <tr><td valign="top"> |
| 106 | @ <b>Users:</b> |
| 107 | @ <table border="1" cellpadding="10"><tr><td> |
| 108 | @ <table cellspacing=0 cellpadding=0 border=0> |
| 109 | @ <tr> |
| 110 | @ <th align="right">User ID</th><td width="20"> </td> |
| 111 | @ <th>Capabilities</th><td width="15"> </td> |
| 112 | @ <th>Contact Info</th> |
| 113 | @ </tr> |
| 114 | db_prepare(&s, "SELECT uid, login, cap, info FROM user ORDER BY login"); |
| 115 | while( db_step(&s)==SQLITE_ROW ){ |
| 116 | const char *zCap = db_column_text(&s, 2); |
| 117 | if( strstr(zCap, "s") ) zCap = "s"; |
| 118 | @ <tr> |
| 119 | @ <td align="right"> |
| 120 | if( g.okAdmin && (zCap[0]!='s' || g.okSetup) ){ |
| 121 | @ <a href="setup_uedit?id=%d(db_column_int(&s,0))"> |
| 122 | } |
| 123 | @ <nobr>%h(db_column_text(&s,1))</nobr> |
| 124 | if( g.okAdmin ){ |
| 125 | @ </a> |
| 126 | } |
| 127 | @ </td><td> </td> |
| 128 | @ <td align="center">%s(zCap)</td> |
| 129 | @ <td> </td> |
| 130 | @ <td align="left">%s(db_column_text(&s,3))</td> |
| 131 | @ </tr> |
| 132 | } |
| 133 | @ </table></td></tr></table> |
| 134 | @ <td valign="top"> |
| 135 | @ <span class="note">Notes:</span> |
| 136 | @ <ol> |
| 137 | @ <li><p>The permission flags are as follows:</p> |
| 138 | @ <table> |
| 139 | @ <tr><td valign="top"><b>a</b></td> |
| @@ -181,31 +179,33 @@ | |
| 181 | @ user <tt>developer</tt></td></tr> |
| 182 | @ <tr><td valign="top"><b>w</b></td> |
| 183 | @ <td><i>Write-Tkt:</i> Edit tickets</td></tr> |
| 184 | @ <tr><td valign="top"><b>z</b></td> |
| 185 | @ <td><i>Zip download:</i> Download a baseline via the |
| 186 | @ <tt>/zip</tt> URL even without check<b>o</b>ut |
| 187 | @ and <b>h</b>istory permissions</td></tr> |
| 188 | @ </table> |
| 189 | @ </li> |
| 190 | @ |
| 191 | @ <li><p> |
| 192 | @ Every user, logged in or not, inherits the privileges of <b>nobody</b>. |
| 193 | @ </p></li> |
| 194 | @ |
| 195 | @ <li><p> |
| 196 | @ Any human can login as <b>anonymous</b> since the password is |
| 197 | @ clearly displayed on the login page for them to type. The purpose |
| 198 | @ of requiring anonymous to log in is to prevent access by spiders. |
| 199 | @ Every logged-in user inherits the combined privileges of |
| 200 | @ <b>anonymous</b> and |
| 201 | @ <b>nobody</b>. |
| 202 | @ </p></li> |
| 203 | @ |
| 204 | @ <li><p> |
| 205 | @ Users with privilege <b>v</b> inherit the combined privileges of |
| 206 | @ <b>developer</b>, <b>anonymous</b>, and <b>nobody</b>. |
| 207 | @ </p></li> |
| 208 | @ |
| 209 | @ </ol> |
| 210 | @ </td></tr></table> |
| 211 | style_footer(); |
| @@ -323,12 +323,12 @@ | |
| 323 | } |
| 324 | if( uid>0 && |
| 325 | db_exists("SELECT 1 FROM user WHERE login=%Q AND uid!=%d", zLogin, uid) |
| 326 | ){ |
| 327 | style_header("User Creation Error"); |
| 328 | @ <font color="red">Login "%h(zLogin)" is already used by a different |
| 329 | @ user.</font> |
| 330 | @ |
| 331 | @ <p><a href="setup_uedit?id=%d(uid)">[Bummer]</a></p> |
| 332 | style_footer(); |
| 333 | return; |
| 334 | } |
| @@ -353,65 +353,65 @@ | |
| 353 | if( uid ){ |
| 354 | zLogin = db_text("", "SELECT login FROM user WHERE uid=%d", uid); |
| 355 | zInfo = db_text("", "SELECT info FROM user WHERE uid=%d", uid); |
| 356 | zCap = db_text("", "SELECT cap FROM user WHERE uid=%d", uid); |
| 357 | zPw = db_text("", "SELECT pw FROM user WHERE uid=%d", uid); |
| 358 | if( strchr(zCap, 'a') ) oaa = " checked"; |
| 359 | if( strchr(zCap, 'b') ) oab = " checked"; |
| 360 | if( strchr(zCap, 'c') ) oac = " checked"; |
| 361 | if( strchr(zCap, 'd') ) oad = " checked"; |
| 362 | if( strchr(zCap, 'e') ) oae = " checked"; |
| 363 | if( strchr(zCap, 'f') ) oaf = " checked"; |
| 364 | if( strchr(zCap, 'g') ) oag = " checked"; |
| 365 | if( strchr(zCap, 'h') ) oah = " checked"; |
| 366 | if( strchr(zCap, 'i') ) oai = " checked"; |
| 367 | if( strchr(zCap, 'j') ) oaj = " checked"; |
| 368 | if( strchr(zCap, 'k') ) oak = " checked"; |
| 369 | if( strchr(zCap, 'm') ) oam = " checked"; |
| 370 | if( strchr(zCap, 'n') ) oan = " checked"; |
| 371 | if( strchr(zCap, 'o') ) oao = " checked"; |
| 372 | if( strchr(zCap, 'p') ) oap = " checked"; |
| 373 | if( strchr(zCap, 'r') ) oar = " checked"; |
| 374 | if( strchr(zCap, 's') ) oas = " checked"; |
| 375 | if( strchr(zCap, 't') ) oat = " checked"; |
| 376 | if( strchr(zCap, 'u') ) oau = " checked"; |
| 377 | if( strchr(zCap, 'v') ) oav = " checked"; |
| 378 | if( strchr(zCap, 'w') ) oaw = " checked"; |
| 379 | if( strchr(zCap, 'z') ) oaz = " checked"; |
| 380 | } |
| 381 | |
| 382 | /* figure out inherited permissions */ |
| 383 | memset(inherit, 0, sizeof(inherit)); |
| 384 | if( strcmp(zLogin, "developer") ){ |
| 385 | char *z1, *z2; |
| 386 | z1 = z2 = db_text(0,"SELECT cap FROM user WHERE login='developer'"); |
| 387 | while( z1 && *z1 ){ |
| 388 | inherit[0x7f & *(z1++)] = "<font color=\"red\">•</font>"; |
| 389 | } |
| 390 | free(z2); |
| 391 | } |
| 392 | if( strcmp(zLogin, "reader") ){ |
| 393 | char *z1, *z2; |
| 394 | z1 = z2 = db_text(0,"SELECT cap FROM user WHERE login='reader'"); |
| 395 | while( z1 && *z1 ){ |
| 396 | inherit[0x7f & *(z1++)] = "<font color=\"black\">•</font>"; |
| 397 | } |
| 398 | free(z2); |
| 399 | } |
| 400 | if( strcmp(zLogin, "anonymous") ){ |
| 401 | char *z1, *z2; |
| 402 | z1 = z2 = db_text(0,"SELECT cap FROM user WHERE login='anonymous'"); |
| 403 | while( z1 && *z1 ){ |
| 404 | inherit[0x7f & *(z1++)] = "<font color=\"blue\">•</font>"; |
| 405 | } |
| 406 | free(z2); |
| 407 | } |
| 408 | if( strcmp(zLogin, "nobody") ){ |
| 409 | char *z1, *z2; |
| 410 | z1 = z2 = db_text(0,"SELECT cap FROM user WHERE login='nobody'"); |
| 411 | while( z1 && *z1 ){ |
| 412 | inherit[0x7f & *(z1++)] = "<font color=\"green\">•</font>"; |
| 413 | } |
| 414 | free(z2); |
| 415 | } |
| 416 | |
| 417 | /* Begin generating the page |
| @@ -420,77 +420,79 @@ | |
| 420 | if( uid ){ |
| 421 | style_header(mprintf("Edit User %h", zLogin)); |
| 422 | }else{ |
| 423 | style_header("Add A New User"); |
| 424 | } |
| 425 | @ <table align="left" hspace="20" vspace="10"><tr><td> |
| 426 | @ <form action="%s(g.zPath)" method="POST"> |
| 427 | login_insert_csrf_secret(); |
| 428 | @ <table> |
| 429 | @ <tr> |
| 430 | @ <td align="right"><nobr>User ID:</nobr></td> |
| 431 | if( uid ){ |
| 432 | @ <td>%d(uid) <input type="hidden" name="id" value="%d(uid)"></td> |
| 433 | }else{ |
| 434 | @ <td>(new user)<input type="hidden" name="id" value=0></td> |
| 435 | } |
| 436 | @ </tr> |
| 437 | @ <tr> |
| 438 | @ <td align="right"><nobr>Login:</nobr></td> |
| 439 | @ <td><input type="text" name="login" value="%h(zLogin)"></td> |
| 440 | @ </tr> |
| 441 | @ <tr> |
| 442 | @ <td align="right"><nobr>Contact Info:</nobr></td> |
| 443 | @ <td><input type="text" name="info" size=40 value="%h(zInfo)"></td> |
| 444 | @ </tr> |
| 445 | @ <tr> |
| 446 | @ <td align="right" valign="top">Capabilities:</td> |
| 447 | @ <td> |
| 448 | #define B(x) inherit[x] |
| 449 | if( g.okSetup ){ |
| 450 | @ <input type="checkbox" name="as"%s(oas)/>%s(B('s'))Setup<br> |
| 451 | } |
| 452 | @ <input type="checkbox" name="aa"%s(oaa)/>%s(B('a'))Admin<br> |
| 453 | @ <input type="checkbox" name="ad"%s(oad)/>%s(B('d'))Delete<br> |
| 454 | @ <input type="checkbox" name="ae"%s(oae)/>%s(B('e'))Email<br> |
| 455 | @ <input type="checkbox" name="ap"%s(oap)/>%s(B('p'))Password<br> |
| 456 | @ <input type="checkbox" name="ai"%s(oai)/>%s(B('i'))Check-In<br> |
| 457 | @ <input type="checkbox" name="ao"%s(oao)/>%s(B('o'))Check-Out<br> |
| 458 | @ <input type="checkbox" name="ah"%s(oah)/>%s(B('h'))History<br> |
| 459 | @ <input type="checkbox" name="au"%s(oau)/>%s(B('u'))Reader<br> |
| 460 | @ <input type="checkbox" name="av"%s(oav)/>%s(B('v'))Developer<br> |
| 461 | @ <input type="checkbox" name="ag"%s(oag)/>%s(B('g'))Clone<br> |
| 462 | @ <input type="checkbox" name="aj"%s(oaj)/>%s(B('j'))Read Wiki<br> |
| 463 | @ <input type="checkbox" name="af"%s(oaf)/>%s(B('f'))New Wiki<br> |
| 464 | @ <input type="checkbox" name="am"%s(oam)/>%s(B('m'))Append Wiki<br> |
| 465 | @ <input type="checkbox" name="ak"%s(oak)/>%s(B('k'))Write Wiki<br> |
| 466 | @ <input type="checkbox" name="ab"%s(oab)/>%s(B('b'))Attachments<br> |
| 467 | @ <input type="checkbox" name="ar"%s(oar)/>%s(B('r'))Read Ticket<br> |
| 468 | @ <input type="checkbox" name="an"%s(oan)/>%s(B('n'))New Ticket<br> |
| 469 | @ <input type="checkbox" name="ac"%s(oac)/>%s(B('c'))Append Ticket<br> |
| 470 | @ <input type="checkbox" name="aw"%s(oaw)/>%s(B('w'))Write Ticket<br> |
| 471 | @ <input type="checkbox" name="at"%s(oat)/>%s(B('t'))Ticket Report<br> |
| 472 | @ <input type="checkbox" name="az"%s(oaz)/>%s(B('z'))Download Zip |
| 473 | @ </td> |
| 474 | @ </tr> |
| 475 | @ <tr> |
| 476 | @ <td align="right">Password:</td> |
| 477 | if( zPw[0] ){ |
| 478 | /* Obscure the password for all users */ |
| 479 | @ <td><input type="password" name="pw" value="**********"></td> |
| 480 | }else{ |
| 481 | /* Show an empty password as an empty input field */ |
| 482 | @ <td><input type="password" name="pw" value=""></td> |
| 483 | } |
| 484 | @ </tr> |
| 485 | if( !higherUser ){ |
| 486 | @ <tr> |
| 487 | @ <td> </td> |
| 488 | @ <td><input type="submit" name="submit" value="Apply Changes"> |
| 489 | @ </tr> |
| 490 | } |
| 491 | @ </table></td></tr></table> |
| 492 | @ <h2>Privileges And Capabilities:</h2> |
| 493 | @ <ul> |
| 494 | if( higherUser ){ |
| 495 | @ <li><p><font color="blue"><b> |
| 496 | @ User %h(zLogin) has Setup privileges and you only have Admin privileges |
| @@ -497,95 +499,97 @@ | |
| 497 | @ so you are not permitted to make changes to %h(zLogin). |
| 498 | @ </b></font></p></li> |
| 499 | @ |
| 500 | } |
| 501 | @ <li><p> |
| 502 | @ The <b>Setup</b> user can make arbitrary configuration changes. |
| 503 | @ An <b>Admin</b> user can add other users and change user privileges |
| 504 | @ and reset user passwords. Both automatically get all other privileges |
| 505 | @ listed below. Use these two settings with discretion. |
| 506 | @ </p></li> |
| 507 | @ |
| 508 | @ <li><p> |
| 509 | @ The "<font color="green"><big>•</big></font>" mark indicates |
| 510 | @ the privileges of "nobody" that are available to all users |
| 511 | @ regardless of whether or not they are logged in. |
| 512 | @ </p></li> |
| 513 | @ |
| 514 | @ <li><p> |
| 515 | @ The "<font color="blue"><big>•</big></font>" mark indicates |
| 516 | @ the privileges of "anonymous" that are inherited by all logged-in users. |
| 517 | @ </p></li> |
| 518 | @ |
| 519 | @ <li><p> |
| 520 | @ The "<font color="red"><big>•</big></font>" mark indicates |
| 521 | @ the privileges of "developer" that are inherited by all users with |
| 522 | @ the <b>Developer</b> privilege. |
| 523 | @ </p></li> |
| 524 | @ |
| 525 | @ <li><p> |
| 526 | @ The "<font color="black"><big>•</big></font>" mark indicates |
| 527 | @ the privileges of "reader" that are inherited by all users with |
| 528 | @ the <b>Reader</b> privilege. |
| 529 | @ </p></li> |
| 530 | @ |
| 531 | @ <li><p> |
| 532 | @ The <b>Delete</b> privilege give the user the ability to erase |
| 533 | @ wiki, tickets, and attachments that have been added by anonymous |
| 534 | @ users. This capability is intended for deletion of spam. The |
| 535 | @ delete capability is only in effect for 24 hours after the item |
| 536 | @ is first posted. The Setup user can delete anything at any time. |
| 537 | @ </p></li> |
| 538 | @ |
| 539 | @ <li><p> |
| 540 | @ The <b>History</b> privilege allows a user to see most hyperlinks. |
| 541 | @ This is recommended ON for most logged-in users but OFF for |
| 542 | @ user "nobody" to avoid problems with spiders trying to walk every |
| 543 | @ historical version of every baseline and file. |
| 544 | @ </p></li> |
| 545 | @ |
| 546 | @ <li><p> |
| 547 | @ The <b>Zip</b> privilege allows a user to see the "download as ZIP" |
| 548 | @ hyperlink and permits access to the <tt>/zip</tt> page. This allows |
| 549 | @ users to download ZIP archives without granting other rights like |
| 550 | @ <b>Read</b> or <b>History</b>. This privilege is recommended for |
| 551 | @ user <b>nobody</b> so that automatic package downloaders can obtain |
| 552 | @ the sources without going through the login procedure. |
| 553 | @ </p></li> |
| 554 | @ |
| 555 | @ <li><p> |
| 556 | @ The <b>Check-in</b> privilege allows remote users to "push". |
| 557 | @ The <b>Check-out</b> privilege allows remote users to "pull". |
| 558 | @ The <b>Clone</b> privilege allows remote users to "clone". |
| 559 | @ </li><p> |
| 560 | @ |
| 561 | @ <li><p> |
| 562 | @ The <b>Read Wiki</b>, <b>New Wiki</b>, <b>Append Wiki</b>, and |
| 563 | @ <b>Write Wiki</b> privileges control access to wiki pages. The |
| 564 | @ <b>Read Ticket</b>, <b>New Ticket</b>, <b>Append Ticket</b>, and |
| 565 | @ <b>Write Ticket</b> privileges control access to trouble tickets. |
| 566 | @ The <b>Ticket Report</b> privilege allows the user to create or edit |
| 567 | @ ticket report formats. |
| 568 | @ </p></li> |
| 569 | @ |
| 570 | @ <li><p> |
| 571 | @ Users with the <b>Password</b> privilege are allowed to change their |
| 572 | @ own password. Recommended ON for most users but OFF for special |
| 573 | @ users "developer", "anonymous", and "nobody". |
| 574 | @ </p></li> |
| 575 | @ |
| 576 | @ <li><p> |
| 577 | @ The <b>EMail</b> privilege allows the display of sensitive information |
| 578 | @ such as the email address of users and contact information on tickets. |
| 579 | @ Recommended OFF for "anonymous" and for "nobody" but ON for |
| 580 | @ "developer". |
| 581 | @ </p></li> |
| 582 | @ |
| 583 | @ <li><p> |
| 584 | @ The <b>Attachment</b> privilege is needed in order to add attachments |
| 585 | @ to tickets or wiki. Write privilege on the ticket or wiki is also |
| 586 | @ required.</p></li> |
| 587 | @ |
| 588 | @ <li><p> |
| 589 | @ Login is prohibited if the password is an empty string. |
| 590 | @ </p></li> |
| 591 | @ </ul> |
| @@ -592,42 +596,42 @@ | |
| 592 | @ |
| 593 | @ <h2>Special Logins</h2> |
| 594 | @ |
| 595 | @ <ul> |
| 596 | @ <li><p> |
| 597 | @ No login is required for user "<b>nobody</b>". The capabilities |
| 598 | @ of the <b>nobody</b> user are inherited by all users, regardless of |
| 599 | @ whether or not they are logged in. To disable universal access |
| 600 | @ to the repository, make sure no user named "<b>nobody</b>" exists or |
| 601 | @ that the <b>nobody</b> user has no capabilities enabled. |
| 602 | @ The password for <b>nobody</b> is ignore. To avoid problems with |
| 603 | @ spiders overloading the server, it is recommended |
| 604 | @ that the 'h' (History) capability be turned off for the <b>nobody</b> |
| 605 | @ user. |
| 606 | @ </p></li> |
| 607 | @ |
| 608 | @ <li><p> |
| 609 | @ Login is required for user "<b>anonymous</b>" but the password |
| 610 | @ is displayed on the login screen beside the password entry box |
| 611 | @ so anybody who can read should be able to login as anonymous. |
| 612 | @ On the other hand, spiders and web-crawlers will typically not |
| 613 | @ be able to login. Set the capabilities of the anonymous user |
| 614 | @ to things that you want any human to be able to do, but not any |
| 615 | @ spider. Every other logged-in user inherits the privileges of |
| 616 | @ <b>anonymous</b>. |
| 617 | @ </p></li> |
| 618 | @ |
| 619 | @ <li><p> |
| 620 | @ The "<b>developer</b>" user is intended as a template for trusted users |
| 621 | @ with check-in privileges. When adding new trusted users, simply |
| 622 | @ select the <b>Developer</b> privilege to cause the new user to inherit |
| 623 | @ all privileges of the "developer" user. Similarly, the "<b>reader</b>" |
| 624 | @ user is a template for users who are allowed more access than anonymous, |
| 625 | @ but less than a developer. |
| 626 | @ </p></li> |
| 627 | @ </ul> |
| 628 | @ </form> |
| 629 | style_footer(); |
| 630 | } |
| 631 | |
| 632 | |
| 633 | /* |
| @@ -651,13 +655,13 @@ | |
| 651 | db_set(zVar, iQ ? "1" : "0", 0); |
| 652 | iVal = iQ; |
| 653 | } |
| 654 | } |
| 655 | if( iVal ){ |
| 656 | @ <input type="checkbox" name="%s(zQParm)" checked><b>%s(zLabel)</b></input> |
| 657 | }else{ |
| 658 | @ <input type="checkbox" name="%s(zQParm)"><b>%s(zLabel)</b></input> |
| 659 | } |
| 660 | } |
| 661 | |
| 662 | /* |
| 663 | ** Generate an entry box for an attribute. |
| @@ -674,11 +678,11 @@ | |
| 674 | if( zQ && strcmp(zQ,zVal)!=0 ){ |
| 675 | login_verify_csrf_secret(); |
| 676 | db_set(zVar, zQ, 0); |
| 677 | zVal = zQ; |
| 678 | } |
| 679 | @ <input type="text" name="%s(zQParm)" value="%h(zVal)" size="%d(width)"> |
| 680 | @ <b>%s(zLabel)</b> |
| 681 | } |
| 682 | |
| 683 | /* |
| 684 | ** Generate a text box for an attribute. |
| @@ -715,57 +719,57 @@ | |
| 715 | login_needed(); |
| 716 | } |
| 717 | |
| 718 | style_header("Access Control Settings"); |
| 719 | db_begin_transaction(); |
| 720 | @ <form action="%s(g.zBaseURL)/setup_access" method="POST"> |
| 721 | login_insert_csrf_secret(); |
| 722 | @ <hr> |
| 723 | onoff_attribute("Require password for local access", |
| 724 | "localauth", "localauth", 0); |
| 725 | @ <p>When enabled, the password sign-in is required for |
| 726 | @ web access coming from 127.0.0.1. When disabled, web access |
| 727 | @ from 127.0.0.1 is allows without any login - the user id is selected |
| 728 | @ from the ~/.fossil database. Password login is always required |
| 729 | @ for incoming web connections on internet addresses other than |
| 730 | @ 127.0.0.1.</p></li> |
| 731 | |
| 732 | @ <hr> |
| 733 | onoff_attribute("Allow REMOTE_USER authentication", |
| 734 | "remote_user_ok", "remote_user_ok", 0); |
| 735 | @ <p>When enabled, if the REMOTE_USER environment variable is set to the |
| 736 | @ login name of a valid user and no other login credentials are available, |
| 737 | @ then the REMOTE_USER is accepted as an authenticated user. |
| 738 | @ </p></li> |
| 739 | |
| 740 | @ <hr> |
| 741 | entry_attribute("Login expiration time", 6, "cookie-expire", "cex", "8766"); |
| 742 | @ <p>The number of hours for which a login is valid. This must be a |
| 743 | @ positive number. The default is 8760 hours which is approximately equal |
| 744 | @ to a year.</p> |
| 745 | |
| 746 | @ <hr> |
| 747 | entry_attribute("Download packet limit", 10, "max-download", "mxdwn", |
| 748 | "5000000"); |
| 749 | @ <p>Fossil tries to limit out-bound sync, clone, and pull packets |
| 750 | @ to this many bytes, uncompressed. If the client requires more data |
| 751 | @ than this, then the client will issue multiple HTTP requests. |
| 752 | @ Values below 1 million are not recommended. 5 million is a |
| 753 | @ reasonable number.</p> |
| 754 | |
| 755 | @ <hr> |
| 756 | onoff_attribute("Show javascript button to fill in CAPTCHA", |
| 757 | "auto-captcha", "autocaptcha", 0); |
| 758 | @ <p>When enabled, a button appears on the login screen for user |
| 759 | @ "anonymous" that will automatically fill in the CAPTCHA password. |
| 760 | @ This is less secure that forcing the user to do it manually, but is |
| 761 | @ probably secure enough and it is certainly more convenient for |
| 762 | @ anonymous users.</p> |
| 763 | |
| 764 | @ <hr> |
| 765 | @ <p><input type="submit" name="submit" value="Apply Changes"></p> |
| 766 | @ </form> |
| 767 | db_end_transaction(0); |
| 768 | style_footer(); |
| 769 | } |
| 770 | |
| 771 | /* |
| @@ -777,42 +781,42 @@ | |
| 777 | login_needed(); |
| 778 | } |
| 779 | |
| 780 | style_header("Timeline Display Preferences"); |
| 781 | db_begin_transaction(); |
| 782 | @ <form action="%s(g.zBaseURL)/setup_timeline" method="POST"> |
| 783 | login_insert_csrf_secret(); |
| 784 | |
| 785 | @ <hr> |
| 786 | onoff_attribute("Allow block-markup in timeline", |
| 787 | "timeline-block-markup", "tbm", 0); |
| 788 | @ <p>In timeline displays, check-in comments can be displayed with or |
| 789 | @ without block markup (paragraphs, tables, etc.)</p> |
| 790 | |
| 791 | @ <hr> |
| 792 | onoff_attribute("Use Universal Coordinated Time (UTC)", |
| 793 | "timeline-utc", "utc", 1); |
| 794 | @ <p>Show times as UTC (also sometimes called Greenwich Mean Time (GMT) or |
| 795 | @ Zulu) instead of in local time.</p> |
| 796 | |
| 797 | @ <hr> |
| 798 | onoff_attribute("Show version differences by default", |
| 799 | "show-version-diffs", "vdiff", 0); |
| 800 | @ <p>On the version-information pages linked from the timeline can either |
| 801 | @ show complete diffs of all file changes, or can just list the names of |
| 802 | @ the files that have changed. Users can get to either page by |
| 803 | @ clicking. This setting selects the default.</p> |
| 804 | |
| 805 | @ <hr> |
| 806 | entry_attribute("Max timeline comment length", 6, |
| 807 | "timeline-max-comment", "tmc", "0"); |
| 808 | @ <p>The maximum length of a comment to be displayed in a timeline. |
| 809 | @ "0" there is no length limit.</p> |
| 810 | |
| 811 | @ <hr> |
| 812 | @ <p><input type="submit" name="submit" value="Apply Changes"></p> |
| 813 | @ </form> |
| 814 | db_end_transaction(0); |
| 815 | style_footer(); |
| 816 | } |
| 817 | |
| 818 | /* |
| @@ -824,11 +828,11 @@ | |
| 824 | login_needed(); |
| 825 | } |
| 826 | |
| 827 | style_header("WWW Configuration"); |
| 828 | db_begin_transaction(); |
| 829 | @ <form action="%s(g.zBaseURL)/setup_config" method="POST"> |
| 830 | login_insert_csrf_secret(); |
| 831 | @ <hr /> |
| 832 | entry_attribute("Project Name", 60, "project-name", "pn", ""); |
| 833 | @ <p>Give your project a name so visitors know what this site is about. |
| 834 | @ The project name will also be used as the RSS feed title.</p> |
| @@ -841,16 +845,16 @@ | |
| 841 | entry_attribute("Index Page", 60, "index-page", "idxpg", "/home"); |
| 842 | @ <p>Enter the pathname of the page to display when the "Home" menu |
| 843 | @ option is selected and when no pathname is |
| 844 | @ specified in the URL. For example, if you visit the url:</p> |
| 845 | @ |
| 846 | @ <blockquote>%h(g.zBaseURL)</blockquote> |
| 847 | @ |
| 848 | @ <p>And you have specified an index page of "/home" the above will |
| 849 | @ automatically redirect to:</p> |
| 850 | @ |
| 851 | @ <blockquote>%h(g.zBaseURL)/home</blockquote> |
| 852 | @ |
| 853 | @ <p>The default "/home" page displays a Wiki page with the same name |
| 854 | @ as the Project Name specified above. Some sites prefer to redirect |
| 855 | @ to a documentation page (ex: "/doc/tip/index.wiki") or to "/timeline".</p> |
| 856 | @ <hr /> |
| @@ -865,12 +869,12 @@ | |
| 865 | @ users to inject dangerous HTML, CSS and JavaScript code into your wiki.</p> |
| 866 | @ <p>This should <strong>only</strong> be enabled when wiki editing is limited |
| 867 | @ to trusted users. It should <strong>not</strong> be used on a publically |
| 868 | @ editable wiki.</p> |
| 869 | @ <hr /> |
| 870 | @ <p><input type="submit" name="submit" value="Apply Changes"></p> |
| 871 | @ </form> |
| 872 | db_end_transaction(0); |
| 873 | style_footer(); |
| 874 | } |
| 875 | |
| 876 | /* |
| @@ -931,21 +935,21 @@ | |
| 931 | cgi_replace_parameter("header", zDefaultHeader); |
| 932 | }else{ |
| 933 | textarea_attribute(0, 0, 0, "header", "header", zDefaultHeader); |
| 934 | } |
| 935 | style_header("Edit Page Header"); |
| 936 | @ <form action="%s(g.zBaseURL)/setup_header" method="POST"> |
| 937 | login_insert_csrf_secret(); |
| 938 | @ <p>Edit HTML text with embedded TH1 (a TCL dialect) that will be used to |
| 939 | @ generate the beginning of every page through start of the main |
| 940 | @ menu.</p> |
| 941 | textarea_attribute("", 40, 80, "header", "header", zDefaultHeader); |
| 942 | @ <br /> |
| 943 | @ <input type="submit" name="submit" value="Apply Changes"> |
| 944 | @ <input type="submit" name="clear" value="Revert To Default"> |
| 945 | @ </form> |
| 946 | @ <hr> |
| 947 | @ The default header is shown below for reference. Other examples |
| 948 | @ of headers can be seen on the <a href="setup_skin">skins page</a>. |
| 949 | @ See also the <a href="setup_editcss">CSS</a> and |
| 950 | @ <a href="setup_footer">footer</a> editing screeens. |
| 951 | @ <blockquote><pre> |
| @@ -969,20 +973,20 @@ | |
| 969 | cgi_replace_parameter("footer", zDefaultFooter); |
| 970 | }else{ |
| 971 | textarea_attribute(0, 0, 0, "footer", "footer", zDefaultFooter); |
| 972 | } |
| 973 | style_header("Edit Page Footer"); |
| 974 | @ <form action="%s(g.zBaseURL)/setup_footer" method="POST"> |
| 975 | login_insert_csrf_secret(); |
| 976 | @ <p>Edit HTML text with embedded TH1 (a TCL dialect) that will be used to |
| 977 | @ generate the end of every page.</p> |
| 978 | textarea_attribute("", 20, 80, "footer", "footer", zDefaultFooter); |
| 979 | @ <br /> |
| 980 | @ <input type="submit" name="submit" value="Apply Changes"> |
| 981 | @ <input type="submit" name="clear" value="Revert To Default"> |
| 982 | @ </form> |
| 983 | @ <hr> |
| 984 | @ The default footer is shown below for reference. Other examples |
| 985 | @ of footers can be seen on the <a href="setup_skin">skins page</a>. |
| 986 | @ See also the <a href="setup_editcss">CSS</a> and |
| 987 | @ <a href="setup_header">header</a> editing screens. |
| 988 | @ <blockquote><pre> |
| @@ -1032,31 +1036,31 @@ | |
| 1032 | cgi_redirect("setup_logo"); |
| 1033 | } |
| 1034 | style_header("Edit Project Logo"); |
| 1035 | @ <p>The current project logo has a MIME-Type of <b>%h(zMime)</b> and looks |
| 1036 | @ like this:</p> |
| 1037 | @ <blockquote><img src="%s(g.zTop)/logo" alt="logo"></blockquote> |
| 1038 | @ |
| 1039 | @ <p>The logo is accessible to all users at this URL: |
| 1040 | @ <a href="%s(g.zBaseURL)/logo">%s(g.zBaseURL)/logo</a>. |
| 1041 | @ The logo may or may not appear on each |
| 1042 | @ page depending on the <a href="setup_editcss">CSS</a> and |
| 1043 | @ <a href="setup_header">header setup</a>.</p> |
| 1044 | @ |
| 1045 | @ <form action="%s(g.zBaseURL)/setup_logo" method="POST" |
| 1046 | @ enctype="multipart/form-data"> |
| 1047 | @ <p>To set a new logo image, select a file to use as the logo using |
| 1048 | @ the entry box below and then press the "Change Logo" button.</p> |
| 1049 | login_insert_csrf_secret(); |
| 1050 | @ Logo Image file: |
| 1051 | @ <input type="file" name="im" size="60" accepts="image/*"><br> |
| 1052 | @ <input type="submit" name="set" value="Change Logo"> |
| 1053 | @ <input type="submit" name="clr" value="Revert To Default"> |
| 1054 | @ </form> |
| 1055 | @ |
| 1056 | @ <p><span class="note">Note:</span> Your browser has probably cached the logo image, so |
| 1057 | @ you will probably need to press the Reload button on your browser after |
| 1058 | @ changing the logo to provoke your browser to reload the new logo image. |
| 1059 | @ </p> |
| 1060 | style_footer(); |
| 1061 | db_end_transaction(0); |
| 1062 | } |
| 1063 |
| --- src/setup.c | |
| +++ src/setup.c | |
| @@ -99,41 +99,39 @@ | |
| 99 | return; |
| 100 | } |
| 101 | |
| 102 | style_submenu_element("Add", "Add User", "setup_uedit"); |
| 103 | style_header("User List"); |
| 104 | @ <table class="usetupLayoutTable"> |
| 105 | @ <tr><td class="usetupColumnLayout"> |
| 106 | @ <span class="note">Users:</span> |
| 107 | @ <table class="usetupUserList"> |
| 108 | @ <tr> |
| 109 | @ <th class="usetupListUser" style="text-align: right;padding-right: 20px;">User ID</th> |
| 110 | @ <th class="usetupListCap" style="text-align: center;padding-right: 15px;">Capabilities</th> |
| 111 | @ <th class="usetupListCon" style="text-align: left;">Contact Info</th> |
| 112 | @ </tr> |
| 113 | db_prepare(&s, "SELECT uid, login, cap, info FROM user ORDER BY login"); |
| 114 | while( db_step(&s)==SQLITE_ROW ){ |
| 115 | const char *zCap = db_column_text(&s, 2); |
| 116 | if( strstr(zCap, "s") ) zCap = "s"; |
| 117 | @ <tr> |
| 118 | @ <td class="usetupListUser" style="text-align: right;padding-right: 20px;white-space:nowrap;"> |
| 119 | if( g.okAdmin && (zCap[0]!='s' || g.okSetup) ){ |
| 120 | @ <a href="setup_uedit?id=%d(db_column_int(&s,0))"> |
| 121 | } |
| 122 | @ %h(db_column_text(&s,1)) |
| 123 | if( g.okAdmin ){ |
| 124 | @ </a> |
| 125 | } |
| 126 | @ </td> |
| 127 | @ <td class="usetupListCap" style="text-align: center;padding-right: 15px;">%s(zCap)</td> |
| 128 | @ <td class="usetupListCon" style="text-align: left;">%s(db_column_text(&s,3))</td> |
| 129 | @ </tr> |
| 130 | } |
| 131 | @ </table> |
| 132 | @ </td><td class="usetupColumnLayout"> |
| 133 | @ <span class="note">Notes:</span> |
| 134 | @ <ol> |
| 135 | @ <li><p>The permission flags are as follows:</p> |
| 136 | @ <table> |
| 137 | @ <tr><td valign="top"><b>a</b></td> |
| @@ -181,31 +179,33 @@ | |
| 179 | @ user <tt>developer</tt></td></tr> |
| 180 | @ <tr><td valign="top"><b>w</b></td> |
| 181 | @ <td><i>Write-Tkt:</i> Edit tickets</td></tr> |
| 182 | @ <tr><td valign="top"><b>z</b></td> |
| 183 | @ <td><i>Zip download:</i> Download a baseline via the |
| 184 | @ <tt>/zip</tt> URL even without check<span class="capability">o</span>ut |
| 185 | @ and <span class="capability">h</span>istory permissions</td></tr> |
| 186 | @ </table> |
| 187 | @ </li> |
| 188 | @ |
| 189 | @ <li><p> |
| 190 | @ Every user, logged in or not, inherits the privileges of <span class="usertype">nobody</span>. |
| 191 | @ </p></li> |
| 192 | @ |
| 193 | @ <li><p> |
| 194 | @ Any human can login as <span class="usertype">anonymous</span> since the |
| 195 | @ password is clearly displayed on the login page for them to type. The purpose |
| 196 | @ of requiring anonymous to log in is to prevent access by spiders. |
| 197 | @ Every logged-in user inherits the combined privileges of |
| 198 | @ <span class="usertype">anonymous</span> and |
| 199 | @ <span class="usertype">nobody</span>. |
| 200 | @ </p></li> |
| 201 | @ |
| 202 | @ <li><p> |
| 203 | @ Users with privilege <span class="capability">v</span> inherit the combined |
| 204 | @ privileges of <span class="usertype">developer</span>, |
| 205 | @ <span class="usertype">anonymous</span>, and |
| 206 | @ <span class="usertype">nobody</span>. |
| 207 | @ </p></li> |
| 208 | @ |
| 209 | @ </ol> |
| 210 | @ </td></tr></table> |
| 211 | style_footer(); |
| @@ -323,12 +323,12 @@ | |
| 323 | } |
| 324 | if( uid>0 && |
| 325 | db_exists("SELECT 1 FROM user WHERE login=%Q AND uid!=%d", zLogin, uid) |
| 326 | ){ |
| 327 | style_header("User Creation Error"); |
| 328 | @ <span class="loginError">Login "%h(zLogin)" is already used by a different |
| 329 | @ user.</span> |
| 330 | @ |
| 331 | @ <p><a href="setup_uedit?id=%d(uid)">[Bummer]</a></p> |
| 332 | style_footer(); |
| 333 | return; |
| 334 | } |
| @@ -353,65 +353,65 @@ | |
| 353 | if( uid ){ |
| 354 | zLogin = db_text("", "SELECT login FROM user WHERE uid=%d", uid); |
| 355 | zInfo = db_text("", "SELECT info FROM user WHERE uid=%d", uid); |
| 356 | zCap = db_text("", "SELECT cap FROM user WHERE uid=%d", uid); |
| 357 | zPw = db_text("", "SELECT pw FROM user WHERE uid=%d", uid); |
| 358 | if( strchr(zCap, 'a') ) oaa = " checked=\"checked\""; |
| 359 | if( strchr(zCap, 'b') ) oab = " checked=\"checked\""; |
| 360 | if( strchr(zCap, 'c') ) oac = " checked=\"checked\""; |
| 361 | if( strchr(zCap, 'd') ) oad = " checked=\"checked\""; |
| 362 | if( strchr(zCap, 'e') ) oae = " checked=\"checked\""; |
| 363 | if( strchr(zCap, 'f') ) oaf = " checked=\"checked\""; |
| 364 | if( strchr(zCap, 'g') ) oag = " checked=\"checked\""; |
| 365 | if( strchr(zCap, 'h') ) oah = " checked=\"checked\""; |
| 366 | if( strchr(zCap, 'i') ) oai = " checked=\"checked\""; |
| 367 | if( strchr(zCap, 'j') ) oaj = " checked=\"checked\""; |
| 368 | if( strchr(zCap, 'k') ) oak = " checked=\"checked\""; |
| 369 | if( strchr(zCap, 'm') ) oam = " checked=\"checked\""; |
| 370 | if( strchr(zCap, 'n') ) oan = " checked=\"checked\""; |
| 371 | if( strchr(zCap, 'o') ) oao = " checked=\"checked\""; |
| 372 | if( strchr(zCap, 'p') ) oap = " checked=\"checked\""; |
| 373 | if( strchr(zCap, 'r') ) oar = " checked=\"checked\""; |
| 374 | if( strchr(zCap, 's') ) oas = " checked=\"checked\""; |
| 375 | if( strchr(zCap, 't') ) oat = " checked=\"checked\""; |
| 376 | if( strchr(zCap, 'u') ) oau = " checked=\"checked\""; |
| 377 | if( strchr(zCap, 'v') ) oav = " checked=\"checked\""; |
| 378 | if( strchr(zCap, 'w') ) oaw = " checked=\"checked\""; |
| 379 | if( strchr(zCap, 'z') ) oaz = " checked=\"checked\""; |
| 380 | } |
| 381 | |
| 382 | /* figure out inherited permissions */ |
| 383 | memset(inherit, 0, sizeof(inherit)); |
| 384 | if( strcmp(zLogin, "developer") ){ |
| 385 | char *z1, *z2; |
| 386 | z1 = z2 = db_text(0,"SELECT cap FROM user WHERE login='developer'"); |
| 387 | while( z1 && *z1 ){ |
| 388 | inherit[0x7f & *(z1++)] = "<span class=\"ueditInheritDeveloper\">•</span>"; |
| 389 | } |
| 390 | free(z2); |
| 391 | } |
| 392 | if( strcmp(zLogin, "reader") ){ |
| 393 | char *z1, *z2; |
| 394 | z1 = z2 = db_text(0,"SELECT cap FROM user WHERE login='reader'"); |
| 395 | while( z1 && *z1 ){ |
| 396 | inherit[0x7f & *(z1++)] = "<span class=\"ueditInheritReader\">•</span>"; |
| 397 | } |
| 398 | free(z2); |
| 399 | } |
| 400 | if( strcmp(zLogin, "anonymous") ){ |
| 401 | char *z1, *z2; |
| 402 | z1 = z2 = db_text(0,"SELECT cap FROM user WHERE login='anonymous'"); |
| 403 | while( z1 && *z1 ){ |
| 404 | inherit[0x7f & *(z1++)] = "<span class=\"ueditInheritAnonymous\">•</span>"; |
| 405 | } |
| 406 | free(z2); |
| 407 | } |
| 408 | if( strcmp(zLogin, "nobody") ){ |
| 409 | char *z1, *z2; |
| 410 | z1 = z2 = db_text(0,"SELECT cap FROM user WHERE login='nobody'"); |
| 411 | while( z1 && *z1 ){ |
| 412 | inherit[0x7f & *(z1++)] = "<span class=\"ueditInheritNobody\">•</span>"; |
| 413 | } |
| 414 | free(z2); |
| 415 | } |
| 416 | |
| 417 | /* Begin generating the page |
| @@ -420,77 +420,79 @@ | |
| 420 | if( uid ){ |
| 421 | style_header(mprintf("Edit User %h", zLogin)); |
| 422 | }else{ |
| 423 | style_header("Add A New User"); |
| 424 | } |
| 425 | @ <div class="ueditCapBox"> |
| 426 | @ <form action="%s(g.zPath)" method="post"><div> |
| 427 | login_insert_csrf_secret(); |
| 428 | @ <table> |
| 429 | @ <tr> |
| 430 | @ <td class="usetupEditLabel">User ID:</td> |
| 431 | if( uid ){ |
| 432 | @ <td>%d(uid) <input type="hidden" name="id" value="%d(uid)" /></td> |
| 433 | }else{ |
| 434 | @ <td>(new user)<input type="hidden" name="id" value="0" /></td> |
| 435 | } |
| 436 | @ </tr> |
| 437 | @ <tr> |
| 438 | @ <td class="usetupEditLabel">Login:</td> |
| 439 | @ <td><input type="text" name="login" value="%h(zLogin)" /></td> |
| 440 | @ </tr> |
| 441 | @ <tr> |
| 442 | @ <td class="usetupEditLabel">Contact Info:</td> |
| 443 | @ <td><input type="text" name="info" size="40" value="%h(zInfo)" /></td> |
| 444 | @ </tr> |
| 445 | @ <tr> |
| 446 | @ <td class="usetupEditLabel">Capabilities:</td> |
| 447 | @ <td> |
| 448 | #define B(x) inherit[x] |
| 449 | if( g.okSetup ){ |
| 450 | @ <input type="checkbox" name="as"%s(oas) />%s(B('s'))Setup<br /> |
| 451 | } |
| 452 | @ <input type="checkbox" name="aa"%s(oaa) />%s(B('a'))Admin<br /> |
| 453 | @ <input type="checkbox" name="ad"%s(oad) />%s(B('d'))Delete<br /> |
| 454 | @ <input type="checkbox" name="ae"%s(oae) />%s(B('e'))Email<br /> |
| 455 | @ <input type="checkbox" name="ap"%s(oap) />%s(B('p'))Password<br /> |
| 456 | @ <input type="checkbox" name="ai"%s(oai) />%s(B('i'))Check-In<br /> |
| 457 | @ <input type="checkbox" name="ao"%s(oao) />%s(B('o'))Check-Out<br /> |
| 458 | @ <input type="checkbox" name="ah"%s(oah) />%s(B('h'))History<br /> |
| 459 | @ <input type="checkbox" name="au"%s(oau) />%s(B('u'))Reader<br /> |
| 460 | @ <input type="checkbox" name="av"%s(oav) />%s(B('v'))Developer<br /> |
| 461 | @ <input type="checkbox" name="ag"%s(oag) />%s(B('g'))Clone<br /> |
| 462 | @ <input type="checkbox" name="aj"%s(oaj) />%s(B('j'))Read Wiki<br /> |
| 463 | @ <input type="checkbox" name="af"%s(oaf) />%s(B('f'))New Wiki<br /> |
| 464 | @ <input type="checkbox" name="am"%s(oam) />%s(B('m'))Append Wiki<br /> |
| 465 | @ <input type="checkbox" name="ak"%s(oak) />%s(B('k'))Write Wiki<br /> |
| 466 | @ <input type="checkbox" name="ab"%s(oab) />%s(B('b'))Attachments<br /> |
| 467 | @ <input type="checkbox" name="ar"%s(oar) />%s(B('r'))Read Ticket<br /> |
| 468 | @ <input type="checkbox" name="an"%s(oan) />%s(B('n'))New Ticket<br /> |
| 469 | @ <input type="checkbox" name="ac"%s(oac) />%s(B('c'))Append Ticket<br /> |
| 470 | @ <input type="checkbox" name="aw"%s(oaw) />%s(B('w'))Write Ticket<br /> |
| 471 | @ <input type="checkbox" name="at"%s(oat) />%s(B('t'))Ticket Report<br /> |
| 472 | @ <input type="checkbox" name="az"%s(oaz) />%s(B('z'))Download Zip |
| 473 | @ </td> |
| 474 | @ </tr> |
| 475 | @ <tr> |
| 476 | @ <td align="right">Password:</td> |
| 477 | if( zPw[0] ){ |
| 478 | /* Obscure the password for all users */ |
| 479 | @ <td><input type="password" name="pw" value="**********" /></td> |
| 480 | }else{ |
| 481 | /* Show an empty password as an empty input field */ |
| 482 | @ <td><input type="password" name="pw" value="" /></td> |
| 483 | } |
| 484 | @ </tr> |
| 485 | if( !higherUser ){ |
| 486 | @ <tr> |
| 487 | @ <td> </td> |
| 488 | @ <td><input type="submit" name="submit" value="Apply Changes" /></td> |
| 489 | @ </tr> |
| 490 | } |
| 491 | @ </table> |
| 492 | @ </div></form> |
| 493 | @ </div> |
| 494 | @ <h2>Privileges And Capabilities:</h2> |
| 495 | @ <ul> |
| 496 | if( higherUser ){ |
| 497 | @ <li><p><font color="blue"><b> |
| 498 | @ User %h(zLogin) has Setup privileges and you only have Admin privileges |
| @@ -497,95 +499,97 @@ | |
| 499 | @ so you are not permitted to make changes to %h(zLogin). |
| 500 | @ </b></font></p></li> |
| 501 | @ |
| 502 | } |
| 503 | @ <li><p> |
| 504 | @ The <span class="capability">Setup</span> user can make arbitrary configuration changes. |
| 505 | @ An <span class="usertype">Admin</span> user can add other users and change user privileges |
| 506 | @ and reset user passwords. Both automatically get all other privileges |
| 507 | @ listed below. Use these two settings with discretion. |
| 508 | @ </p></li> |
| 509 | @ |
| 510 | @ <li><p> |
| 511 | @ The "<span class="ueditInheritNobody"><big>•</big></span>" mark indicates |
| 512 | @ the privileges of <span class="usertype">nobody</span> that are available to all users |
| 513 | @ regardless of whether or not they are logged in. |
| 514 | @ </p></li> |
| 515 | @ |
| 516 | @ <li><p> |
| 517 | @ The "<span class="ueditInheritAnonymous"><big>•</big></span>" mark indicates |
| 518 | @ the privileges of <span class="usertype">anonymous</span> that are inherited by all logged-in users. |
| 519 | @ </p></li> |
| 520 | @ |
| 521 | @ <li><p> |
| 522 | @ The "<span class="ueditInheritDeveloper"><big>•</big></span>" mark indicates |
| 523 | @ the privileges of <span class="usertype">developer</span> that are inherited by all users with |
| 524 | @ the <span class="capability">Developer</span> privilege. |
| 525 | @ </p></li> |
| 526 | @ |
| 527 | @ <li><p> |
| 528 | @ The "<span class="ueditInheritReader"><big>•</big></span>" mark indicates |
| 529 | @ the privileges of <span class="usertype">reader</span> that are inherited by all users with |
| 530 | @ the <span class="capability">Reader</span> privilege. |
| 531 | @ </p></li> |
| 532 | @ |
| 533 | @ <li><p> |
| 534 | @ The <span class="capability">Delete</span> privilege give the user the ability to erase |
| 535 | @ wiki, tickets, and attachments that have been added by anonymous |
| 536 | @ users. This capability is intended for deletion of spam. The |
| 537 | @ delete capability is only in effect for 24 hours after the item |
| 538 | @ is first posted. The <span class="usertype">Setup</span> user can delete anything at any time. |
| 539 | @ </p></li> |
| 540 | @ |
| 541 | @ <li><p> |
| 542 | @ The <span class="capability">History</span> privilege allows a user to see most hyperlinks. |
| 543 | @ This is recommended ON for most logged-in users but OFF for |
| 544 | @ user "nobody" to avoid problems with spiders trying to walk every |
| 545 | @ historical version of every baseline and file. |
| 546 | @ </p></li> |
| 547 | @ |
| 548 | @ <li><p> |
| 549 | @ The <span class="capability">Zip</span> privilege allows a user to see the "download as ZIP" |
| 550 | @ hyperlink and permits access to the <tt>/zip</tt> page. This allows |
| 551 | @ users to download ZIP archives without granting other rights like |
| 552 | @ <span class="capability">Read</span> or <span class="capability">History</span>. This privilege is recommended for |
| 553 | @ user <span class="usertype">nobody</span> so that automatic package downloaders can obtain |
| 554 | @ the sources without going through the login procedure. |
| 555 | @ </p></li> |
| 556 | @ |
| 557 | @ <li><p> |
| 558 | @ The <span class="capability">Check-in</span> privilege allows remote users to "push". |
| 559 | @ The <span class="capability">Check-out</span> privilege allows remote users to "pull". |
| 560 | @ The <span class="capability">Clone</span> privilege allows remote users to "clone". |
| 561 | @ </p></li> |
| 562 | @ |
| 563 | @ <li><p> |
| 564 | @ The <span class="capability">Read Wiki</span>, <span class="capability">New Wiki</span>, <span class="capability">Append Wiki</span>, and |
| 565 | @ <b>Write Wiki</b> privileges control access to wiki pages. The |
| 566 | @ <span class="capability">Read Ticket</span>, <span class="capability">New Ticket</span>, <span class="capability">Append Ticket</span>, and |
| 567 | @ <span class="capability">Write Ticket</span> privileges control access to trouble tickets. |
| 568 | @ The <span class="capability">Ticket Report</span> privilege allows the user to create or edit |
| 569 | @ ticket report formats. |
| 570 | @ </p></li> |
| 571 | @ |
| 572 | @ <li><p> |
| 573 | @ Users with the <span class="capability">Password</span> privilege are allowed |
| 574 | @ to change their own password. Recommended ON for most users but OFF for special |
| 575 | @ users <span class="usertype">developer</span>, <span class="usertype">anonymous</span>, |
| 576 | @ and <span class="usertype">nobody</span>. |
| 577 | @ </p></li> |
| 578 | @ |
| 579 | @ <li><p> |
| 580 | @ The <span class="capability">EMail</span> privilege allows the display of |
| 581 | @ sensitive information such as the email address of users and contact information |
| 582 | @ on tickets. Recommended OFF for <span class="usertype">anonymousy</span> and for |
| 583 | @ <span class="usertype">nobody</span> but ON for <span class="usertype">developer</span>. |
| 584 | @ </p></li> |
| 585 | @ |
| 586 | @ <li><p> |
| 587 | @ The <span class="capability">Attachment</span> privilege is needed in order to |
| 588 | @ add attachments to tickets or wiki. Write privilege on the ticket or wiki is |
| 589 | @ also required. |
| 590 | @ </p></li> |
| 591 | @ |
| 592 | @ <li><p> |
| 593 | @ Login is prohibited if the password is an empty string. |
| 594 | @ </p></li> |
| 595 | @ </ul> |
| @@ -592,42 +596,42 @@ | |
| 596 | @ |
| 597 | @ <h2>Special Logins</h2> |
| 598 | @ |
| 599 | @ <ul> |
| 600 | @ <li><p> |
| 601 | @ No login is required for user <span class="usertype">nobody</span>. The |
| 602 | @ capabilities of the <span class="usertype">nobody</span> user are inherited by |
| 603 | @ all users, regardless of whether or not they are logged in. To disable universal |
| 604 | @ access to the repository, make sure no user named <span class="usertype">nobody</span> |
| 605 | @ exists or that the <span class="usertype">nobody</span> user has no capabilities |
| 606 | @ enabled. The password for <span class="usertype">nobody</span> is ignore. To |
| 607 | @ avoid problems with spiders overloading the server, it is recommended |
| 608 | @ that the <span class="capability">h</span> (History) capability be turned off |
| 609 | @ for the <span class="usertype">nobody</span> user. |
| 610 | @ </p></li> |
| 611 | @ |
| 612 | @ <li><p> |
| 613 | @ Login is required for user <span class="usertype">anonymous</span> but the |
| 614 | @ password is displayed on the login screen beside the password entry box |
| 615 | @ so anybody who can read should be able to login as anonymous. |
| 616 | @ On the other hand, spiders and web-crawlers will typically not |
| 617 | @ be able to login. Set the capabilities of the <span class="usertype">anonymous</span> |
| 618 | @ user to things that you want any human to be able to do, but not any |
| 619 | @ spider. Every other logged-in user inherits the privileges of |
| 620 | @ <span class="usertype">anonymous</span>. |
| 621 | @ </p></li> |
| 622 | @ |
| 623 | @ <li><p> |
| 624 | @ The <span class="usertype">developer</span> user is intended as a template |
| 625 | @ for trusted users with check-in privileges. When adding new trusted users, |
| 626 | @ simply select the <span class="capability">developer</span> privilege to cause |
| 627 | @ the new user to inherit all privileges of the <span class="usertype">developer</span> |
| 628 | @ user. Similarly, the <span class="usertype">reader</span> user is a template |
| 629 | @ for users who are allowed more access than <span class="usertype">anonymous</span>, |
| 630 | @ but less than a <span class="usertype">developer</span>. |
| 631 | @ </p></li> |
| 632 | @ </ul> |
| 633 | style_footer(); |
| 634 | } |
| 635 | |
| 636 | |
| 637 | /* |
| @@ -651,13 +655,13 @@ | |
| 655 | db_set(zVar, iQ ? "1" : "0", 0); |
| 656 | iVal = iQ; |
| 657 | } |
| 658 | } |
| 659 | if( iVal ){ |
| 660 | @ <input type="checkbox" name="%s(zQParm)" checked="checked" /><b>%s(zLabel)</b> |
| 661 | }else{ |
| 662 | @ <input type="checkbox" name="%s(zQParm)" /><b>%s(zLabel)</b> |
| 663 | } |
| 664 | } |
| 665 | |
| 666 | /* |
| 667 | ** Generate an entry box for an attribute. |
| @@ -674,11 +678,11 @@ | |
| 678 | if( zQ && strcmp(zQ,zVal)!=0 ){ |
| 679 | login_verify_csrf_secret(); |
| 680 | db_set(zVar, zQ, 0); |
| 681 | zVal = zQ; |
| 682 | } |
| 683 | @ <input type="text" name="%s(zQParm)" value="%h(zVal)" size="%d(width)" /> |
| 684 | @ <b>%s(zLabel)</b> |
| 685 | } |
| 686 | |
| 687 | /* |
| 688 | ** Generate a text box for an attribute. |
| @@ -715,57 +719,57 @@ | |
| 719 | login_needed(); |
| 720 | } |
| 721 | |
| 722 | style_header("Access Control Settings"); |
| 723 | db_begin_transaction(); |
| 724 | @ <form action="%s(g.zBaseURL)/setup_access" method="post"><div> |
| 725 | login_insert_csrf_secret(); |
| 726 | @ <hr /> |
| 727 | onoff_attribute("Require password for local access", |
| 728 | "localauth", "localauth", 0); |
| 729 | @ <p>When enabled, the password sign-in is required for |
| 730 | @ web access coming from 127.0.0.1. When disabled, web access |
| 731 | @ from 127.0.0.1 is allows without any login - the user id is selected |
| 732 | @ from the ~/.fossil database. Password login is always required |
| 733 | @ for incoming web connections on internet addresses other than |
| 734 | @ 127.0.0.1.</p> |
| 735 | |
| 736 | @ <hr /> |
| 737 | onoff_attribute("Allow REMOTE_USER authentication", |
| 738 | "remote_user_ok", "remote_user_ok", 0); |
| 739 | @ <p>When enabled, if the REMOTE_USER environment variable is set to the |
| 740 | @ login name of a valid user and no other login credentials are available, |
| 741 | @ then the REMOTE_USER is accepted as an authenticated user. |
| 742 | @ </p> |
| 743 | |
| 744 | @ <hr /> |
| 745 | entry_attribute("Login expiration time", 6, "cookie-expire", "cex", "8766"); |
| 746 | @ <p>The number of hours for which a login is valid. This must be a |
| 747 | @ positive number. The default is 8760 hours which is approximately equal |
| 748 | @ to a year.</p> |
| 749 | |
| 750 | @ <hr /> |
| 751 | entry_attribute("Download packet limit", 10, "max-download", "mxdwn", |
| 752 | "5000000"); |
| 753 | @ <p>Fossil tries to limit out-bound sync, clone, and pull packets |
| 754 | @ to this many bytes, uncompressed. If the client requires more data |
| 755 | @ than this, then the client will issue multiple HTTP requests. |
| 756 | @ Values below 1 million are not recommended. 5 million is a |
| 757 | @ reasonable number.</p> |
| 758 | |
| 759 | @ <hr /> |
| 760 | onoff_attribute("Show javascript button to fill in CAPTCHA", |
| 761 | "auto-captcha", "autocaptcha", 0); |
| 762 | @ <p>When enabled, a button appears on the login screen for user |
| 763 | @ "anonymous" that will automatically fill in the CAPTCHA password. |
| 764 | @ This is less secure that forcing the user to do it manually, but is |
| 765 | @ probably secure enough and it is certainly more convenient for |
| 766 | @ anonymous users.</p> |
| 767 | |
| 768 | @ <hr /> |
| 769 | @ <p><input type="submit" name="submit" value="Apply Changes" /></p> |
| 770 | @ </div></form> |
| 771 | db_end_transaction(0); |
| 772 | style_footer(); |
| 773 | } |
| 774 | |
| 775 | /* |
| @@ -777,42 +781,42 @@ | |
| 781 | login_needed(); |
| 782 | } |
| 783 | |
| 784 | style_header("Timeline Display Preferences"); |
| 785 | db_begin_transaction(); |
| 786 | @ <form action="%s(g.zBaseURL)/setup_timeline" method="post"><div> |
| 787 | login_insert_csrf_secret(); |
| 788 | |
| 789 | @ <hr /> |
| 790 | onoff_attribute("Allow block-markup in timeline", |
| 791 | "timeline-block-markup", "tbm", 0); |
| 792 | @ <p>In timeline displays, check-in comments can be displayed with or |
| 793 | @ without block markup (paragraphs, tables, etc.)</p> |
| 794 | |
| 795 | @ <hr /> |
| 796 | onoff_attribute("Use Universal Coordinated Time (UTC)", |
| 797 | "timeline-utc", "utc", 1); |
| 798 | @ <p>Show times as UTC (also sometimes called Greenwich Mean Time (GMT) or |
| 799 | @ Zulu) instead of in local time.</p> |
| 800 | |
| 801 | @ <hr /> |
| 802 | onoff_attribute("Show version differences by default", |
| 803 | "show-version-diffs", "vdiff", 0); |
| 804 | @ <p>On the version-information pages linked from the timeline can either |
| 805 | @ show complete diffs of all file changes, or can just list the names of |
| 806 | @ the files that have changed. Users can get to either page by |
| 807 | @ clicking. This setting selects the default.</p> |
| 808 | |
| 809 | @ <hr /> |
| 810 | entry_attribute("Max timeline comment length", 6, |
| 811 | "timeline-max-comment", "tmc", "0"); |
| 812 | @ <p>The maximum length of a comment to be displayed in a timeline. |
| 813 | @ "0" there is no length limit.</p> |
| 814 | |
| 815 | @ <hr /> |
| 816 | @ <p><input type="submit" name="submit" value="Apply Changes" /></p> |
| 817 | @ </div></form> |
| 818 | db_end_transaction(0); |
| 819 | style_footer(); |
| 820 | } |
| 821 | |
| 822 | /* |
| @@ -824,11 +828,11 @@ | |
| 828 | login_needed(); |
| 829 | } |
| 830 | |
| 831 | style_header("WWW Configuration"); |
| 832 | db_begin_transaction(); |
| 833 | @ <form action="%s(g.zBaseURL)/setup_config" method="post"><div> |
| 834 | login_insert_csrf_secret(); |
| 835 | @ <hr /> |
| 836 | entry_attribute("Project Name", 60, "project-name", "pn", ""); |
| 837 | @ <p>Give your project a name so visitors know what this site is about. |
| 838 | @ The project name will also be used as the RSS feed title.</p> |
| @@ -841,16 +845,16 @@ | |
| 845 | entry_attribute("Index Page", 60, "index-page", "idxpg", "/home"); |
| 846 | @ <p>Enter the pathname of the page to display when the "Home" menu |
| 847 | @ option is selected and when no pathname is |
| 848 | @ specified in the URL. For example, if you visit the url:</p> |
| 849 | @ |
| 850 | @ <blockquote><p>%h(g.zBaseURL)</p></blockquote> |
| 851 | @ |
| 852 | @ <p>And you have specified an index page of "/home" the above will |
| 853 | @ automatically redirect to:</p> |
| 854 | @ |
| 855 | @ <blockquote><p>%h(g.zBaseURL)/home</p></blockquote> |
| 856 | @ |
| 857 | @ <p>The default "/home" page displays a Wiki page with the same name |
| 858 | @ as the Project Name specified above. Some sites prefer to redirect |
| 859 | @ to a documentation page (ex: "/doc/tip/index.wiki") or to "/timeline".</p> |
| 860 | @ <hr /> |
| @@ -865,12 +869,12 @@ | |
| 869 | @ users to inject dangerous HTML, CSS and JavaScript code into your wiki.</p> |
| 870 | @ <p>This should <strong>only</strong> be enabled when wiki editing is limited |
| 871 | @ to trusted users. It should <strong>not</strong> be used on a publically |
| 872 | @ editable wiki.</p> |
| 873 | @ <hr /> |
| 874 | @ <p><input type="submit" name="submit" value="Apply Changes" /></p> |
| 875 | @ </div></form> |
| 876 | db_end_transaction(0); |
| 877 | style_footer(); |
| 878 | } |
| 879 | |
| 880 | /* |
| @@ -931,21 +935,21 @@ | |
| 935 | cgi_replace_parameter("header", zDefaultHeader); |
| 936 | }else{ |
| 937 | textarea_attribute(0, 0, 0, "header", "header", zDefaultHeader); |
| 938 | } |
| 939 | style_header("Edit Page Header"); |
| 940 | @ <form action="%s(g.zBaseURL)/setup_header" method="post"><div> |
| 941 | login_insert_csrf_secret(); |
| 942 | @ <p>Edit HTML text with embedded TH1 (a TCL dialect) that will be used to |
| 943 | @ generate the beginning of every page through start of the main |
| 944 | @ menu.</p> |
| 945 | textarea_attribute("", 40, 80, "header", "header", zDefaultHeader); |
| 946 | @ <br /> |
| 947 | @ <input type="submit" name="submit" value="Apply Changes" /> |
| 948 | @ <input type="submit" name="clear" value="Revert To Default" /> |
| 949 | @ </div></form> |
| 950 | @ <hr /> |
| 951 | @ The default header is shown below for reference. Other examples |
| 952 | @ of headers can be seen on the <a href="setup_skin">skins page</a>. |
| 953 | @ See also the <a href="setup_editcss">CSS</a> and |
| 954 | @ <a href="setup_footer">footer</a> editing screeens. |
| 955 | @ <blockquote><pre> |
| @@ -969,20 +973,20 @@ | |
| 973 | cgi_replace_parameter("footer", zDefaultFooter); |
| 974 | }else{ |
| 975 | textarea_attribute(0, 0, 0, "footer", "footer", zDefaultFooter); |
| 976 | } |
| 977 | style_header("Edit Page Footer"); |
| 978 | @ <form action="%s(g.zBaseURL)/setup_footer" method="post"><div> |
| 979 | login_insert_csrf_secret(); |
| 980 | @ <p>Edit HTML text with embedded TH1 (a TCL dialect) that will be used to |
| 981 | @ generate the end of every page.</p> |
| 982 | textarea_attribute("", 20, 80, "footer", "footer", zDefaultFooter); |
| 983 | @ <br /> |
| 984 | @ <input type="submit" name="submit" value="Apply Changes" /> |
| 985 | @ <input type="submit" name="clear" value="Revert To Default" /> |
| 986 | @ </div></form> |
| 987 | @ <hr /> |
| 988 | @ The default footer is shown below for reference. Other examples |
| 989 | @ of footers can be seen on the <a href="setup_skin">skins page</a>. |
| 990 | @ See also the <a href="setup_editcss">CSS</a> and |
| 991 | @ <a href="setup_header">header</a> editing screens. |
| 992 | @ <blockquote><pre> |
| @@ -1032,31 +1036,31 @@ | |
| 1036 | cgi_redirect("setup_logo"); |
| 1037 | } |
| 1038 | style_header("Edit Project Logo"); |
| 1039 | @ <p>The current project logo has a MIME-Type of <b>%h(zMime)</b> and looks |
| 1040 | @ like this:</p> |
| 1041 | @ <blockquote><p><img src="%s(g.zTop)/logo" alt="logo" /></p></blockquote> |
| 1042 | @ |
| 1043 | @ <p>The logo is accessible to all users at this URL: |
| 1044 | @ <a href="%s(g.zBaseURL)/logo">%s(g.zBaseURL)/logo</a>. |
| 1045 | @ The logo may or may not appear on each |
| 1046 | @ page depending on the <a href="setup_editcss">CSS</a> and |
| 1047 | @ <a href="setup_header">header setup</a>.</p> |
| 1048 | @ |
| 1049 | @ <form action="%s(g.zBaseURL)/setup_logo" method="post" |
| 1050 | @ enctype="multipart/form-data"><div> |
| 1051 | @ <p>To set a new logo image, select a file to use as the logo using |
| 1052 | @ the entry box below and then press the "Change Logo" button.</p> |
| 1053 | login_insert_csrf_secret(); |
| 1054 | @ Logo Image file: |
| 1055 | @ <input type="file" name="im" size="60" accept="image/*" /><br /> |
| 1056 | @ <input type="submit" name="set" value="Change Logo" /> |
| 1057 | @ <input type="submit" name="clr" value="Revert To Default" /> |
| 1058 | @ </div></form> |
| 1059 | @ |
| 1060 | @ <p><span class="note">Note:</span> Your browser has probably cached the logo image, so |
| 1061 | @ you will probably need to press the Reload button on your browser after |
| 1062 | @ changing the logo to provoke your browser to reload the new logo image. |
| 1063 | @ </p> |
| 1064 | style_footer(); |
| 1065 | db_end_transaction(0); |
| 1066 | } |
| 1067 |
+29
-26
| --- src/shun.c | ||
| +++ src/shun.c | ||
| @@ -112,63 +112,63 @@ | ||
| 112 | 112 | @ or artifacts that by design or accident interfere with the processing |
| 113 | 113 | @ of the repository. Do not shun artifacts merely to remove them from |
| 114 | 114 | @ sight - set the "hidden" tag on such artifacts instead.</p> |
| 115 | 115 | @ |
| 116 | 116 | @ <blockquote> |
| 117 | - @ <form method="POST" action="%s(g.zBaseURL)/%s(g.zPath)"> | |
| 117 | + @ <form method="post" action="%s(g.zBaseURL)/%s(g.zPath)"><div> | |
| 118 | 118 | login_insert_csrf_secret(); |
| 119 | - @ <input type="text" name="uuid" value="%h(PD("shun",""))" size="50"> | |
| 120 | - @ <input type="submit" name="add" value="Shun"> | |
| 121 | - @ </form> | |
| 119 | + @ <input type="text" name="uuid" value="%h(PD("shun",""))" size="50" /> | |
| 120 | + @ <input type="submit" name="add" value="Shun" /> | |
| 121 | + @ </div></form> | |
| 122 | 122 | @ </blockquote> |
| 123 | 123 | @ |
| 124 | 124 | @ <p>Enter the UUID of a previous shunned artifact to cause it to be |
| 125 | 125 | @ accepted again in the repository. The artifact content is not |
| 126 | 126 | @ restored because the content is unknown. The only change is that |
| 127 | 127 | @ the formerly shunned artifact will be accepted on subsequent sync |
| 128 | 128 | @ operations.</p> |
| 129 | 129 | @ |
| 130 | 130 | @ <blockquote> |
| 131 | - @ <form method="POST" action="%s(g.zBaseURL)/%s(g.zPath)"> | |
| 131 | + @ <form method="post" action="%s(g.zBaseURL)/%s(g.zPath)"><div> | |
| 132 | 132 | login_insert_csrf_secret(); |
| 133 | - @ <input type="text" name="uuid" size="50"> | |
| 134 | - @ <input type="submit" name="sub" value="Accept"> | |
| 135 | - @ </form> | |
| 133 | + @ <input type="text" name="uuid" size="50" /> | |
| 134 | + @ <input type="submit" name="sub" value="Accept" /> | |
| 135 | + @ </div></form> | |
| 136 | 136 | @ </blockquote> |
| 137 | 137 | @ |
| 138 | 138 | @ <p>Press the Rebuild button below to rebuild the respository. The |
| 139 | 139 | @ content of newly shunned artifacts is not purged until the repository |
| 140 | 140 | @ is rebuilt. On larger repositories, the rebuild may take minute or |
| 141 | 141 | @ two, so be patient after pressing the button.</p> |
| 142 | 142 | @ |
| 143 | 143 | @ <blockquote> |
| 144 | - @ <form method="POST" action="%s(g.zBaseURL)/%s(g.zPath)"> | |
| 144 | + @ <form method="post" action="%s(g.zBaseURL)/%s(g.zPath)"><div> | |
| 145 | 145 | login_insert_csrf_secret(); |
| 146 | - @ <input type="submit" name="rebuild" value="Rebuild"> | |
| 147 | - @ </form> | |
| 146 | + @ <input type="submit" name="rebuild" value="Rebuild" /> | |
| 147 | + @ </div></form> | |
| 148 | 148 | @ </blockquote> |
| 149 | 149 | @ |
| 150 | - @ <hr><p>Shunned Artifacts:</p> | |
| 151 | - @ <blockquote> | |
| 150 | + @ <hr /><p>Shunned Artifacts:</p> | |
| 151 | + @ <blockquote><p> | |
| 152 | 152 | db_prepare(&q, |
| 153 | 153 | "SELECT uuid, EXISTS(SELECT 1 FROM blob WHERE blob.uuid=shun.uuid)" |
| 154 | 154 | " FROM shun ORDER BY uuid"); |
| 155 | 155 | while( db_step(&q)==SQLITE_ROW ){ |
| 156 | 156 | const char *zUuid = db_column_text(&q, 0); |
| 157 | 157 | int stillExists = db_column_int(&q, 1); |
| 158 | 158 | cnt++; |
| 159 | 159 | if( stillExists ){ |
| 160 | - @ <b><a href="%s(g.zBaseURL)/artifact/%s(zUuid)">%s(zUuid)</a></b><br> | |
| 160 | + @ <b><a href="%s(g.zBaseURL)/artifact/%s(zUuid)">%s(zUuid)</a></b><br /> | |
| 161 | 161 | }else{ |
| 162 | - @ <b>%s(zUuid)</b><br> | |
| 162 | + @ <b>%s(zUuid)</b><br /> | |
| 163 | 163 | } |
| 164 | 164 | } |
| 165 | 165 | if( cnt==0 ){ |
| 166 | 166 | @ <i>no artifacts are shunned on this server</i> |
| 167 | 167 | } |
| 168 | 168 | db_finalize(&q); |
| 169 | - @ </blockquote> | |
| 169 | + @ </p></blockquote> | |
| 170 | 170 | style_footer(); |
| 171 | 171 | } |
| 172 | 172 | |
| 173 | 173 | /* |
| 174 | 174 | ** Remove from the BLOB table all artifacts that are in the SHUN table. |
| @@ -229,14 +229,15 @@ | ||
| 229 | 229 | @ |
| 230 | 230 | @ <p>Click on the "rcvid" to show a list of specific artifacts received |
| 231 | 231 | @ by a transaction. After identifying illicit artifacts, remove them |
| 232 | 232 | @ using the "Shun" feature.</p> |
| 233 | 233 | @ |
| 234 | - @ <table cellpadding=0 cellspacing=0 border=0> | |
| 235 | - @ <tr><th>rcvid</th><th width=15> | |
| 236 | - @ <th>Date</th><th width=15><th>User</th> | |
| 237 | - @ <th width=15><th>IP Address</th></tr> | |
| 234 | + @ <table cellpadding="0" cellspacing="0" border="0"> | |
| 235 | + @ <tr><th style="padding-right: 15px;text-align: right;">rcvid</th> | |
| 236 | + @ <th style="padding-right: 15px;text-align: left;">Date</th> | |
| 237 | + @ <th style="padding-right: 15px;text-align: left;">User</th> | |
| 238 | + @ <th style="text-align: left;">IP Address</th></tr> | |
| 238 | 239 | cnt = 0; |
| 239 | 240 | while( db_step(&q)==SQLITE_ROW ){ |
| 240 | 241 | int rcvid = db_column_int(&q, 0); |
| 241 | 242 | const char *zUser = db_column_text(&q, 1); |
| 242 | 243 | const char *zDate = db_column_text(&q, 2); |
| @@ -245,14 +246,14 @@ | ||
| 245 | 246 | style_submenu_element("Older", "Older", |
| 246 | 247 | "rcvfromlist?ofst=%d", ofst+30); |
| 247 | 248 | }else{ |
| 248 | 249 | cnt++; |
| 249 | 250 | @ <tr> |
| 250 | - @ <td><a href="rcvfrom?rcvid=%d(rcvid)">%d(rcvid)</a></td><td> | |
| 251 | - @ <td>%s(zDate)</td><td> | |
| 252 | - @ <td>%h(zUser)</td><td> | |
| 253 | - @ <td> %s(zIpAddr) </td> | |
| 251 | + @ <td style="padding-right: 15px;text-align: right;"><a href="rcvfrom?rcvid=%d(rcvid)">%d(rcvid)</a></td> | |
| 252 | + @ <td style="padding-right: 15px;text-align: left;">%s(zDate)</td> | |
| 253 | + @ <td style="padding-right: 15px;text-align: left;">%h(zUser)</td> | |
| 254 | + @ <td style="text-align: left;">%s(zIpAddr)</td> | |
| 254 | 255 | @ </tr> |
| 255 | 256 | } |
| 256 | 257 | } |
| 257 | 258 | db_finalize(&q); |
| 258 | 259 | @ </table> |
| @@ -277,11 +278,11 @@ | ||
| 277 | 278 | "SELECT login, datetime(rcvfrom.mtime), rcvfrom.ipaddr" |
| 278 | 279 | " FROM rcvfrom LEFT JOIN user USING(uid)" |
| 279 | 280 | " WHERE rcvid=%d", |
| 280 | 281 | rcvid |
| 281 | 282 | ); |
| 282 | - @ <table cellspacing=15 cellpadding=0 border=0> | |
| 283 | + @ <table cellspacing="15" cellpadding="0" border="0"> | |
| 283 | 284 | @ <tr><td valign="top" align="right"><b>rcvid:</b></td> |
| 284 | 285 | @ <td valign="top">%d(rcvid)</td></tr> |
| 285 | 286 | if( db_step(&q)==SQLITE_ROW ){ |
| 286 | 287 | const char *zUser = db_column_text(&q, 0); |
| 287 | 288 | const char *zDate = db_column_text(&q, 1); |
| @@ -302,10 +303,12 @@ | ||
| 302 | 303 | while( db_step(&q)==SQLITE_ROW ){ |
| 303 | 304 | int rid = db_column_int(&q, 0); |
| 304 | 305 | const char *zUuid = db_column_text(&q, 1); |
| 305 | 306 | int size = db_column_int(&q, 2); |
| 306 | 307 | @ <a href="%s(g.zBaseURL)/info/%s(zUuid)">%s(zUuid)</a> |
| 307 | - @ (rid: %d(rid), size: %d(size))<br> | |
| 308 | + @ (rid: %d(rid), size: %d(size))<br /> | |
| 308 | 309 | } |
| 309 | 310 | @ </td></tr> |
| 310 | 311 | @ </table> |
| 312 | + db_finalize(&q); | |
| 313 | + style_footer(); | |
| 311 | 314 | } |
| 312 | 315 |
| --- src/shun.c | |
| +++ src/shun.c | |
| @@ -112,63 +112,63 @@ | |
| 112 | @ or artifacts that by design or accident interfere with the processing |
| 113 | @ of the repository. Do not shun artifacts merely to remove them from |
| 114 | @ sight - set the "hidden" tag on such artifacts instead.</p> |
| 115 | @ |
| 116 | @ <blockquote> |
| 117 | @ <form method="POST" action="%s(g.zBaseURL)/%s(g.zPath)"> |
| 118 | login_insert_csrf_secret(); |
| 119 | @ <input type="text" name="uuid" value="%h(PD("shun",""))" size="50"> |
| 120 | @ <input type="submit" name="add" value="Shun"> |
| 121 | @ </form> |
| 122 | @ </blockquote> |
| 123 | @ |
| 124 | @ <p>Enter the UUID of a previous shunned artifact to cause it to be |
| 125 | @ accepted again in the repository. The artifact content is not |
| 126 | @ restored because the content is unknown. The only change is that |
| 127 | @ the formerly shunned artifact will be accepted on subsequent sync |
| 128 | @ operations.</p> |
| 129 | @ |
| 130 | @ <blockquote> |
| 131 | @ <form method="POST" action="%s(g.zBaseURL)/%s(g.zPath)"> |
| 132 | login_insert_csrf_secret(); |
| 133 | @ <input type="text" name="uuid" size="50"> |
| 134 | @ <input type="submit" name="sub" value="Accept"> |
| 135 | @ </form> |
| 136 | @ </blockquote> |
| 137 | @ |
| 138 | @ <p>Press the Rebuild button below to rebuild the respository. The |
| 139 | @ content of newly shunned artifacts is not purged until the repository |
| 140 | @ is rebuilt. On larger repositories, the rebuild may take minute or |
| 141 | @ two, so be patient after pressing the button.</p> |
| 142 | @ |
| 143 | @ <blockquote> |
| 144 | @ <form method="POST" action="%s(g.zBaseURL)/%s(g.zPath)"> |
| 145 | login_insert_csrf_secret(); |
| 146 | @ <input type="submit" name="rebuild" value="Rebuild"> |
| 147 | @ </form> |
| 148 | @ </blockquote> |
| 149 | @ |
| 150 | @ <hr><p>Shunned Artifacts:</p> |
| 151 | @ <blockquote> |
| 152 | db_prepare(&q, |
| 153 | "SELECT uuid, EXISTS(SELECT 1 FROM blob WHERE blob.uuid=shun.uuid)" |
| 154 | " FROM shun ORDER BY uuid"); |
| 155 | while( db_step(&q)==SQLITE_ROW ){ |
| 156 | const char *zUuid = db_column_text(&q, 0); |
| 157 | int stillExists = db_column_int(&q, 1); |
| 158 | cnt++; |
| 159 | if( stillExists ){ |
| 160 | @ <b><a href="%s(g.zBaseURL)/artifact/%s(zUuid)">%s(zUuid)</a></b><br> |
| 161 | }else{ |
| 162 | @ <b>%s(zUuid)</b><br> |
| 163 | } |
| 164 | } |
| 165 | if( cnt==0 ){ |
| 166 | @ <i>no artifacts are shunned on this server</i> |
| 167 | } |
| 168 | db_finalize(&q); |
| 169 | @ </blockquote> |
| 170 | style_footer(); |
| 171 | } |
| 172 | |
| 173 | /* |
| 174 | ** Remove from the BLOB table all artifacts that are in the SHUN table. |
| @@ -229,14 +229,15 @@ | |
| 229 | @ |
| 230 | @ <p>Click on the "rcvid" to show a list of specific artifacts received |
| 231 | @ by a transaction. After identifying illicit artifacts, remove them |
| 232 | @ using the "Shun" feature.</p> |
| 233 | @ |
| 234 | @ <table cellpadding=0 cellspacing=0 border=0> |
| 235 | @ <tr><th>rcvid</th><th width=15> |
| 236 | @ <th>Date</th><th width=15><th>User</th> |
| 237 | @ <th width=15><th>IP Address</th></tr> |
| 238 | cnt = 0; |
| 239 | while( db_step(&q)==SQLITE_ROW ){ |
| 240 | int rcvid = db_column_int(&q, 0); |
| 241 | const char *zUser = db_column_text(&q, 1); |
| 242 | const char *zDate = db_column_text(&q, 2); |
| @@ -245,14 +246,14 @@ | |
| 245 | style_submenu_element("Older", "Older", |
| 246 | "rcvfromlist?ofst=%d", ofst+30); |
| 247 | }else{ |
| 248 | cnt++; |
| 249 | @ <tr> |
| 250 | @ <td><a href="rcvfrom?rcvid=%d(rcvid)">%d(rcvid)</a></td><td> |
| 251 | @ <td>%s(zDate)</td><td> |
| 252 | @ <td>%h(zUser)</td><td> |
| 253 | @ <td> %s(zIpAddr) </td> |
| 254 | @ </tr> |
| 255 | } |
| 256 | } |
| 257 | db_finalize(&q); |
| 258 | @ </table> |
| @@ -277,11 +278,11 @@ | |
| 277 | "SELECT login, datetime(rcvfrom.mtime), rcvfrom.ipaddr" |
| 278 | " FROM rcvfrom LEFT JOIN user USING(uid)" |
| 279 | " WHERE rcvid=%d", |
| 280 | rcvid |
| 281 | ); |
| 282 | @ <table cellspacing=15 cellpadding=0 border=0> |
| 283 | @ <tr><td valign="top" align="right"><b>rcvid:</b></td> |
| 284 | @ <td valign="top">%d(rcvid)</td></tr> |
| 285 | if( db_step(&q)==SQLITE_ROW ){ |
| 286 | const char *zUser = db_column_text(&q, 0); |
| 287 | const char *zDate = db_column_text(&q, 1); |
| @@ -302,10 +303,12 @@ | |
| 302 | while( db_step(&q)==SQLITE_ROW ){ |
| 303 | int rid = db_column_int(&q, 0); |
| 304 | const char *zUuid = db_column_text(&q, 1); |
| 305 | int size = db_column_int(&q, 2); |
| 306 | @ <a href="%s(g.zBaseURL)/info/%s(zUuid)">%s(zUuid)</a> |
| 307 | @ (rid: %d(rid), size: %d(size))<br> |
| 308 | } |
| 309 | @ </td></tr> |
| 310 | @ </table> |
| 311 | } |
| 312 |
| --- src/shun.c | |
| +++ src/shun.c | |
| @@ -112,63 +112,63 @@ | |
| 112 | @ or artifacts that by design or accident interfere with the processing |
| 113 | @ of the repository. Do not shun artifacts merely to remove them from |
| 114 | @ sight - set the "hidden" tag on such artifacts instead.</p> |
| 115 | @ |
| 116 | @ <blockquote> |
| 117 | @ <form method="post" action="%s(g.zBaseURL)/%s(g.zPath)"><div> |
| 118 | login_insert_csrf_secret(); |
| 119 | @ <input type="text" name="uuid" value="%h(PD("shun",""))" size="50" /> |
| 120 | @ <input type="submit" name="add" value="Shun" /> |
| 121 | @ </div></form> |
| 122 | @ </blockquote> |
| 123 | @ |
| 124 | @ <p>Enter the UUID of a previous shunned artifact to cause it to be |
| 125 | @ accepted again in the repository. The artifact content is not |
| 126 | @ restored because the content is unknown. The only change is that |
| 127 | @ the formerly shunned artifact will be accepted on subsequent sync |
| 128 | @ operations.</p> |
| 129 | @ |
| 130 | @ <blockquote> |
| 131 | @ <form method="post" action="%s(g.zBaseURL)/%s(g.zPath)"><div> |
| 132 | login_insert_csrf_secret(); |
| 133 | @ <input type="text" name="uuid" size="50" /> |
| 134 | @ <input type="submit" name="sub" value="Accept" /> |
| 135 | @ </div></form> |
| 136 | @ </blockquote> |
| 137 | @ |
| 138 | @ <p>Press the Rebuild button below to rebuild the respository. The |
| 139 | @ content of newly shunned artifacts is not purged until the repository |
| 140 | @ is rebuilt. On larger repositories, the rebuild may take minute or |
| 141 | @ two, so be patient after pressing the button.</p> |
| 142 | @ |
| 143 | @ <blockquote> |
| 144 | @ <form method="post" action="%s(g.zBaseURL)/%s(g.zPath)"><div> |
| 145 | login_insert_csrf_secret(); |
| 146 | @ <input type="submit" name="rebuild" value="Rebuild" /> |
| 147 | @ </div></form> |
| 148 | @ </blockquote> |
| 149 | @ |
| 150 | @ <hr /><p>Shunned Artifacts:</p> |
| 151 | @ <blockquote><p> |
| 152 | db_prepare(&q, |
| 153 | "SELECT uuid, EXISTS(SELECT 1 FROM blob WHERE blob.uuid=shun.uuid)" |
| 154 | " FROM shun ORDER BY uuid"); |
| 155 | while( db_step(&q)==SQLITE_ROW ){ |
| 156 | const char *zUuid = db_column_text(&q, 0); |
| 157 | int stillExists = db_column_int(&q, 1); |
| 158 | cnt++; |
| 159 | if( stillExists ){ |
| 160 | @ <b><a href="%s(g.zBaseURL)/artifact/%s(zUuid)">%s(zUuid)</a></b><br /> |
| 161 | }else{ |
| 162 | @ <b>%s(zUuid)</b><br /> |
| 163 | } |
| 164 | } |
| 165 | if( cnt==0 ){ |
| 166 | @ <i>no artifacts are shunned on this server</i> |
| 167 | } |
| 168 | db_finalize(&q); |
| 169 | @ </p></blockquote> |
| 170 | style_footer(); |
| 171 | } |
| 172 | |
| 173 | /* |
| 174 | ** Remove from the BLOB table all artifacts that are in the SHUN table. |
| @@ -229,14 +229,15 @@ | |
| 229 | @ |
| 230 | @ <p>Click on the "rcvid" to show a list of specific artifacts received |
| 231 | @ by a transaction. After identifying illicit artifacts, remove them |
| 232 | @ using the "Shun" feature.</p> |
| 233 | @ |
| 234 | @ <table cellpadding="0" cellspacing="0" border="0"> |
| 235 | @ <tr><th style="padding-right: 15px;text-align: right;">rcvid</th> |
| 236 | @ <th style="padding-right: 15px;text-align: left;">Date</th> |
| 237 | @ <th style="padding-right: 15px;text-align: left;">User</th> |
| 238 | @ <th style="text-align: left;">IP Address</th></tr> |
| 239 | cnt = 0; |
| 240 | while( db_step(&q)==SQLITE_ROW ){ |
| 241 | int rcvid = db_column_int(&q, 0); |
| 242 | const char *zUser = db_column_text(&q, 1); |
| 243 | const char *zDate = db_column_text(&q, 2); |
| @@ -245,14 +246,14 @@ | |
| 246 | style_submenu_element("Older", "Older", |
| 247 | "rcvfromlist?ofst=%d", ofst+30); |
| 248 | }else{ |
| 249 | cnt++; |
| 250 | @ <tr> |
| 251 | @ <td style="padding-right: 15px;text-align: right;"><a href="rcvfrom?rcvid=%d(rcvid)">%d(rcvid)</a></td> |
| 252 | @ <td style="padding-right: 15px;text-align: left;">%s(zDate)</td> |
| 253 | @ <td style="padding-right: 15px;text-align: left;">%h(zUser)</td> |
| 254 | @ <td style="text-align: left;">%s(zIpAddr)</td> |
| 255 | @ </tr> |
| 256 | } |
| 257 | } |
| 258 | db_finalize(&q); |
| 259 | @ </table> |
| @@ -277,11 +278,11 @@ | |
| 278 | "SELECT login, datetime(rcvfrom.mtime), rcvfrom.ipaddr" |
| 279 | " FROM rcvfrom LEFT JOIN user USING(uid)" |
| 280 | " WHERE rcvid=%d", |
| 281 | rcvid |
| 282 | ); |
| 283 | @ <table cellspacing="15" cellpadding="0" border="0"> |
| 284 | @ <tr><td valign="top" align="right"><b>rcvid:</b></td> |
| 285 | @ <td valign="top">%d(rcvid)</td></tr> |
| 286 | if( db_step(&q)==SQLITE_ROW ){ |
| 287 | const char *zUser = db_column_text(&q, 0); |
| 288 | const char *zDate = db_column_text(&q, 1); |
| @@ -302,10 +303,12 @@ | |
| 303 | while( db_step(&q)==SQLITE_ROW ){ |
| 304 | int rid = db_column_int(&q, 0); |
| 305 | const char *zUuid = db_column_text(&q, 1); |
| 306 | int size = db_column_int(&q, 2); |
| 307 | @ <a href="%s(g.zBaseURL)/info/%s(zUuid)">%s(zUuid)</a> |
| 308 | @ (rid: %d(rid), size: %d(size))<br /> |
| 309 | } |
| 310 | @ </td></tr> |
| 311 | @ </table> |
| 312 | db_finalize(&q); |
| 313 | style_footer(); |
| 314 | } |
| 315 |
+9
-9
| --- src/skins.c | ||
| +++ src/skins.c | ||
| @@ -731,18 +731,18 @@ | ||
| 731 | 731 | db_begin_transaction(); |
| 732 | 732 | |
| 733 | 733 | /* Process requests to delete a user-defined skin */ |
| 734 | 734 | if( P("del1") && (zName = skinVarName(P("sn"), 1))!=0 ){ |
| 735 | 735 | style_header("Confirm Custom Skin Delete"); |
| 736 | - @ <form action="%s(g.zBaseURL)/setup_skin" method="POST"> | |
| 736 | + @ <form action="%s(g.zBaseURL)/setup_skin" method="post"><div> | |
| 737 | 737 | @ <p>Deletion of a custom skin is a permanent action that cannot |
| 738 | 738 | @ be undone. Please confirm that this is what you want to do:</p> |
| 739 | - @ <input type="hidden" name="sn" value="%h(P("sn"))"> | |
| 740 | - @ <input type="submit" name="del2" value="Confirm - Delete The Skin"> | |
| 741 | - @ <input type="submit" name="cancel" value="Cancel - Do Not Delete"> | |
| 739 | + @ <input type="hidden" name="sn" value="%h(P("sn"))" /> | |
| 740 | + @ <input type="submit" name="del2" value="Confirm - Delete The Skin" /> | |
| 741 | + @ <input type="submit" name="cancel" value="Cancel - Do Not Delete" /> | |
| 742 | 742 | login_insert_csrf_secret(); |
| 743 | - @ </form> | |
| 743 | + @ </div></form> | |
| 744 | 744 | style_footer(); |
| 745 | 745 | return; |
| 746 | 746 | } |
| 747 | 747 | if( P("del2")!=0 && (zName = skinVarName(P("sn"), 1))!=0 ){ |
| 748 | 748 | db_multi_exec("DELETE FROM config WHERE name=%Q", zName); |
| @@ -812,15 +812,15 @@ | ||
| 812 | 812 | for(i=0; i<sizeof(aBuiltinSkin)/sizeof(aBuiltinSkin[0]); i++){ |
| 813 | 813 | z = aBuiltinSkin[i].zName; |
| 814 | 814 | if( strcmp(aBuiltinSkin[i].zValue, zCurrent)==0 ){ |
| 815 | 815 | @ <li><p>%h(z). <b>Currently In Use</b></p> |
| 816 | 816 | }else{ |
| 817 | - @ <li><form action="%s(g.zBaseURL)/setup_skin" method="POST"> | |
| 817 | + @ <li><form action="%s(g.zBaseURL)/setup_skin" method="post"><div> | |
| 818 | 818 | @ %h(z). |
| 819 | - @ <input type="hidden" name="sn" value="%h(z)"> | |
| 820 | - @ <input type="submit" name="load" value="Use This Skin"> | |
| 821 | - @ </form></li> | |
| 819 | + @ <input type="hidden" name="sn" value="%h(z)" /> | |
| 820 | + @ <input type="submit" name="load" value="Use This Skin" /> | |
| 821 | + @ </div></form></li> | |
| 822 | 822 | } |
| 823 | 823 | } |
| 824 | 824 | db_prepare(&q, |
| 825 | 825 | "SELECT substr(name, 6), value FROM config" |
| 826 | 826 | " WHERE name GLOB 'skin:*'" |
| 827 | 827 |
| --- src/skins.c | |
| +++ src/skins.c | |
| @@ -731,18 +731,18 @@ | |
| 731 | db_begin_transaction(); |
| 732 | |
| 733 | /* Process requests to delete a user-defined skin */ |
| 734 | if( P("del1") && (zName = skinVarName(P("sn"), 1))!=0 ){ |
| 735 | style_header("Confirm Custom Skin Delete"); |
| 736 | @ <form action="%s(g.zBaseURL)/setup_skin" method="POST"> |
| 737 | @ <p>Deletion of a custom skin is a permanent action that cannot |
| 738 | @ be undone. Please confirm that this is what you want to do:</p> |
| 739 | @ <input type="hidden" name="sn" value="%h(P("sn"))"> |
| 740 | @ <input type="submit" name="del2" value="Confirm - Delete The Skin"> |
| 741 | @ <input type="submit" name="cancel" value="Cancel - Do Not Delete"> |
| 742 | login_insert_csrf_secret(); |
| 743 | @ </form> |
| 744 | style_footer(); |
| 745 | return; |
| 746 | } |
| 747 | if( P("del2")!=0 && (zName = skinVarName(P("sn"), 1))!=0 ){ |
| 748 | db_multi_exec("DELETE FROM config WHERE name=%Q", zName); |
| @@ -812,15 +812,15 @@ | |
| 812 | for(i=0; i<sizeof(aBuiltinSkin)/sizeof(aBuiltinSkin[0]); i++){ |
| 813 | z = aBuiltinSkin[i].zName; |
| 814 | if( strcmp(aBuiltinSkin[i].zValue, zCurrent)==0 ){ |
| 815 | @ <li><p>%h(z). <b>Currently In Use</b></p> |
| 816 | }else{ |
| 817 | @ <li><form action="%s(g.zBaseURL)/setup_skin" method="POST"> |
| 818 | @ %h(z). |
| 819 | @ <input type="hidden" name="sn" value="%h(z)"> |
| 820 | @ <input type="submit" name="load" value="Use This Skin"> |
| 821 | @ </form></li> |
| 822 | } |
| 823 | } |
| 824 | db_prepare(&q, |
| 825 | "SELECT substr(name, 6), value FROM config" |
| 826 | " WHERE name GLOB 'skin:*'" |
| 827 |
| --- src/skins.c | |
| +++ src/skins.c | |
| @@ -731,18 +731,18 @@ | |
| 731 | db_begin_transaction(); |
| 732 | |
| 733 | /* Process requests to delete a user-defined skin */ |
| 734 | if( P("del1") && (zName = skinVarName(P("sn"), 1))!=0 ){ |
| 735 | style_header("Confirm Custom Skin Delete"); |
| 736 | @ <form action="%s(g.zBaseURL)/setup_skin" method="post"><div> |
| 737 | @ <p>Deletion of a custom skin is a permanent action that cannot |
| 738 | @ be undone. Please confirm that this is what you want to do:</p> |
| 739 | @ <input type="hidden" name="sn" value="%h(P("sn"))" /> |
| 740 | @ <input type="submit" name="del2" value="Confirm - Delete The Skin" /> |
| 741 | @ <input type="submit" name="cancel" value="Cancel - Do Not Delete" /> |
| 742 | login_insert_csrf_secret(); |
| 743 | @ </div></form> |
| 744 | style_footer(); |
| 745 | return; |
| 746 | } |
| 747 | if( P("del2")!=0 && (zName = skinVarName(P("sn"), 1))!=0 ){ |
| 748 | db_multi_exec("DELETE FROM config WHERE name=%Q", zName); |
| @@ -812,15 +812,15 @@ | |
| 812 | for(i=0; i<sizeof(aBuiltinSkin)/sizeof(aBuiltinSkin[0]); i++){ |
| 813 | z = aBuiltinSkin[i].zName; |
| 814 | if( strcmp(aBuiltinSkin[i].zValue, zCurrent)==0 ){ |
| 815 | @ <li><p>%h(z). <b>Currently In Use</b></p> |
| 816 | }else{ |
| 817 | @ <li><form action="%s(g.zBaseURL)/setup_skin" method="post"><div> |
| 818 | @ %h(z). |
| 819 | @ <input type="hidden" name="sn" value="%h(z)" /> |
| 820 | @ <input type="submit" name="load" value="Use This Skin" /> |
| 821 | @ </div></form></li> |
| 822 | } |
| 823 | } |
| 824 | db_prepare(&q, |
| 825 | "SELECT substr(name, 6), value FROM config" |
| 826 | " WHERE name GLOB 'skin:*'" |
| 827 |
+89
| --- src/style.c | ||
| +++ src/style.c | ||
| @@ -526,10 +526,99 @@ | ||
| 526 | 526 | @ font-weight: bold; |
| 527 | 527 | }, |
| 528 | 528 | { "span.textareaLabel", |
| 529 | 529 | "format for textare labels", |
| 530 | 530 | @ font-weight: bold; |
| 531 | + }, | |
| 532 | + { "table.usetupLayoutTable", | |
| 533 | + "format for the user setup layout table", | |
| 534 | + @ outline-style: none; | |
| 535 | + @ padding: 0; | |
| 536 | + @ margin: 25px; | |
| 537 | + }, | |
| 538 | + { "td.usetupColumnLayout", | |
| 539 | + "format of the columns on the user setup list page", | |
| 540 | + @ vertical-align: top | |
| 541 | + }, | |
| 542 | + { "table.usetupUserList", | |
| 543 | + "format for the user list table on the user setup page", | |
| 544 | + @ outline-style: double; | |
| 545 | + @ outline-width: 1; | |
| 546 | + @ padding: 10px; | |
| 547 | + }, | |
| 548 | + { "th.usetupListUser", | |
| 549 | + "format for table header user in user list on user setup page", | |
| 550 | + @ text-align: right; | |
| 551 | + @ padding-right: 20px; | |
| 552 | + }, | |
| 553 | + { "th.usetupListCap", | |
| 554 | + "format for table header capabilities in user list on user setup page", | |
| 555 | + @ text-align: center; | |
| 556 | + @ padding-right: 15px; | |
| 557 | + }, | |
| 558 | + { "th.usetupListCon", | |
| 559 | + "format for table header contact info in user list on user setup page", | |
| 560 | + @ text-align: left; | |
| 561 | + }, | |
| 562 | + { "td.usetupListUser", | |
| 563 | + "format for table cell user in user list on user setup page", | |
| 564 | + @ text-align: right; | |
| 565 | + @ padding-right: 20px; | |
| 566 | + @ white-space:nowrap; | |
| 567 | + }, | |
| 568 | + { "td.usetupListCap", | |
| 569 | + "format for table cell capabilities in user list on user setup page", | |
| 570 | + @ text-align: center; | |
| 571 | + @ padding-right: 15px; | |
| 572 | + }, | |
| 573 | + { "td.usetupListCon", | |
| 574 | + "format for table cell contact info in user list on user setup page", | |
| 575 | + @ text-align: left | |
| 576 | + }, | |
| 577 | + { "div.ueditCapBox", | |
| 578 | + "layout definition for the capabilities box on the user edit detail page", | |
| 579 | + @ float: left; | |
| 580 | + @ margin-right: 20px; | |
| 581 | + @ margin-bottom: 20px; | |
| 582 | + }, | |
| 583 | + { "td.usetupEditLabel", | |
| 584 | + "format of the label cells in the detailed user edit page", | |
| 585 | + @ text-align: right; | |
| 586 | + @ vertical-align: top; | |
| 587 | + @ white-space: nowrap; | |
| 588 | + }, | |
| 589 | + { "span.ueditInheritNobody", | |
| 590 | + "color for capabilities, inherited by nobody", | |
| 591 | + @ color: green; | |
| 592 | + }, | |
| 593 | + { "span.ueditInheritDeveloper", | |
| 594 | + "color for capabilities, inherited by developer", | |
| 595 | + @ color: red; | |
| 596 | + }, | |
| 597 | + { "span.ueditInheritReader", | |
| 598 | + "color for capabilities, inherited by reader", | |
| 599 | + @ color: black; | |
| 600 | + }, | |
| 601 | + { "span.ueditInheritAnonymous", | |
| 602 | + "color for capabilities, inherited by anonymous", | |
| 603 | + @ color: blue; | |
| 604 | + }, | |
| 605 | + { "span.capability", | |
| 606 | + "format for capabilites, mentioned on the user edit page", | |
| 607 | + @ font-weight: bold; | |
| 608 | + }, | |
| 609 | + { "span.usertype", | |
| 610 | + "format for different user types, mentioned on the user edit page", | |
| 611 | + @ font-weight: bold; | |
| 612 | + }, | |
| 613 | + { "span.usertype:before", | |
| 614 | + "leading text for user types, mentioned on the user edit page", | |
| 615 | + @ content:"'"; | |
| 616 | + }, | |
| 617 | + { "span.usertype:after", | |
| 618 | + "trailing text for user types, mentioned on the user edit page", | |
| 619 | + @ content:"'"; | |
| 531 | 620 | }, |
| 532 | 621 | { 0, |
| 533 | 622 | 0, |
| 534 | 623 | 0 |
| 535 | 624 | } |
| 536 | 625 |
| --- src/style.c | |
| +++ src/style.c | |
| @@ -526,10 +526,99 @@ | |
| 526 | @ font-weight: bold; |
| 527 | }, |
| 528 | { "span.textareaLabel", |
| 529 | "format for textare labels", |
| 530 | @ font-weight: bold; |
| 531 | }, |
| 532 | { 0, |
| 533 | 0, |
| 534 | 0 |
| 535 | } |
| 536 |
| --- src/style.c | |
| +++ src/style.c | |
| @@ -526,10 +526,99 @@ | |
| 526 | @ font-weight: bold; |
| 527 | }, |
| 528 | { "span.textareaLabel", |
| 529 | "format for textare labels", |
| 530 | @ font-weight: bold; |
| 531 | }, |
| 532 | { "table.usetupLayoutTable", |
| 533 | "format for the user setup layout table", |
| 534 | @ outline-style: none; |
| 535 | @ padding: 0; |
| 536 | @ margin: 25px; |
| 537 | }, |
| 538 | { "td.usetupColumnLayout", |
| 539 | "format of the columns on the user setup list page", |
| 540 | @ vertical-align: top |
| 541 | }, |
| 542 | { "table.usetupUserList", |
| 543 | "format for the user list table on the user setup page", |
| 544 | @ outline-style: double; |
| 545 | @ outline-width: 1; |
| 546 | @ padding: 10px; |
| 547 | }, |
| 548 | { "th.usetupListUser", |
| 549 | "format for table header user in user list on user setup page", |
| 550 | @ text-align: right; |
| 551 | @ padding-right: 20px; |
| 552 | }, |
| 553 | { "th.usetupListCap", |
| 554 | "format for table header capabilities in user list on user setup page", |
| 555 | @ text-align: center; |
| 556 | @ padding-right: 15px; |
| 557 | }, |
| 558 | { "th.usetupListCon", |
| 559 | "format for table header contact info in user list on user setup page", |
| 560 | @ text-align: left; |
| 561 | }, |
| 562 | { "td.usetupListUser", |
| 563 | "format for table cell user in user list on user setup page", |
| 564 | @ text-align: right; |
| 565 | @ padding-right: 20px; |
| 566 | @ white-space:nowrap; |
| 567 | }, |
| 568 | { "td.usetupListCap", |
| 569 | "format for table cell capabilities in user list on user setup page", |
| 570 | @ text-align: center; |
| 571 | @ padding-right: 15px; |
| 572 | }, |
| 573 | { "td.usetupListCon", |
| 574 | "format for table cell contact info in user list on user setup page", |
| 575 | @ text-align: left |
| 576 | }, |
| 577 | { "div.ueditCapBox", |
| 578 | "layout definition for the capabilities box on the user edit detail page", |
| 579 | @ float: left; |
| 580 | @ margin-right: 20px; |
| 581 | @ margin-bottom: 20px; |
| 582 | }, |
| 583 | { "td.usetupEditLabel", |
| 584 | "format of the label cells in the detailed user edit page", |
| 585 | @ text-align: right; |
| 586 | @ vertical-align: top; |
| 587 | @ white-space: nowrap; |
| 588 | }, |
| 589 | { "span.ueditInheritNobody", |
| 590 | "color for capabilities, inherited by nobody", |
| 591 | @ color: green; |
| 592 | }, |
| 593 | { "span.ueditInheritDeveloper", |
| 594 | "color for capabilities, inherited by developer", |
| 595 | @ color: red; |
| 596 | }, |
| 597 | { "span.ueditInheritReader", |
| 598 | "color for capabilities, inherited by reader", |
| 599 | @ color: black; |
| 600 | }, |
| 601 | { "span.ueditInheritAnonymous", |
| 602 | "color for capabilities, inherited by anonymous", |
| 603 | @ color: blue; |
| 604 | }, |
| 605 | { "span.capability", |
| 606 | "format for capabilites, mentioned on the user edit page", |
| 607 | @ font-weight: bold; |
| 608 | }, |
| 609 | { "span.usertype", |
| 610 | "format for different user types, mentioned on the user edit page", |
| 611 | @ font-weight: bold; |
| 612 | }, |
| 613 | { "span.usertype:before", |
| 614 | "leading text for user types, mentioned on the user edit page", |
| 615 | @ content:"'"; |
| 616 | }, |
| 617 | { "span.usertype:after", |
| 618 | "trailing text for user types, mentioned on the user edit page", |
| 619 | @ content:"'"; |
| 620 | }, |
| 621 | { 0, |
| 622 | 0, |
| 623 | 0 |
| 624 | } |
| 625 |