Fossil SCM
Only apply the PROTECT_READONLY restriction to the "repository", "configdb", and "localdb" database files.
Commit
b4e00621e3fb6b315f24f17b9400c2ba0480c9d428fcc84fafa5feb937c509d7
Parent
f8363db81b52e7c…
1 file changed
+6
-1
M
src/db.c
+6
-1
| --- src/db.c | ||
| +++ src/db.c | ||
| @@ -540,11 +540,16 @@ | ||
| 540 | 540 | sqlite3_stricmp(z0,"global_config")==0 ){ |
| 541 | 541 | fossil_errorlog( |
| 542 | 542 | "SECURITY: authorizer blocks DML on protected GLOBAL_CONFIG table\n"); |
| 543 | 543 | rc = SQLITE_DENY; |
| 544 | 544 | }else if( (db.protectMask & PROTECT_READONLY)!=0 |
| 545 | - && sqlite3_stricmp(z2,"temp")!=0 ){ | |
| 545 | + && (sqlite3_stricmp(z2, "repository")==0 | |
| 546 | + || sqlite3_stricmp(z2,"configdb")==0 | |
| 547 | + || sqlite3_stricmp(z2,"localdb")==0) ){ | |
| 548 | + /* The READONLY constraint only applies to persistent database files. | |
| 549 | + ** "temp" and "mem1" and other transient databases are not | |
| 550 | + ** constrained by READONLY. */ | |
| 546 | 551 | fossil_errorlog( |
| 547 | 552 | "SECURITY: authorizer blocks DML on table \"%s\" due to the " |
| 548 | 553 | "request coming from a different origin\n", z0); |
| 549 | 554 | rc = SQLITE_DENY; |
| 550 | 555 | } |
| 551 | 556 |
| --- src/db.c | |
| +++ src/db.c | |
| @@ -540,11 +540,16 @@ | |
| 540 | sqlite3_stricmp(z0,"global_config")==0 ){ |
| 541 | fossil_errorlog( |
| 542 | "SECURITY: authorizer blocks DML on protected GLOBAL_CONFIG table\n"); |
| 543 | rc = SQLITE_DENY; |
| 544 | }else if( (db.protectMask & PROTECT_READONLY)!=0 |
| 545 | && sqlite3_stricmp(z2,"temp")!=0 ){ |
| 546 | fossil_errorlog( |
| 547 | "SECURITY: authorizer blocks DML on table \"%s\" due to the " |
| 548 | "request coming from a different origin\n", z0); |
| 549 | rc = SQLITE_DENY; |
| 550 | } |
| 551 |
| --- src/db.c | |
| +++ src/db.c | |
| @@ -540,11 +540,16 @@ | |
| 540 | sqlite3_stricmp(z0,"global_config")==0 ){ |
| 541 | fossil_errorlog( |
| 542 | "SECURITY: authorizer blocks DML on protected GLOBAL_CONFIG table\n"); |
| 543 | rc = SQLITE_DENY; |
| 544 | }else if( (db.protectMask & PROTECT_READONLY)!=0 |
| 545 | && (sqlite3_stricmp(z2, "repository")==0 |
| 546 | || sqlite3_stricmp(z2,"configdb")==0 |
| 547 | || sqlite3_stricmp(z2,"localdb")==0) ){ |
| 548 | /* The READONLY constraint only applies to persistent database files. |
| 549 | ** "temp" and "mem1" and other transient databases are not |
| 550 | ** constrained by READONLY. */ |
| 551 | fossil_errorlog( |
| 552 | "SECURITY: authorizer blocks DML on table \"%s\" due to the " |
| 553 | "request coming from a different origin\n", z0); |
| 554 | rc = SQLITE_DENY; |
| 555 | } |
| 556 |