Fossil SCM
Bug fix: Restore access to tables whose names start with "fx_" in ticket reports.
Commit
a80b2eae4a57dad9632ab112a1b612bdc002b3e12fbbdaa0211dfbda0c7e3d8d
Parent
2c6012c4aa49d69…
2 files changed
+12
-7
+12
-7
+12
-7
| --- src/report.c | ||
| +++ src/report.c | ||
| @@ -199,33 +199,38 @@ | ||
| 199 | 199 | "ticketchng", |
| 200 | 200 | "unversioned", |
| 201 | 201 | }; |
| 202 | 202 | int lwr = 0; |
| 203 | 203 | int upr = count(azAllowed) - 1; |
| 204 | - int rc = 0; | |
| 204 | + int cmp = 0; | |
| 205 | 205 | if( zArg1==0 ){ |
| 206 | 206 | /* Some legacy versions of SQLite will sometimes send spurious |
| 207 | 207 | ** READ authorizations that have no table name. These can be |
| 208 | 208 | ** ignored. */ |
| 209 | 209 | rc = SQLITE_IGNORE; |
| 210 | 210 | break; |
| 211 | 211 | } |
| 212 | - while( lwr<upr ){ | |
| 212 | + if( sqlite3_strnicmp(zArg1, "fx_", 3)==0 ){ | |
| 213 | + /* Ok to read any table whose name begins with "fx_" */ | |
| 214 | + rc = SQLITE_OK; | |
| 215 | + break; | |
| 216 | + } | |
| 217 | + while( lwr<=upr ){ | |
| 213 | 218 | int i = (lwr+upr)/2; |
| 214 | - int rc = fossil_stricmp(zArg1, azAllowed[i]); | |
| 215 | - if( rc<0 ){ | |
| 219 | + cmp = fossil_stricmp(zArg1, azAllowed[i]); | |
| 220 | + if( cmp<0 ){ | |
| 216 | 221 | upr = i - 1; |
| 217 | - }else if( rc>0 ){ | |
| 222 | + }else if( cmp>0 ){ | |
| 218 | 223 | lwr = i + 1; |
| 219 | 224 | }else{ |
| 220 | 225 | break; |
| 221 | 226 | } |
| 222 | 227 | } |
| 223 | - if( rc ){ | |
| 228 | + if( cmp ){ | |
| 224 | 229 | *(char**)pError = mprintf("access to table \"%s\" is restricted",zArg1); |
| 225 | 230 | rc = SQLITE_DENY; |
| 226 | - }else if( !g.perm.RdAddr && strncmp(zArg2, "private_", 8)==0 ){ | |
| 231 | + }else if( !g.perm.RdAddr && sqlite3_strnicmp(zArg2, "private_", 8)==0 ){ | |
| 227 | 232 | rc = SQLITE_IGNORE; |
| 228 | 233 | } |
| 229 | 234 | break; |
| 230 | 235 | } |
| 231 | 236 | default: { |
| 232 | 237 |
| --- src/report.c | |
| +++ src/report.c | |
| @@ -199,33 +199,38 @@ | |
| 199 | "ticketchng", |
| 200 | "unversioned", |
| 201 | }; |
| 202 | int lwr = 0; |
| 203 | int upr = count(azAllowed) - 1; |
| 204 | int rc = 0; |
| 205 | if( zArg1==0 ){ |
| 206 | /* Some legacy versions of SQLite will sometimes send spurious |
| 207 | ** READ authorizations that have no table name. These can be |
| 208 | ** ignored. */ |
| 209 | rc = SQLITE_IGNORE; |
| 210 | break; |
| 211 | } |
| 212 | while( lwr<upr ){ |
| 213 | int i = (lwr+upr)/2; |
| 214 | int rc = fossil_stricmp(zArg1, azAllowed[i]); |
| 215 | if( rc<0 ){ |
| 216 | upr = i - 1; |
| 217 | }else if( rc>0 ){ |
| 218 | lwr = i + 1; |
| 219 | }else{ |
| 220 | break; |
| 221 | } |
| 222 | } |
| 223 | if( rc ){ |
| 224 | *(char**)pError = mprintf("access to table \"%s\" is restricted",zArg1); |
| 225 | rc = SQLITE_DENY; |
| 226 | }else if( !g.perm.RdAddr && strncmp(zArg2, "private_", 8)==0 ){ |
| 227 | rc = SQLITE_IGNORE; |
| 228 | } |
| 229 | break; |
| 230 | } |
| 231 | default: { |
| 232 |
| --- src/report.c | |
| +++ src/report.c | |
| @@ -199,33 +199,38 @@ | |
| 199 | "ticketchng", |
| 200 | "unversioned", |
| 201 | }; |
| 202 | int lwr = 0; |
| 203 | int upr = count(azAllowed) - 1; |
| 204 | int cmp = 0; |
| 205 | if( zArg1==0 ){ |
| 206 | /* Some legacy versions of SQLite will sometimes send spurious |
| 207 | ** READ authorizations that have no table name. These can be |
| 208 | ** ignored. */ |
| 209 | rc = SQLITE_IGNORE; |
| 210 | break; |
| 211 | } |
| 212 | if( sqlite3_strnicmp(zArg1, "fx_", 3)==0 ){ |
| 213 | /* Ok to read any table whose name begins with "fx_" */ |
| 214 | rc = SQLITE_OK; |
| 215 | break; |
| 216 | } |
| 217 | while( lwr<=upr ){ |
| 218 | int i = (lwr+upr)/2; |
| 219 | cmp = fossil_stricmp(zArg1, azAllowed[i]); |
| 220 | if( cmp<0 ){ |
| 221 | upr = i - 1; |
| 222 | }else if( cmp>0 ){ |
| 223 | lwr = i + 1; |
| 224 | }else{ |
| 225 | break; |
| 226 | } |
| 227 | } |
| 228 | if( cmp ){ |
| 229 | *(char**)pError = mprintf("access to table \"%s\" is restricted",zArg1); |
| 230 | rc = SQLITE_DENY; |
| 231 | }else if( !g.perm.RdAddr && sqlite3_strnicmp(zArg2, "private_", 8)==0 ){ |
| 232 | rc = SQLITE_IGNORE; |
| 233 | } |
| 234 | break; |
| 235 | } |
| 236 | default: { |
| 237 |
+12
-7
| --- src/report.c | ||
| +++ src/report.c | ||
| @@ -199,33 +199,38 @@ | ||
| 199 | 199 | "ticketchng", |
| 200 | 200 | "unversioned", |
| 201 | 201 | }; |
| 202 | 202 | int lwr = 0; |
| 203 | 203 | int upr = count(azAllowed) - 1; |
| 204 | - int rc = 0; | |
| 204 | + int cmp = 0; | |
| 205 | 205 | if( zArg1==0 ){ |
| 206 | 206 | /* Some legacy versions of SQLite will sometimes send spurious |
| 207 | 207 | ** READ authorizations that have no table name. These can be |
| 208 | 208 | ** ignored. */ |
| 209 | 209 | rc = SQLITE_IGNORE; |
| 210 | 210 | break; |
| 211 | 211 | } |
| 212 | - while( lwr<upr ){ | |
| 212 | + if( sqlite3_strnicmp(zArg1, "fx_", 3)==0 ){ | |
| 213 | + /* Ok to read any table whose name begins with "fx_" */ | |
| 214 | + rc = SQLITE_OK; | |
| 215 | + break; | |
| 216 | + } | |
| 217 | + while( lwr<=upr ){ | |
| 213 | 218 | int i = (lwr+upr)/2; |
| 214 | - int rc = fossil_stricmp(zArg1, azAllowed[i]); | |
| 215 | - if( rc<0 ){ | |
| 219 | + cmp = fossil_stricmp(zArg1, azAllowed[i]); | |
| 220 | + if( cmp<0 ){ | |
| 216 | 221 | upr = i - 1; |
| 217 | - }else if( rc>0 ){ | |
| 222 | + }else if( cmp>0 ){ | |
| 218 | 223 | lwr = i + 1; |
| 219 | 224 | }else{ |
| 220 | 225 | break; |
| 221 | 226 | } |
| 222 | 227 | } |
| 223 | - if( rc ){ | |
| 228 | + if( cmp ){ | |
| 224 | 229 | *(char**)pError = mprintf("access to table \"%s\" is restricted",zArg1); |
| 225 | 230 | rc = SQLITE_DENY; |
| 226 | - }else if( !g.perm.RdAddr && strncmp(zArg2, "private_", 8)==0 ){ | |
| 231 | + }else if( !g.perm.RdAddr && sqlite3_strnicmp(zArg2, "private_", 8)==0 ){ | |
| 227 | 232 | rc = SQLITE_IGNORE; |
| 228 | 233 | } |
| 229 | 234 | break; |
| 230 | 235 | } |
| 231 | 236 | default: { |
| 232 | 237 |
| --- src/report.c | |
| +++ src/report.c | |
| @@ -199,33 +199,38 @@ | |
| 199 | "ticketchng", |
| 200 | "unversioned", |
| 201 | }; |
| 202 | int lwr = 0; |
| 203 | int upr = count(azAllowed) - 1; |
| 204 | int rc = 0; |
| 205 | if( zArg1==0 ){ |
| 206 | /* Some legacy versions of SQLite will sometimes send spurious |
| 207 | ** READ authorizations that have no table name. These can be |
| 208 | ** ignored. */ |
| 209 | rc = SQLITE_IGNORE; |
| 210 | break; |
| 211 | } |
| 212 | while( lwr<upr ){ |
| 213 | int i = (lwr+upr)/2; |
| 214 | int rc = fossil_stricmp(zArg1, azAllowed[i]); |
| 215 | if( rc<0 ){ |
| 216 | upr = i - 1; |
| 217 | }else if( rc>0 ){ |
| 218 | lwr = i + 1; |
| 219 | }else{ |
| 220 | break; |
| 221 | } |
| 222 | } |
| 223 | if( rc ){ |
| 224 | *(char**)pError = mprintf("access to table \"%s\" is restricted",zArg1); |
| 225 | rc = SQLITE_DENY; |
| 226 | }else if( !g.perm.RdAddr && strncmp(zArg2, "private_", 8)==0 ){ |
| 227 | rc = SQLITE_IGNORE; |
| 228 | } |
| 229 | break; |
| 230 | } |
| 231 | default: { |
| 232 |
| --- src/report.c | |
| +++ src/report.c | |
| @@ -199,33 +199,38 @@ | |
| 199 | "ticketchng", |
| 200 | "unversioned", |
| 201 | }; |
| 202 | int lwr = 0; |
| 203 | int upr = count(azAllowed) - 1; |
| 204 | int cmp = 0; |
| 205 | if( zArg1==0 ){ |
| 206 | /* Some legacy versions of SQLite will sometimes send spurious |
| 207 | ** READ authorizations that have no table name. These can be |
| 208 | ** ignored. */ |
| 209 | rc = SQLITE_IGNORE; |
| 210 | break; |
| 211 | } |
| 212 | if( sqlite3_strnicmp(zArg1, "fx_", 3)==0 ){ |
| 213 | /* Ok to read any table whose name begins with "fx_" */ |
| 214 | rc = SQLITE_OK; |
| 215 | break; |
| 216 | } |
| 217 | while( lwr<=upr ){ |
| 218 | int i = (lwr+upr)/2; |
| 219 | cmp = fossil_stricmp(zArg1, azAllowed[i]); |
| 220 | if( cmp<0 ){ |
| 221 | upr = i - 1; |
| 222 | }else if( cmp>0 ){ |
| 223 | lwr = i + 1; |
| 224 | }else{ |
| 225 | break; |
| 226 | } |
| 227 | } |
| 228 | if( cmp ){ |
| 229 | *(char**)pError = mprintf("access to table \"%s\" is restricted",zArg1); |
| 230 | rc = SQLITE_DENY; |
| 231 | }else if( !g.perm.RdAddr && sqlite3_strnicmp(zArg2, "private_", 8)==0 ){ |
| 232 | rc = SQLITE_IGNORE; |
| 233 | } |
| 234 | break; |
| 235 | } |
| 236 | default: { |
| 237 |