Fossil SCM
Version 2.11.2
Commit
c58877d6f2d88b684fdef15418467a60d6584b4620311df6fa7726e635a2685a
Parent
307d94c5492dbf0…
30 files changed
+1
-1
+1
-1
+30
-10
+30
-10
+4
+4
+2
+2
+80
-17
+80
-17
+159
-1
+159
-1
+10
-1
+2
+2
+3
+3
+21
-3
+21
-3
+3
-3
+3
-3
+2
+2
+72
+72
+4
-2
+4
-2
+2
+2
+3
~
VERSION
~
VERSION
~
src/add.c
~
src/add.c
~
src/checkin.c
~
src/checkin.c
~
src/configure.c
~
src/configure.c
~
src/db.c
~
src/db.c
~
src/file.c
~
src/file.c
~
src/http.c
~
src/json_config.c
~
src/json_config.c
~
src/main.c
~
src/main.c
~
src/manifest.c
~
src/manifest.c
~
src/report.c
~
src/report.c
~
src/stash.c
~
src/stash.c
~
src/tkt.c
~
src/tkt.c
~
src/undo.c
~
src/undo.c
~
src/update.c
~
src/update.c
~
src/vfile.c
M
VERSION
+1
-1
| --- VERSION | ||
| +++ VERSION | ||
| @@ -1,1 +1,1 @@ | ||
| 1 | -2.11.1 | |
| 1 | +2.11.2 | |
| 2 | 2 |
| --- VERSION | |
| +++ VERSION | |
| @@ -1,1 +1,1 @@ | |
| 1 | 2.11.1 |
| 2 |
| --- VERSION | |
| +++ VERSION | |
| @@ -1,1 +1,1 @@ | |
| 1 | 2.11.2 |
| 2 |
M
VERSION
+1
-1
| --- VERSION | ||
| +++ VERSION | ||
| @@ -1,1 +1,1 @@ | ||
| 1 | -2.11.1 | |
| 1 | +2.11.2 | |
| 2 | 2 |
| --- VERSION | |
| +++ VERSION | |
| @@ -1,1 +1,1 @@ | |
| 1 | 2.11.1 |
| 2 |
| --- VERSION | |
| +++ VERSION | |
| @@ -1,1 +1,1 @@ | |
| 1 | 2.11.2 |
| 2 |
+30
-10
| --- src/add.c | ||
| +++ src/add.c | ||
| @@ -174,10 +174,11 @@ | ||
| 174 | 174 | */ |
| 175 | 175 | static int add_one_file( |
| 176 | 176 | const char *zPath, /* Tree-name of file to add. */ |
| 177 | 177 | int vid /* Add to this VFILE */ |
| 178 | 178 | ){ |
| 179 | + int doSkip = 0; | |
| 179 | 180 | if( !file_is_simple_pathname(zPath, 1) ){ |
| 180 | 181 | fossil_warning("filename contains illegal characters: %s", zPath); |
| 181 | 182 | return 0; |
| 182 | 183 | } |
| 183 | 184 | if( db_exists("SELECT 1 FROM vfile" |
| @@ -186,17 +187,22 @@ | ||
| 186 | 187 | " WHERE pathname=%Q %s AND deleted", |
| 187 | 188 | zPath, filename_collation()); |
| 188 | 189 | }else{ |
| 189 | 190 | char *zFullname = mprintf("%s%s", g.zLocalRoot, zPath); |
| 190 | 191 | int isExe = file_isexe(zFullname, RepoFILE); |
| 191 | - db_multi_exec( | |
| 192 | - "INSERT INTO vfile(vid,deleted,rid,mrid,pathname,isexe,islink,mhash)" | |
| 193 | - "VALUES(%d,0,0,0,%Q,%d,%d,NULL)", | |
| 194 | - vid, zPath, isExe, file_islink(0)); | |
| 192 | + if( file_nondir_objects_on_path(g.zLocalRoot, zFullname) ){ | |
| 193 | + /* Do not add unsafe files to the vfile */ | |
| 194 | + doSkip = 1; | |
| 195 | + }else{ | |
| 196 | + db_multi_exec( | |
| 197 | + "INSERT INTO vfile(vid,deleted,rid,mrid,pathname,isexe,islink,mhash)" | |
| 198 | + "VALUES(%d,0,0,0,%Q,%d,%d,NULL)", | |
| 199 | + vid, zPath, isExe, file_islink(0)); | |
| 200 | + } | |
| 195 | 201 | fossil_free(zFullname); |
| 196 | 202 | } |
| 197 | - if( db_changes() ){ | |
| 203 | + if( db_changes() && !doSkip ){ | |
| 198 | 204 | fossil_print("ADDED %s\n", zPath); |
| 199 | 205 | return 1; |
| 200 | 206 | }else{ |
| 201 | 207 | fossil_print("SKIP %s\n", zPath); |
| 202 | 208 | return 0; |
| @@ -204,11 +210,13 @@ | ||
| 204 | 210 | } |
| 205 | 211 | |
| 206 | 212 | /* |
| 207 | 213 | ** Add all files in the sfile temp table. |
| 208 | 214 | ** |
| 209 | -** Automatically exclude the repository file. | |
| 215 | +** Automatically exclude the repository file and any other files | |
| 216 | +** with reserved names. Also exclude files that are beneath an | |
| 217 | +** existing symlink. | |
| 210 | 218 | */ |
| 211 | 219 | static int add_files_in_sfile(int vid){ |
| 212 | 220 | const char *zRepo; /* Name of the repository database file */ |
| 213 | 221 | int nAdd = 0; /* Number of files added */ |
| 214 | 222 | int i; /* Loop counter */ |
| @@ -226,18 +234,30 @@ | ||
| 226 | 234 | if( filenames_are_case_sensitive() ){ |
| 227 | 235 | xCmp = fossil_strcmp; |
| 228 | 236 | }else{ |
| 229 | 237 | xCmp = fossil_stricmp; |
| 230 | 238 | } |
| 231 | - db_prepare(&loop, "SELECT pathname FROM sfile ORDER BY pathname"); | |
| 239 | + db_prepare(&loop, | |
| 240 | + "SELECT pathname FROM sfile" | |
| 241 | + " WHERE pathname NOT IN (" | |
| 242 | + "SELECT sfile.pathname FROM vfile, sfile" | |
| 243 | + " WHERE vfile.islink" | |
| 244 | + " AND NOT vfile.deleted" | |
| 245 | + " AND sfile.pathname>(vfile.pathname||'/')" | |
| 246 | + " AND sfile.pathname<(vfile.pathname||'0'))" | |
| 247 | + " ORDER BY pathname"); | |
| 232 | 248 | while( db_step(&loop)==SQLITE_ROW ){ |
| 233 | 249 | const char *zToAdd = db_column_text(&loop, 0); |
| 234 | 250 | if( fossil_strcmp(zToAdd, zRepo)==0 ) continue; |
| 235 | - for(i=0; (zReserved = fossil_reserved_name(i, 0))!=0; i++){ | |
| 236 | - if( xCmp(zToAdd, zReserved)==0 ) break; | |
| 251 | + if( strchr(zToAdd,'/') ){ | |
| 252 | + if( file_is_reserved_name(zToAdd, -1) ) continue; | |
| 253 | + }else{ | |
| 254 | + for(i=0; (zReserved = fossil_reserved_name(i, 0))!=0; i++){ | |
| 255 | + if( xCmp(zToAdd, zReserved)==0 ) break; | |
| 256 | + } | |
| 257 | + if( zReserved ) continue; | |
| 237 | 258 | } |
| 238 | - if( zReserved ) continue; | |
| 239 | 259 | nAdd += add_one_file(zToAdd, vid); |
| 240 | 260 | } |
| 241 | 261 | db_finalize(&loop); |
| 242 | 262 | blob_reset(&repoName); |
| 243 | 263 | return nAdd; |
| 244 | 264 |
| --- src/add.c | |
| +++ src/add.c | |
| @@ -174,10 +174,11 @@ | |
| 174 | */ |
| 175 | static int add_one_file( |
| 176 | const char *zPath, /* Tree-name of file to add. */ |
| 177 | int vid /* Add to this VFILE */ |
| 178 | ){ |
| 179 | if( !file_is_simple_pathname(zPath, 1) ){ |
| 180 | fossil_warning("filename contains illegal characters: %s", zPath); |
| 181 | return 0; |
| 182 | } |
| 183 | if( db_exists("SELECT 1 FROM vfile" |
| @@ -186,17 +187,22 @@ | |
| 186 | " WHERE pathname=%Q %s AND deleted", |
| 187 | zPath, filename_collation()); |
| 188 | }else{ |
| 189 | char *zFullname = mprintf("%s%s", g.zLocalRoot, zPath); |
| 190 | int isExe = file_isexe(zFullname, RepoFILE); |
| 191 | db_multi_exec( |
| 192 | "INSERT INTO vfile(vid,deleted,rid,mrid,pathname,isexe,islink,mhash)" |
| 193 | "VALUES(%d,0,0,0,%Q,%d,%d,NULL)", |
| 194 | vid, zPath, isExe, file_islink(0)); |
| 195 | fossil_free(zFullname); |
| 196 | } |
| 197 | if( db_changes() ){ |
| 198 | fossil_print("ADDED %s\n", zPath); |
| 199 | return 1; |
| 200 | }else{ |
| 201 | fossil_print("SKIP %s\n", zPath); |
| 202 | return 0; |
| @@ -204,11 +210,13 @@ | |
| 204 | } |
| 205 | |
| 206 | /* |
| 207 | ** Add all files in the sfile temp table. |
| 208 | ** |
| 209 | ** Automatically exclude the repository file. |
| 210 | */ |
| 211 | static int add_files_in_sfile(int vid){ |
| 212 | const char *zRepo; /* Name of the repository database file */ |
| 213 | int nAdd = 0; /* Number of files added */ |
| 214 | int i; /* Loop counter */ |
| @@ -226,18 +234,30 @@ | |
| 226 | if( filenames_are_case_sensitive() ){ |
| 227 | xCmp = fossil_strcmp; |
| 228 | }else{ |
| 229 | xCmp = fossil_stricmp; |
| 230 | } |
| 231 | db_prepare(&loop, "SELECT pathname FROM sfile ORDER BY pathname"); |
| 232 | while( db_step(&loop)==SQLITE_ROW ){ |
| 233 | const char *zToAdd = db_column_text(&loop, 0); |
| 234 | if( fossil_strcmp(zToAdd, zRepo)==0 ) continue; |
| 235 | for(i=0; (zReserved = fossil_reserved_name(i, 0))!=0; i++){ |
| 236 | if( xCmp(zToAdd, zReserved)==0 ) break; |
| 237 | } |
| 238 | if( zReserved ) continue; |
| 239 | nAdd += add_one_file(zToAdd, vid); |
| 240 | } |
| 241 | db_finalize(&loop); |
| 242 | blob_reset(&repoName); |
| 243 | return nAdd; |
| 244 |
| --- src/add.c | |
| +++ src/add.c | |
| @@ -174,10 +174,11 @@ | |
| 174 | */ |
| 175 | static int add_one_file( |
| 176 | const char *zPath, /* Tree-name of file to add. */ |
| 177 | int vid /* Add to this VFILE */ |
| 178 | ){ |
| 179 | int doSkip = 0; |
| 180 | if( !file_is_simple_pathname(zPath, 1) ){ |
| 181 | fossil_warning("filename contains illegal characters: %s", zPath); |
| 182 | return 0; |
| 183 | } |
| 184 | if( db_exists("SELECT 1 FROM vfile" |
| @@ -186,17 +187,22 @@ | |
| 187 | " WHERE pathname=%Q %s AND deleted", |
| 188 | zPath, filename_collation()); |
| 189 | }else{ |
| 190 | char *zFullname = mprintf("%s%s", g.zLocalRoot, zPath); |
| 191 | int isExe = file_isexe(zFullname, RepoFILE); |
| 192 | if( file_nondir_objects_on_path(g.zLocalRoot, zFullname) ){ |
| 193 | /* Do not add unsafe files to the vfile */ |
| 194 | doSkip = 1; |
| 195 | }else{ |
| 196 | db_multi_exec( |
| 197 | "INSERT INTO vfile(vid,deleted,rid,mrid,pathname,isexe,islink,mhash)" |
| 198 | "VALUES(%d,0,0,0,%Q,%d,%d,NULL)", |
| 199 | vid, zPath, isExe, file_islink(0)); |
| 200 | } |
| 201 | fossil_free(zFullname); |
| 202 | } |
| 203 | if( db_changes() && !doSkip ){ |
| 204 | fossil_print("ADDED %s\n", zPath); |
| 205 | return 1; |
| 206 | }else{ |
| 207 | fossil_print("SKIP %s\n", zPath); |
| 208 | return 0; |
| @@ -204,11 +210,13 @@ | |
| 210 | } |
| 211 | |
| 212 | /* |
| 213 | ** Add all files in the sfile temp table. |
| 214 | ** |
| 215 | ** Automatically exclude the repository file and any other files |
| 216 | ** with reserved names. Also exclude files that are beneath an |
| 217 | ** existing symlink. |
| 218 | */ |
| 219 | static int add_files_in_sfile(int vid){ |
| 220 | const char *zRepo; /* Name of the repository database file */ |
| 221 | int nAdd = 0; /* Number of files added */ |
| 222 | int i; /* Loop counter */ |
| @@ -226,18 +234,30 @@ | |
| 234 | if( filenames_are_case_sensitive() ){ |
| 235 | xCmp = fossil_strcmp; |
| 236 | }else{ |
| 237 | xCmp = fossil_stricmp; |
| 238 | } |
| 239 | db_prepare(&loop, |
| 240 | "SELECT pathname FROM sfile" |
| 241 | " WHERE pathname NOT IN (" |
| 242 | "SELECT sfile.pathname FROM vfile, sfile" |
| 243 | " WHERE vfile.islink" |
| 244 | " AND NOT vfile.deleted" |
| 245 | " AND sfile.pathname>(vfile.pathname||'/')" |
| 246 | " AND sfile.pathname<(vfile.pathname||'0'))" |
| 247 | " ORDER BY pathname"); |
| 248 | while( db_step(&loop)==SQLITE_ROW ){ |
| 249 | const char *zToAdd = db_column_text(&loop, 0); |
| 250 | if( fossil_strcmp(zToAdd, zRepo)==0 ) continue; |
| 251 | if( strchr(zToAdd,'/') ){ |
| 252 | if( file_is_reserved_name(zToAdd, -1) ) continue; |
| 253 | }else{ |
| 254 | for(i=0; (zReserved = fossil_reserved_name(i, 0))!=0; i++){ |
| 255 | if( xCmp(zToAdd, zReserved)==0 ) break; |
| 256 | } |
| 257 | if( zReserved ) continue; |
| 258 | } |
| 259 | nAdd += add_one_file(zToAdd, vid); |
| 260 | } |
| 261 | db_finalize(&loop); |
| 262 | blob_reset(&repoName); |
| 263 | return nAdd; |
| 264 |
+30
-10
| --- src/add.c | ||
| +++ src/add.c | ||
| @@ -174,10 +174,11 @@ | ||
| 174 | 174 | */ |
| 175 | 175 | static int add_one_file( |
| 176 | 176 | const char *zPath, /* Tree-name of file to add. */ |
| 177 | 177 | int vid /* Add to this VFILE */ |
| 178 | 178 | ){ |
| 179 | + int doSkip = 0; | |
| 179 | 180 | if( !file_is_simple_pathname(zPath, 1) ){ |
| 180 | 181 | fossil_warning("filename contains illegal characters: %s", zPath); |
| 181 | 182 | return 0; |
| 182 | 183 | } |
| 183 | 184 | if( db_exists("SELECT 1 FROM vfile" |
| @@ -186,17 +187,22 @@ | ||
| 186 | 187 | " WHERE pathname=%Q %s AND deleted", |
| 187 | 188 | zPath, filename_collation()); |
| 188 | 189 | }else{ |
| 189 | 190 | char *zFullname = mprintf("%s%s", g.zLocalRoot, zPath); |
| 190 | 191 | int isExe = file_isexe(zFullname, RepoFILE); |
| 191 | - db_multi_exec( | |
| 192 | - "INSERT INTO vfile(vid,deleted,rid,mrid,pathname,isexe,islink,mhash)" | |
| 193 | - "VALUES(%d,0,0,0,%Q,%d,%d,NULL)", | |
| 194 | - vid, zPath, isExe, file_islink(0)); | |
| 192 | + if( file_nondir_objects_on_path(g.zLocalRoot, zFullname) ){ | |
| 193 | + /* Do not add unsafe files to the vfile */ | |
| 194 | + doSkip = 1; | |
| 195 | + }else{ | |
| 196 | + db_multi_exec( | |
| 197 | + "INSERT INTO vfile(vid,deleted,rid,mrid,pathname,isexe,islink,mhash)" | |
| 198 | + "VALUES(%d,0,0,0,%Q,%d,%d,NULL)", | |
| 199 | + vid, zPath, isExe, file_islink(0)); | |
| 200 | + } | |
| 195 | 201 | fossil_free(zFullname); |
| 196 | 202 | } |
| 197 | - if( db_changes() ){ | |
| 203 | + if( db_changes() && !doSkip ){ | |
| 198 | 204 | fossil_print("ADDED %s\n", zPath); |
| 199 | 205 | return 1; |
| 200 | 206 | }else{ |
| 201 | 207 | fossil_print("SKIP %s\n", zPath); |
| 202 | 208 | return 0; |
| @@ -204,11 +210,13 @@ | ||
| 204 | 210 | } |
| 205 | 211 | |
| 206 | 212 | /* |
| 207 | 213 | ** Add all files in the sfile temp table. |
| 208 | 214 | ** |
| 209 | -** Automatically exclude the repository file. | |
| 215 | +** Automatically exclude the repository file and any other files | |
| 216 | +** with reserved names. Also exclude files that are beneath an | |
| 217 | +** existing symlink. | |
| 210 | 218 | */ |
| 211 | 219 | static int add_files_in_sfile(int vid){ |
| 212 | 220 | const char *zRepo; /* Name of the repository database file */ |
| 213 | 221 | int nAdd = 0; /* Number of files added */ |
| 214 | 222 | int i; /* Loop counter */ |
| @@ -226,18 +234,30 @@ | ||
| 226 | 234 | if( filenames_are_case_sensitive() ){ |
| 227 | 235 | xCmp = fossil_strcmp; |
| 228 | 236 | }else{ |
| 229 | 237 | xCmp = fossil_stricmp; |
| 230 | 238 | } |
| 231 | - db_prepare(&loop, "SELECT pathname FROM sfile ORDER BY pathname"); | |
| 239 | + db_prepare(&loop, | |
| 240 | + "SELECT pathname FROM sfile" | |
| 241 | + " WHERE pathname NOT IN (" | |
| 242 | + "SELECT sfile.pathname FROM vfile, sfile" | |
| 243 | + " WHERE vfile.islink" | |
| 244 | + " AND NOT vfile.deleted" | |
| 245 | + " AND sfile.pathname>(vfile.pathname||'/')" | |
| 246 | + " AND sfile.pathname<(vfile.pathname||'0'))" | |
| 247 | + " ORDER BY pathname"); | |
| 232 | 248 | while( db_step(&loop)==SQLITE_ROW ){ |
| 233 | 249 | const char *zToAdd = db_column_text(&loop, 0); |
| 234 | 250 | if( fossil_strcmp(zToAdd, zRepo)==0 ) continue; |
| 235 | - for(i=0; (zReserved = fossil_reserved_name(i, 0))!=0; i++){ | |
| 236 | - if( xCmp(zToAdd, zReserved)==0 ) break; | |
| 251 | + if( strchr(zToAdd,'/') ){ | |
| 252 | + if( file_is_reserved_name(zToAdd, -1) ) continue; | |
| 253 | + }else{ | |
| 254 | + for(i=0; (zReserved = fossil_reserved_name(i, 0))!=0; i++){ | |
| 255 | + if( xCmp(zToAdd, zReserved)==0 ) break; | |
| 256 | + } | |
| 257 | + if( zReserved ) continue; | |
| 237 | 258 | } |
| 238 | - if( zReserved ) continue; | |
| 239 | 259 | nAdd += add_one_file(zToAdd, vid); |
| 240 | 260 | } |
| 241 | 261 | db_finalize(&loop); |
| 242 | 262 | blob_reset(&repoName); |
| 243 | 263 | return nAdd; |
| 244 | 264 |
| --- src/add.c | |
| +++ src/add.c | |
| @@ -174,10 +174,11 @@ | |
| 174 | */ |
| 175 | static int add_one_file( |
| 176 | const char *zPath, /* Tree-name of file to add. */ |
| 177 | int vid /* Add to this VFILE */ |
| 178 | ){ |
| 179 | if( !file_is_simple_pathname(zPath, 1) ){ |
| 180 | fossil_warning("filename contains illegal characters: %s", zPath); |
| 181 | return 0; |
| 182 | } |
| 183 | if( db_exists("SELECT 1 FROM vfile" |
| @@ -186,17 +187,22 @@ | |
| 186 | " WHERE pathname=%Q %s AND deleted", |
| 187 | zPath, filename_collation()); |
| 188 | }else{ |
| 189 | char *zFullname = mprintf("%s%s", g.zLocalRoot, zPath); |
| 190 | int isExe = file_isexe(zFullname, RepoFILE); |
| 191 | db_multi_exec( |
| 192 | "INSERT INTO vfile(vid,deleted,rid,mrid,pathname,isexe,islink,mhash)" |
| 193 | "VALUES(%d,0,0,0,%Q,%d,%d,NULL)", |
| 194 | vid, zPath, isExe, file_islink(0)); |
| 195 | fossil_free(zFullname); |
| 196 | } |
| 197 | if( db_changes() ){ |
| 198 | fossil_print("ADDED %s\n", zPath); |
| 199 | return 1; |
| 200 | }else{ |
| 201 | fossil_print("SKIP %s\n", zPath); |
| 202 | return 0; |
| @@ -204,11 +210,13 @@ | |
| 204 | } |
| 205 | |
| 206 | /* |
| 207 | ** Add all files in the sfile temp table. |
| 208 | ** |
| 209 | ** Automatically exclude the repository file. |
| 210 | */ |
| 211 | static int add_files_in_sfile(int vid){ |
| 212 | const char *zRepo; /* Name of the repository database file */ |
| 213 | int nAdd = 0; /* Number of files added */ |
| 214 | int i; /* Loop counter */ |
| @@ -226,18 +234,30 @@ | |
| 226 | if( filenames_are_case_sensitive() ){ |
| 227 | xCmp = fossil_strcmp; |
| 228 | }else{ |
| 229 | xCmp = fossil_stricmp; |
| 230 | } |
| 231 | db_prepare(&loop, "SELECT pathname FROM sfile ORDER BY pathname"); |
| 232 | while( db_step(&loop)==SQLITE_ROW ){ |
| 233 | const char *zToAdd = db_column_text(&loop, 0); |
| 234 | if( fossil_strcmp(zToAdd, zRepo)==0 ) continue; |
| 235 | for(i=0; (zReserved = fossil_reserved_name(i, 0))!=0; i++){ |
| 236 | if( xCmp(zToAdd, zReserved)==0 ) break; |
| 237 | } |
| 238 | if( zReserved ) continue; |
| 239 | nAdd += add_one_file(zToAdd, vid); |
| 240 | } |
| 241 | db_finalize(&loop); |
| 242 | blob_reset(&repoName); |
| 243 | return nAdd; |
| 244 |
| --- src/add.c | |
| +++ src/add.c | |
| @@ -174,10 +174,11 @@ | |
| 174 | */ |
| 175 | static int add_one_file( |
| 176 | const char *zPath, /* Tree-name of file to add. */ |
| 177 | int vid /* Add to this VFILE */ |
| 178 | ){ |
| 179 | int doSkip = 0; |
| 180 | if( !file_is_simple_pathname(zPath, 1) ){ |
| 181 | fossil_warning("filename contains illegal characters: %s", zPath); |
| 182 | return 0; |
| 183 | } |
| 184 | if( db_exists("SELECT 1 FROM vfile" |
| @@ -186,17 +187,22 @@ | |
| 187 | " WHERE pathname=%Q %s AND deleted", |
| 188 | zPath, filename_collation()); |
| 189 | }else{ |
| 190 | char *zFullname = mprintf("%s%s", g.zLocalRoot, zPath); |
| 191 | int isExe = file_isexe(zFullname, RepoFILE); |
| 192 | if( file_nondir_objects_on_path(g.zLocalRoot, zFullname) ){ |
| 193 | /* Do not add unsafe files to the vfile */ |
| 194 | doSkip = 1; |
| 195 | }else{ |
| 196 | db_multi_exec( |
| 197 | "INSERT INTO vfile(vid,deleted,rid,mrid,pathname,isexe,islink,mhash)" |
| 198 | "VALUES(%d,0,0,0,%Q,%d,%d,NULL)", |
| 199 | vid, zPath, isExe, file_islink(0)); |
| 200 | } |
| 201 | fossil_free(zFullname); |
| 202 | } |
| 203 | if( db_changes() && !doSkip ){ |
| 204 | fossil_print("ADDED %s\n", zPath); |
| 205 | return 1; |
| 206 | }else{ |
| 207 | fossil_print("SKIP %s\n", zPath); |
| 208 | return 0; |
| @@ -204,11 +210,13 @@ | |
| 210 | } |
| 211 | |
| 212 | /* |
| 213 | ** Add all files in the sfile temp table. |
| 214 | ** |
| 215 | ** Automatically exclude the repository file and any other files |
| 216 | ** with reserved names. Also exclude files that are beneath an |
| 217 | ** existing symlink. |
| 218 | */ |
| 219 | static int add_files_in_sfile(int vid){ |
| 220 | const char *zRepo; /* Name of the repository database file */ |
| 221 | int nAdd = 0; /* Number of files added */ |
| 222 | int i; /* Loop counter */ |
| @@ -226,18 +234,30 @@ | |
| 234 | if( filenames_are_case_sensitive() ){ |
| 235 | xCmp = fossil_strcmp; |
| 236 | }else{ |
| 237 | xCmp = fossil_stricmp; |
| 238 | } |
| 239 | db_prepare(&loop, |
| 240 | "SELECT pathname FROM sfile" |
| 241 | " WHERE pathname NOT IN (" |
| 242 | "SELECT sfile.pathname FROM vfile, sfile" |
| 243 | " WHERE vfile.islink" |
| 244 | " AND NOT vfile.deleted" |
| 245 | " AND sfile.pathname>(vfile.pathname||'/')" |
| 246 | " AND sfile.pathname<(vfile.pathname||'0'))" |
| 247 | " ORDER BY pathname"); |
| 248 | while( db_step(&loop)==SQLITE_ROW ){ |
| 249 | const char *zToAdd = db_column_text(&loop, 0); |
| 250 | if( fossil_strcmp(zToAdd, zRepo)==0 ) continue; |
| 251 | if( strchr(zToAdd,'/') ){ |
| 252 | if( file_is_reserved_name(zToAdd, -1) ) continue; |
| 253 | }else{ |
| 254 | for(i=0; (zReserved = fossil_reserved_name(i, 0))!=0; i++){ |
| 255 | if( xCmp(zToAdd, zReserved)==0 ) break; |
| 256 | } |
| 257 | if( zReserved ) continue; |
| 258 | } |
| 259 | nAdd += add_one_file(zToAdd, vid); |
| 260 | } |
| 261 | db_finalize(&loop); |
| 262 | blob_reset(&repoName); |
| 263 | return nAdd; |
| 264 |
+4
| --- src/checkin.c | ||
| +++ src/checkin.c | ||
| @@ -856,12 +856,14 @@ | ||
| 856 | 856 | |
| 857 | 857 | if( zIgnoreFlag==0 ){ |
| 858 | 858 | zIgnoreFlag = db_get("ignore-glob", 0); |
| 859 | 859 | } |
| 860 | 860 | pIgnore = glob_create(zIgnoreFlag); |
| 861 | +#ifdef FOSSIL_LEGACY_ALLOW_SYMLINKS | |
| 861 | 862 | /* Always consider symlinks. */ |
| 862 | 863 | g.allowSymlinks = db_allow_symlinks_by_default(); |
| 864 | +#endif | |
| 863 | 865 | locate_unmanaged_files(g.argc-2, g.argv+2, scanFlags, pIgnore); |
| 864 | 866 | glob_free(pIgnore); |
| 865 | 867 | |
| 866 | 868 | blob_zero(&report); |
| 867 | 869 | status_report(&report, flags); |
| @@ -1015,12 +1017,14 @@ | ||
| 1015 | 1017 | verify_all_options(); |
| 1016 | 1018 | pIgnore = glob_create(zIgnoreFlag); |
| 1017 | 1019 | pKeep = glob_create(zKeepFlag); |
| 1018 | 1020 | pClean = glob_create(zCleanFlag); |
| 1019 | 1021 | nRoot = (int)strlen(g.zLocalRoot); |
| 1022 | +#ifdef FOSSIL_LEGACY_ALLOW_SYMLINKS | |
| 1020 | 1023 | /* Always consider symlinks. */ |
| 1021 | 1024 | g.allowSymlinks = db_allow_symlinks_by_default(); |
| 1025 | +#endif | |
| 1022 | 1026 | if( !dirsOnlyFlag ){ |
| 1023 | 1027 | Stmt q; |
| 1024 | 1028 | Blob repo; |
| 1025 | 1029 | if( !dryRunFlag && !disableUndo ) undo_begin(); |
| 1026 | 1030 | locate_unmanaged_files(g.argc-2, g.argv+2, scanFlags, pIgnore); |
| 1027 | 1031 |
| --- src/checkin.c | |
| +++ src/checkin.c | |
| @@ -856,12 +856,14 @@ | |
| 856 | |
| 857 | if( zIgnoreFlag==0 ){ |
| 858 | zIgnoreFlag = db_get("ignore-glob", 0); |
| 859 | } |
| 860 | pIgnore = glob_create(zIgnoreFlag); |
| 861 | /* Always consider symlinks. */ |
| 862 | g.allowSymlinks = db_allow_symlinks_by_default(); |
| 863 | locate_unmanaged_files(g.argc-2, g.argv+2, scanFlags, pIgnore); |
| 864 | glob_free(pIgnore); |
| 865 | |
| 866 | blob_zero(&report); |
| 867 | status_report(&report, flags); |
| @@ -1015,12 +1017,14 @@ | |
| 1015 | verify_all_options(); |
| 1016 | pIgnore = glob_create(zIgnoreFlag); |
| 1017 | pKeep = glob_create(zKeepFlag); |
| 1018 | pClean = glob_create(zCleanFlag); |
| 1019 | nRoot = (int)strlen(g.zLocalRoot); |
| 1020 | /* Always consider symlinks. */ |
| 1021 | g.allowSymlinks = db_allow_symlinks_by_default(); |
| 1022 | if( !dirsOnlyFlag ){ |
| 1023 | Stmt q; |
| 1024 | Blob repo; |
| 1025 | if( !dryRunFlag && !disableUndo ) undo_begin(); |
| 1026 | locate_unmanaged_files(g.argc-2, g.argv+2, scanFlags, pIgnore); |
| 1027 |
| --- src/checkin.c | |
| +++ src/checkin.c | |
| @@ -856,12 +856,14 @@ | |
| 856 | |
| 857 | if( zIgnoreFlag==0 ){ |
| 858 | zIgnoreFlag = db_get("ignore-glob", 0); |
| 859 | } |
| 860 | pIgnore = glob_create(zIgnoreFlag); |
| 861 | #ifdef FOSSIL_LEGACY_ALLOW_SYMLINKS |
| 862 | /* Always consider symlinks. */ |
| 863 | g.allowSymlinks = db_allow_symlinks_by_default(); |
| 864 | #endif |
| 865 | locate_unmanaged_files(g.argc-2, g.argv+2, scanFlags, pIgnore); |
| 866 | glob_free(pIgnore); |
| 867 | |
| 868 | blob_zero(&report); |
| 869 | status_report(&report, flags); |
| @@ -1015,12 +1017,14 @@ | |
| 1017 | verify_all_options(); |
| 1018 | pIgnore = glob_create(zIgnoreFlag); |
| 1019 | pKeep = glob_create(zKeepFlag); |
| 1020 | pClean = glob_create(zCleanFlag); |
| 1021 | nRoot = (int)strlen(g.zLocalRoot); |
| 1022 | #ifdef FOSSIL_LEGACY_ALLOW_SYMLINKS |
| 1023 | /* Always consider symlinks. */ |
| 1024 | g.allowSymlinks = db_allow_symlinks_by_default(); |
| 1025 | #endif |
| 1026 | if( !dirsOnlyFlag ){ |
| 1027 | Stmt q; |
| 1028 | Blob repo; |
| 1029 | if( !dryRunFlag && !disableUndo ) undo_begin(); |
| 1030 | locate_unmanaged_files(g.argc-2, g.argv+2, scanFlags, pIgnore); |
| 1031 |
+4
| --- src/checkin.c | ||
| +++ src/checkin.c | ||
| @@ -856,12 +856,14 @@ | ||
| 856 | 856 | |
| 857 | 857 | if( zIgnoreFlag==0 ){ |
| 858 | 858 | zIgnoreFlag = db_get("ignore-glob", 0); |
| 859 | 859 | } |
| 860 | 860 | pIgnore = glob_create(zIgnoreFlag); |
| 861 | +#ifdef FOSSIL_LEGACY_ALLOW_SYMLINKS | |
| 861 | 862 | /* Always consider symlinks. */ |
| 862 | 863 | g.allowSymlinks = db_allow_symlinks_by_default(); |
| 864 | +#endif | |
| 863 | 865 | locate_unmanaged_files(g.argc-2, g.argv+2, scanFlags, pIgnore); |
| 864 | 866 | glob_free(pIgnore); |
| 865 | 867 | |
| 866 | 868 | blob_zero(&report); |
| 867 | 869 | status_report(&report, flags); |
| @@ -1015,12 +1017,14 @@ | ||
| 1015 | 1017 | verify_all_options(); |
| 1016 | 1018 | pIgnore = glob_create(zIgnoreFlag); |
| 1017 | 1019 | pKeep = glob_create(zKeepFlag); |
| 1018 | 1020 | pClean = glob_create(zCleanFlag); |
| 1019 | 1021 | nRoot = (int)strlen(g.zLocalRoot); |
| 1022 | +#ifdef FOSSIL_LEGACY_ALLOW_SYMLINKS | |
| 1020 | 1023 | /* Always consider symlinks. */ |
| 1021 | 1024 | g.allowSymlinks = db_allow_symlinks_by_default(); |
| 1025 | +#endif | |
| 1022 | 1026 | if( !dirsOnlyFlag ){ |
| 1023 | 1027 | Stmt q; |
| 1024 | 1028 | Blob repo; |
| 1025 | 1029 | if( !dryRunFlag && !disableUndo ) undo_begin(); |
| 1026 | 1030 | locate_unmanaged_files(g.argc-2, g.argv+2, scanFlags, pIgnore); |
| 1027 | 1031 |
| --- src/checkin.c | |
| +++ src/checkin.c | |
| @@ -856,12 +856,14 @@ | |
| 856 | |
| 857 | if( zIgnoreFlag==0 ){ |
| 858 | zIgnoreFlag = db_get("ignore-glob", 0); |
| 859 | } |
| 860 | pIgnore = glob_create(zIgnoreFlag); |
| 861 | /* Always consider symlinks. */ |
| 862 | g.allowSymlinks = db_allow_symlinks_by_default(); |
| 863 | locate_unmanaged_files(g.argc-2, g.argv+2, scanFlags, pIgnore); |
| 864 | glob_free(pIgnore); |
| 865 | |
| 866 | blob_zero(&report); |
| 867 | status_report(&report, flags); |
| @@ -1015,12 +1017,14 @@ | |
| 1015 | verify_all_options(); |
| 1016 | pIgnore = glob_create(zIgnoreFlag); |
| 1017 | pKeep = glob_create(zKeepFlag); |
| 1018 | pClean = glob_create(zCleanFlag); |
| 1019 | nRoot = (int)strlen(g.zLocalRoot); |
| 1020 | /* Always consider symlinks. */ |
| 1021 | g.allowSymlinks = db_allow_symlinks_by_default(); |
| 1022 | if( !dirsOnlyFlag ){ |
| 1023 | Stmt q; |
| 1024 | Blob repo; |
| 1025 | if( !dryRunFlag && !disableUndo ) undo_begin(); |
| 1026 | locate_unmanaged_files(g.argc-2, g.argv+2, scanFlags, pIgnore); |
| 1027 |
| --- src/checkin.c | |
| +++ src/checkin.c | |
| @@ -856,12 +856,14 @@ | |
| 856 | |
| 857 | if( zIgnoreFlag==0 ){ |
| 858 | zIgnoreFlag = db_get("ignore-glob", 0); |
| 859 | } |
| 860 | pIgnore = glob_create(zIgnoreFlag); |
| 861 | #ifdef FOSSIL_LEGACY_ALLOW_SYMLINKS |
| 862 | /* Always consider symlinks. */ |
| 863 | g.allowSymlinks = db_allow_symlinks_by_default(); |
| 864 | #endif |
| 865 | locate_unmanaged_files(g.argc-2, g.argv+2, scanFlags, pIgnore); |
| 866 | glob_free(pIgnore); |
| 867 | |
| 868 | blob_zero(&report); |
| 869 | status_report(&report, flags); |
| @@ -1015,12 +1017,14 @@ | |
| 1017 | verify_all_options(); |
| 1018 | pIgnore = glob_create(zIgnoreFlag); |
| 1019 | pKeep = glob_create(zKeepFlag); |
| 1020 | pClean = glob_create(zCleanFlag); |
| 1021 | nRoot = (int)strlen(g.zLocalRoot); |
| 1022 | #ifdef FOSSIL_LEGACY_ALLOW_SYMLINKS |
| 1023 | /* Always consider symlinks. */ |
| 1024 | g.allowSymlinks = db_allow_symlinks_by_default(); |
| 1025 | #endif |
| 1026 | if( !dirsOnlyFlag ){ |
| 1027 | Stmt q; |
| 1028 | Blob repo; |
| 1029 | if( !dryRunFlag && !disableUndo ) undo_begin(); |
| 1030 | locate_unmanaged_files(g.argc-2, g.argv+2, scanFlags, pIgnore); |
| 1031 |
+2
| --- src/configure.c | ||
| +++ src/configure.c | ||
| @@ -140,11 +140,13 @@ | ||
| 140 | 140 | { "keep-glob", CONFIGSET_PROJ }, |
| 141 | 141 | { "crlf-glob", CONFIGSET_PROJ }, |
| 142 | 142 | { "crnl-glob", CONFIGSET_PROJ }, |
| 143 | 143 | { "encoding-glob", CONFIGSET_PROJ }, |
| 144 | 144 | { "empty-dirs", CONFIGSET_PROJ }, |
| 145 | +#ifdef FOSSIL_LEGACY_ALLOW_SYMLINKS | |
| 145 | 146 | { "allow-symlinks", CONFIGSET_PROJ }, |
| 147 | +#endif | |
| 146 | 148 | { "dotfiles", CONFIGSET_PROJ }, |
| 147 | 149 | { "parent-project-code", CONFIGSET_PROJ }, |
| 148 | 150 | { "parent-project-name", CONFIGSET_PROJ }, |
| 149 | 151 | { "hash-policy", CONFIGSET_PROJ }, |
| 150 | 152 | { "comment-format", CONFIGSET_PROJ }, |
| 151 | 153 |
| --- src/configure.c | |
| +++ src/configure.c | |
| @@ -140,11 +140,13 @@ | |
| 140 | { "keep-glob", CONFIGSET_PROJ }, |
| 141 | { "crlf-glob", CONFIGSET_PROJ }, |
| 142 | { "crnl-glob", CONFIGSET_PROJ }, |
| 143 | { "encoding-glob", CONFIGSET_PROJ }, |
| 144 | { "empty-dirs", CONFIGSET_PROJ }, |
| 145 | { "allow-symlinks", CONFIGSET_PROJ }, |
| 146 | { "dotfiles", CONFIGSET_PROJ }, |
| 147 | { "parent-project-code", CONFIGSET_PROJ }, |
| 148 | { "parent-project-name", CONFIGSET_PROJ }, |
| 149 | { "hash-policy", CONFIGSET_PROJ }, |
| 150 | { "comment-format", CONFIGSET_PROJ }, |
| 151 |
| --- src/configure.c | |
| +++ src/configure.c | |
| @@ -140,11 +140,13 @@ | |
| 140 | { "keep-glob", CONFIGSET_PROJ }, |
| 141 | { "crlf-glob", CONFIGSET_PROJ }, |
| 142 | { "crnl-glob", CONFIGSET_PROJ }, |
| 143 | { "encoding-glob", CONFIGSET_PROJ }, |
| 144 | { "empty-dirs", CONFIGSET_PROJ }, |
| 145 | #ifdef FOSSIL_LEGACY_ALLOW_SYMLINKS |
| 146 | { "allow-symlinks", CONFIGSET_PROJ }, |
| 147 | #endif |
| 148 | { "dotfiles", CONFIGSET_PROJ }, |
| 149 | { "parent-project-code", CONFIGSET_PROJ }, |
| 150 | { "parent-project-name", CONFIGSET_PROJ }, |
| 151 | { "hash-policy", CONFIGSET_PROJ }, |
| 152 | { "comment-format", CONFIGSET_PROJ }, |
| 153 |
+2
| --- src/configure.c | ||
| +++ src/configure.c | ||
| @@ -140,11 +140,13 @@ | ||
| 140 | 140 | { "keep-glob", CONFIGSET_PROJ }, |
| 141 | 141 | { "crlf-glob", CONFIGSET_PROJ }, |
| 142 | 142 | { "crnl-glob", CONFIGSET_PROJ }, |
| 143 | 143 | { "encoding-glob", CONFIGSET_PROJ }, |
| 144 | 144 | { "empty-dirs", CONFIGSET_PROJ }, |
| 145 | +#ifdef FOSSIL_LEGACY_ALLOW_SYMLINKS | |
| 145 | 146 | { "allow-symlinks", CONFIGSET_PROJ }, |
| 147 | +#endif | |
| 146 | 148 | { "dotfiles", CONFIGSET_PROJ }, |
| 147 | 149 | { "parent-project-code", CONFIGSET_PROJ }, |
| 148 | 150 | { "parent-project-name", CONFIGSET_PROJ }, |
| 149 | 151 | { "hash-policy", CONFIGSET_PROJ }, |
| 150 | 152 | { "comment-format", CONFIGSET_PROJ }, |
| 151 | 153 |
| --- src/configure.c | |
| +++ src/configure.c | |
| @@ -140,11 +140,13 @@ | |
| 140 | { "keep-glob", CONFIGSET_PROJ }, |
| 141 | { "crlf-glob", CONFIGSET_PROJ }, |
| 142 | { "crnl-glob", CONFIGSET_PROJ }, |
| 143 | { "encoding-glob", CONFIGSET_PROJ }, |
| 144 | { "empty-dirs", CONFIGSET_PROJ }, |
| 145 | { "allow-symlinks", CONFIGSET_PROJ }, |
| 146 | { "dotfiles", CONFIGSET_PROJ }, |
| 147 | { "parent-project-code", CONFIGSET_PROJ }, |
| 148 | { "parent-project-name", CONFIGSET_PROJ }, |
| 149 | { "hash-policy", CONFIGSET_PROJ }, |
| 150 | { "comment-format", CONFIGSET_PROJ }, |
| 151 |
| --- src/configure.c | |
| +++ src/configure.c | |
| @@ -140,11 +140,13 @@ | |
| 140 | { "keep-glob", CONFIGSET_PROJ }, |
| 141 | { "crlf-glob", CONFIGSET_PROJ }, |
| 142 | { "crnl-glob", CONFIGSET_PROJ }, |
| 143 | { "encoding-glob", CONFIGSET_PROJ }, |
| 144 | { "empty-dirs", CONFIGSET_PROJ }, |
| 145 | #ifdef FOSSIL_LEGACY_ALLOW_SYMLINKS |
| 146 | { "allow-symlinks", CONFIGSET_PROJ }, |
| 147 | #endif |
| 148 | { "dotfiles", CONFIGSET_PROJ }, |
| 149 | { "parent-project-code", CONFIGSET_PROJ }, |
| 150 | { "parent-project-name", CONFIGSET_PROJ }, |
| 151 | { "hash-policy", CONFIGSET_PROJ }, |
| 152 | { "comment-format", CONFIGSET_PROJ }, |
| 153 |
M
src/db.c
+80
-17
| --- src/db.c | ||
| +++ src/db.c | ||
| @@ -123,10 +123,13 @@ | ||
| 123 | 123 | char *azBeforeCommit[5]; /* Commands to run prior to COMMIT */ |
| 124 | 124 | int nBeforeCommit; /* Number of entries in azBeforeCommit */ |
| 125 | 125 | int nPriorChanges; /* sqlite3_total_changes() at transaction start */ |
| 126 | 126 | const char *zStartFile; /* File in which transaction was started */ |
| 127 | 127 | int iStartLine; /* Line of zStartFile where transaction started */ |
| 128 | + int (*xAuth)(void*,int,const char*,const char*,const char*,const char*); | |
| 129 | + void *pAuthArg; /* Argument to the authorizer */ | |
| 130 | + const char *zAuthName; /* Name of the authorizer */ | |
| 128 | 131 | } db = {0, 0, 0, 0, 0, 0, }; |
| 129 | 132 | |
| 130 | 133 | /* |
| 131 | 134 | ** Arrange for the given file to be deleted on a failure. |
| 132 | 135 | */ |
| @@ -307,10 +310,36 @@ | ||
| 307 | 310 | } |
| 308 | 311 | db.aHook[db.nCommitHook].sequence = sequence; |
| 309 | 312 | db.aHook[db.nCommitHook].xHook = x; |
| 310 | 313 | db.nCommitHook++; |
| 311 | 314 | } |
| 315 | + | |
| 316 | +/* | |
| 317 | +** Set or unset the query authorizer callback function | |
| 318 | +*/ | |
| 319 | +void db_set_authorizer( | |
| 320 | + int(*xAuth)(void*,int,const char*,const char*,const char*,const char*), | |
| 321 | + void *pArg, | |
| 322 | + const char *zName /* for tracing */ | |
| 323 | +){ | |
| 324 | + if( db.xAuth ){ | |
| 325 | + fossil_panic("multiple active db_set_authorizer() calls"); | |
| 326 | + } | |
| 327 | + if( g.db ) sqlite3_set_authorizer(g.db, xAuth, pArg); | |
| 328 | + db.xAuth = xAuth; | |
| 329 | + db.pAuthArg = pArg; | |
| 330 | + db.zAuthName = zName; | |
| 331 | + if( g.fSqlTrace ) fossil_trace("-- set authorizer %s\n", zName); | |
| 332 | +} | |
| 333 | +void db_clear_authorizer(void){ | |
| 334 | + if( db.zAuthName && g.fSqlTrace ){ | |
| 335 | + fossil_trace("-- discontinue authorizer %s\n", db.zAuthName); | |
| 336 | + } | |
| 337 | + if( g.db ) sqlite3_set_authorizer(g.db, 0, 0); | |
| 338 | + db.xAuth = 0; | |
| 339 | + db.pAuthArg = 0; | |
| 340 | +} | |
| 312 | 341 | |
| 313 | 342 | #if INTERFACE |
| 314 | 343 | /* |
| 315 | 344 | ** Possible flags to db_vprepare |
| 316 | 345 | */ |
| @@ -835,34 +864,37 @@ | ||
| 835 | 864 | void db_init_database( |
| 836 | 865 | const char *zFileName, /* Name of database file to create */ |
| 837 | 866 | const char *zSchema, /* First part of schema */ |
| 838 | 867 | ... /* Additional SQL to run. Terminate with NULL. */ |
| 839 | 868 | ){ |
| 840 | - sqlite3 *db; | |
| 869 | + sqlite3 *xdb; | |
| 841 | 870 | int rc; |
| 842 | 871 | const char *zSql; |
| 843 | 872 | va_list ap; |
| 844 | 873 | |
| 845 | - db = db_open(zFileName ? zFileName : ":memory:"); | |
| 846 | - sqlite3_exec(db, "BEGIN EXCLUSIVE", 0, 0, 0); | |
| 847 | - rc = sqlite3_exec(db, zSchema, 0, 0, 0); | |
| 874 | + xdb = db_open(zFileName ? zFileName : ":memory:"); | |
| 875 | + sqlite3_exec(xdb, "BEGIN EXCLUSIVE", 0, 0, 0); | |
| 876 | + if( db.xAuth ){ | |
| 877 | + sqlite3_set_authorizer(xdb, db.xAuth, db.pAuthArg); | |
| 878 | + } | |
| 879 | + rc = sqlite3_exec(xdb, zSchema, 0, 0, 0); | |
| 848 | 880 | if( rc!=SQLITE_OK ){ |
| 849 | - db_err("%s", sqlite3_errmsg(db)); | |
| 881 | + db_err("%s", sqlite3_errmsg(xdb)); | |
| 850 | 882 | } |
| 851 | 883 | va_start(ap, zSchema); |
| 852 | 884 | while( (zSql = va_arg(ap, const char*))!=0 ){ |
| 853 | - rc = sqlite3_exec(db, zSql, 0, 0, 0); | |
| 885 | + rc = sqlite3_exec(xdb, zSql, 0, 0, 0); | |
| 854 | 886 | if( rc!=SQLITE_OK ){ |
| 855 | - db_err("%s", sqlite3_errmsg(db)); | |
| 887 | + db_err("%s", sqlite3_errmsg(xdb)); | |
| 856 | 888 | } |
| 857 | 889 | } |
| 858 | 890 | va_end(ap); |
| 859 | - sqlite3_exec(db, "COMMIT", 0, 0, 0); | |
| 891 | + sqlite3_exec(xdb, "COMMIT", 0, 0, 0); | |
| 860 | 892 | if( zFileName || g.db!=0 ){ |
| 861 | - sqlite3_close(db); | |
| 893 | + sqlite3_close(xdb); | |
| 862 | 894 | }else{ |
| 863 | - g.db = db; | |
| 895 | + g.db = xdb; | |
| 864 | 896 | } |
| 865 | 897 | } |
| 866 | 898 | |
| 867 | 899 | /* |
| 868 | 900 | ** Function to return the number of seconds since 1970. This is |
| @@ -1711,11 +1743,11 @@ | ||
| 1711 | 1743 | /* |
| 1712 | 1744 | ** Returns non-zero if the default value for the "allow-symlinks" setting |
| 1713 | 1745 | ** is "on". When on Windows, this always returns false. |
| 1714 | 1746 | */ |
| 1715 | 1747 | int db_allow_symlinks_by_default(void){ |
| 1716 | -#if defined(_WIN32) | |
| 1748 | +#if defined(_WIN32) || !defined(FOSSIL_LEGACY_ALLOW_SYMLINKS) | |
| 1717 | 1749 | return 0; |
| 1718 | 1750 | #else |
| 1719 | 1751 | return 1; |
| 1720 | 1752 | #endif |
| 1721 | 1753 | } |
| @@ -2004,10 +2036,11 @@ | ||
| 2004 | 2036 | ** argument is true. Ignore unfinalized statements when false. |
| 2005 | 2037 | */ |
| 2006 | 2038 | void db_close(int reportErrors){ |
| 2007 | 2039 | sqlite3_stmt *pStmt; |
| 2008 | 2040 | if( g.db==0 ) return; |
| 2041 | + sqlite3_set_authorizer(g.db, 0, 0); | |
| 2009 | 2042 | if( g.fSqlStats ){ |
| 2010 | 2043 | int cur, hiwtr; |
| 2011 | 2044 | sqlite3_db_status(g.db, SQLITE_DBSTATUS_LOOKASIDE_USED, &cur, &hiwtr, 0); |
| 2012 | 2045 | fprintf(stderr, "-- LOOKASIDE_USED %10d %10d\n", cur, hiwtr); |
| 2013 | 2046 | sqlite3_db_status(g.db, SQLITE_DBSTATUS_LOOKASIDE_HIT, &cur, &hiwtr, 0); |
| @@ -2033,17 +2066,20 @@ | ||
| 2033 | 2066 | fprintf(stderr, "-- prepared statements %10d\n", db.nPrepare); |
| 2034 | 2067 | } |
| 2035 | 2068 | while( db.pAllStmt ){ |
| 2036 | 2069 | db_finalize(db.pAllStmt); |
| 2037 | 2070 | } |
| 2038 | - if( db.nBegin && reportErrors ){ | |
| 2039 | - fossil_warning("Transaction started at %s:%d never commits", | |
| 2040 | - db.zStartFile, db.iStartLine); | |
| 2071 | + if( db.nBegin ){ | |
| 2072 | + if( reportErrors ){ | |
| 2073 | + fossil_warning("Transaction started at %s:%d never commits", | |
| 2074 | + db.zStartFile, db.iStartLine); | |
| 2075 | + } | |
| 2041 | 2076 | db_end_transaction(1); |
| 2042 | 2077 | } |
| 2043 | 2078 | pStmt = 0; |
| 2044 | - g.dbIgnoreErrors++; /* Stop "database locked" warnings from PRAGMA optimize */ | |
| 2079 | + sqlite3_busy_timeout(g.db, 0); | |
| 2080 | + g.dbIgnoreErrors++; /* Stop "database locked" warnings */ | |
| 2045 | 2081 | sqlite3_exec(g.db, "PRAGMA optimize", 0, 0, 0); |
| 2046 | 2082 | g.dbIgnoreErrors--; |
| 2047 | 2083 | db_close_config(); |
| 2048 | 2084 | |
| 2049 | 2085 | /* If the localdb has a lot of unused free space, |
| @@ -2083,10 +2119,11 @@ | ||
| 2083 | 2119 | if( g.db ){ |
| 2084 | 2120 | int rc; |
| 2085 | 2121 | sqlite3_wal_checkpoint(g.db, 0); |
| 2086 | 2122 | rc = sqlite3_close(g.db); |
| 2087 | 2123 | if( g.fSqlTrace ) fossil_trace("-- sqlite3_close(%d)\n", rc); |
| 2124 | + db_clear_authorizer(); | |
| 2088 | 2125 | } |
| 2089 | 2126 | g.db = 0; |
| 2090 | 2127 | g.repositoryOpen = 0; |
| 2091 | 2128 | g.localOpen = 0; |
| 2092 | 2129 | } |
| @@ -2837,17 +2874,19 @@ | ||
| 2837 | 2874 | dflt = 0; |
| 2838 | 2875 | } |
| 2839 | 2876 | fossil_free(zVal); |
| 2840 | 2877 | return dflt; |
| 2841 | 2878 | } |
| 2879 | +#ifdef FOSSIL_LEGACY_ALLOW_SYMLINKS | |
| 2842 | 2880 | int db_get_versioned_boolean(const char *zName, int dflt){ |
| 2843 | 2881 | char *zVal = db_get_versioned(zName, 0); |
| 2844 | 2882 | if( zVal==0 ) return dflt; |
| 2845 | 2883 | if( is_truth(zVal) ) return 1; |
| 2846 | 2884 | if( is_false(zVal) ) return 0; |
| 2847 | 2885 | return dflt; |
| 2848 | 2886 | } |
| 2887 | +#endif /* FOSSIL_LEGACY_ALLOW_SYMLINKS */ | |
| 2849 | 2888 | char *db_lget(const char *zName, const char *zDefault){ |
| 2850 | 2889 | return db_text(zDefault, |
| 2851 | 2890 | "SELECT value FROM vvar WHERE name=%Q", zName); |
| 2852 | 2891 | } |
| 2853 | 2892 | void db_lset(const char *zName, const char *zValue){ |
| @@ -3025,11 +3064,13 @@ | ||
| 3025 | 3064 | void cmd_open(void){ |
| 3026 | 3065 | int emptyFlag; |
| 3027 | 3066 | int keepFlag; |
| 3028 | 3067 | int forceMissingFlag; |
| 3029 | 3068 | int allowNested; |
| 3069 | +#ifdef FOSSIL_LEGACY_ALLOW_SYMLINKS | |
| 3030 | 3070 | int allowSymlinks; |
| 3071 | +#endif | |
| 3031 | 3072 | int setmtimeFlag; /* --setmtime. Set mtimes on files */ |
| 3032 | 3073 | static char *azNewArgv[] = { 0, "checkout", "--prompt", 0, 0, 0, 0 }; |
| 3033 | 3074 | |
| 3034 | 3075 | url_proxy_options(); |
| 3035 | 3076 | emptyFlag = find_option("empty",0,0)!=0; |
| @@ -3056,10 +3097,11 @@ | ||
| 3056 | 3097 | }else if( db_exists("SELECT 1 FROM event WHERE type='ci'") ){ |
| 3057 | 3098 | g.zOpenRevision = db_get("main-branch", 0); |
| 3058 | 3099 | } |
| 3059 | 3100 | } |
| 3060 | 3101 | |
| 3102 | +#ifdef FOSSIL_LEGACY_ALLOW_SYMLINKS | |
| 3061 | 3103 | if( g.zOpenRevision ){ |
| 3062 | 3104 | /* Since the repository is open and we know the revision now, |
| 3063 | 3105 | ** refresh the allow-symlinks flag. Since neither the local |
| 3064 | 3106 | ** checkout nor the configuration database are open at this |
| 3065 | 3107 | ** point, this should always return the versioned setting, |
| @@ -3069,10 +3111,11 @@ | ||
| 3069 | 3111 | ** repository or global configuration databases only. */ |
| 3070 | 3112 | allowSymlinks = db_get_versioned_boolean("allow-symlinks", -1); |
| 3071 | 3113 | }else{ |
| 3072 | 3114 | allowSymlinks = -1; /* Use non-versioned settings only. */ |
| 3073 | 3115 | } |
| 3116 | +#endif | |
| 3074 | 3117 | |
| 3075 | 3118 | #if defined(_WIN32) || defined(__CYGWIN__) |
| 3076 | 3119 | # define LOCALDB_NAME "./_FOSSIL_" |
| 3077 | 3120 | #else |
| 3078 | 3121 | # define LOCALDB_NAME "./.fslckout" |
| @@ -3082,10 +3125,11 @@ | ||
| 3082 | 3125 | "COMMIT; PRAGMA journal_mode=WAL; BEGIN;", |
| 3083 | 3126 | #endif |
| 3084 | 3127 | (char*)0); |
| 3085 | 3128 | db_delete_on_failure(LOCALDB_NAME); |
| 3086 | 3129 | db_open_local(0); |
| 3130 | +#ifdef FOSSIL_LEGACY_ALLOW_SYMLINKS | |
| 3087 | 3131 | if( allowSymlinks>=0 ){ |
| 3088 | 3132 | /* Use the value from the versioned setting, which was read |
| 3089 | 3133 | ** prior to opening the local checkout (i.e. which is most |
| 3090 | 3134 | ** likely empty and does not actually contain any versioned |
| 3091 | 3135 | ** setting files yet). Normally, this value would be given |
| @@ -3098,10 +3142,11 @@ | ||
| 3098 | 3142 | ** point, this will probably be the setting value from the |
| 3099 | 3143 | ** repository or global configuration databases. */ |
| 3100 | 3144 | g.allowSymlinks = db_get_boolean("allow-symlinks", |
| 3101 | 3145 | db_allow_symlinks_by_default()); |
| 3102 | 3146 | } |
| 3147 | +#endif /* FOSSIL_LEGACY_ALLOW_SYMLINKS */ | |
| 3103 | 3148 | db_lset("repository", g.argv[2]); |
| 3104 | 3149 | db_record_repository_filename(g.argv[2]); |
| 3105 | 3150 | db_set_checkout(0); |
| 3106 | 3151 | azNewArgv[0] = g.argv[0]; |
| 3107 | 3152 | g.argv = azNewArgv; |
| @@ -3209,11 +3254,29 @@ | ||
| 3209 | 3254 | ** SETTING: admin-log boolean default=off |
| 3210 | 3255 | ** |
| 3211 | 3256 | ** When the admin-log setting is enabled, configuration changes are recorded |
| 3212 | 3257 | ** in the "admin_log" table of the repository. |
| 3213 | 3258 | */ |
| 3214 | -#if defined(_WIN32) | |
| 3259 | +#if !defined(FOSSIL_LEGACY_ALLOW_SYMLINKS) | |
| 3260 | +/* | |
| 3261 | +** SETTING: allow-symlinks boolean default=off | |
| 3262 | +** | |
| 3263 | +** When allow-symlinks is OFF (which is the default and recommended setting) | |
| 3264 | +** symbolic links are treated like text files that contain a single line of | |
| 3265 | +** content which is the name of their target. If allow-symlinks is ON, | |
| 3266 | +** the symbolic links are actually followed. | |
| 3267 | +** | |
| 3268 | +** The use of symbolic links is dangerous. If you checkout a maliciously | |
| 3269 | +** crafted checkin that contains symbolic links, it is possible that files | |
| 3270 | +** outside of the working directory might be overwritten. | |
| 3271 | +** | |
| 3272 | +** Keep this setting OFF unless you have a very good reason to turn it | |
| 3273 | +** on and you implicitly trust the integrity of the repositories you | |
| 3274 | +** open. | |
| 3275 | +*/ | |
| 3276 | +#endif | |
| 3277 | +#if defined(_WIN32) && defined(FOSSIL_LEGACY_ALLOW_SYMLINKS) | |
| 3215 | 3278 | /* |
| 3216 | 3279 | ** SETTING: allow-symlinks boolean default=off versionable |
| 3217 | 3280 | ** |
| 3218 | 3281 | ** When allow-symlinks is OFF, symbolic links in the repository are followed |
| 3219 | 3282 | ** and treated no differently from real files. When allow-symlinks is ON, |
| @@ -3220,11 +3283,11 @@ | ||
| 3220 | 3283 | ** the object to which the symbolic link points is ignored, and the content |
| 3221 | 3284 | ** of the symbolic link that is stored in the repository is the name of the |
| 3222 | 3285 | ** object to which the symbolic link points. |
| 3223 | 3286 | */ |
| 3224 | 3287 | #endif |
| 3225 | -#if !defined(_WIN32) | |
| 3288 | +#if !defined(_WIN32) && defined(FOSSIL_LEGACY_ALLOW_SYMLINKS) | |
| 3226 | 3289 | /* |
| 3227 | 3290 | ** SETTING: allow-symlinks boolean default=on versionable |
| 3228 | 3291 | ** |
| 3229 | 3292 | ** When allow-symlinks is OFF, symbolic links in the repository are followed |
| 3230 | 3293 | ** and treated no differently from real files. When allow-symlinks is ON, |
| 3231 | 3294 |
| --- src/db.c | |
| +++ src/db.c | |
| @@ -123,10 +123,13 @@ | |
| 123 | char *azBeforeCommit[5]; /* Commands to run prior to COMMIT */ |
| 124 | int nBeforeCommit; /* Number of entries in azBeforeCommit */ |
| 125 | int nPriorChanges; /* sqlite3_total_changes() at transaction start */ |
| 126 | const char *zStartFile; /* File in which transaction was started */ |
| 127 | int iStartLine; /* Line of zStartFile where transaction started */ |
| 128 | } db = {0, 0, 0, 0, 0, 0, }; |
| 129 | |
| 130 | /* |
| 131 | ** Arrange for the given file to be deleted on a failure. |
| 132 | */ |
| @@ -307,10 +310,36 @@ | |
| 307 | } |
| 308 | db.aHook[db.nCommitHook].sequence = sequence; |
| 309 | db.aHook[db.nCommitHook].xHook = x; |
| 310 | db.nCommitHook++; |
| 311 | } |
| 312 | |
| 313 | #if INTERFACE |
| 314 | /* |
| 315 | ** Possible flags to db_vprepare |
| 316 | */ |
| @@ -835,34 +864,37 @@ | |
| 835 | void db_init_database( |
| 836 | const char *zFileName, /* Name of database file to create */ |
| 837 | const char *zSchema, /* First part of schema */ |
| 838 | ... /* Additional SQL to run. Terminate with NULL. */ |
| 839 | ){ |
| 840 | sqlite3 *db; |
| 841 | int rc; |
| 842 | const char *zSql; |
| 843 | va_list ap; |
| 844 | |
| 845 | db = db_open(zFileName ? zFileName : ":memory:"); |
| 846 | sqlite3_exec(db, "BEGIN EXCLUSIVE", 0, 0, 0); |
| 847 | rc = sqlite3_exec(db, zSchema, 0, 0, 0); |
| 848 | if( rc!=SQLITE_OK ){ |
| 849 | db_err("%s", sqlite3_errmsg(db)); |
| 850 | } |
| 851 | va_start(ap, zSchema); |
| 852 | while( (zSql = va_arg(ap, const char*))!=0 ){ |
| 853 | rc = sqlite3_exec(db, zSql, 0, 0, 0); |
| 854 | if( rc!=SQLITE_OK ){ |
| 855 | db_err("%s", sqlite3_errmsg(db)); |
| 856 | } |
| 857 | } |
| 858 | va_end(ap); |
| 859 | sqlite3_exec(db, "COMMIT", 0, 0, 0); |
| 860 | if( zFileName || g.db!=0 ){ |
| 861 | sqlite3_close(db); |
| 862 | }else{ |
| 863 | g.db = db; |
| 864 | } |
| 865 | } |
| 866 | |
| 867 | /* |
| 868 | ** Function to return the number of seconds since 1970. This is |
| @@ -1711,11 +1743,11 @@ | |
| 1711 | /* |
| 1712 | ** Returns non-zero if the default value for the "allow-symlinks" setting |
| 1713 | ** is "on". When on Windows, this always returns false. |
| 1714 | */ |
| 1715 | int db_allow_symlinks_by_default(void){ |
| 1716 | #if defined(_WIN32) |
| 1717 | return 0; |
| 1718 | #else |
| 1719 | return 1; |
| 1720 | #endif |
| 1721 | } |
| @@ -2004,10 +2036,11 @@ | |
| 2004 | ** argument is true. Ignore unfinalized statements when false. |
| 2005 | */ |
| 2006 | void db_close(int reportErrors){ |
| 2007 | sqlite3_stmt *pStmt; |
| 2008 | if( g.db==0 ) return; |
| 2009 | if( g.fSqlStats ){ |
| 2010 | int cur, hiwtr; |
| 2011 | sqlite3_db_status(g.db, SQLITE_DBSTATUS_LOOKASIDE_USED, &cur, &hiwtr, 0); |
| 2012 | fprintf(stderr, "-- LOOKASIDE_USED %10d %10d\n", cur, hiwtr); |
| 2013 | sqlite3_db_status(g.db, SQLITE_DBSTATUS_LOOKASIDE_HIT, &cur, &hiwtr, 0); |
| @@ -2033,17 +2066,20 @@ | |
| 2033 | fprintf(stderr, "-- prepared statements %10d\n", db.nPrepare); |
| 2034 | } |
| 2035 | while( db.pAllStmt ){ |
| 2036 | db_finalize(db.pAllStmt); |
| 2037 | } |
| 2038 | if( db.nBegin && reportErrors ){ |
| 2039 | fossil_warning("Transaction started at %s:%d never commits", |
| 2040 | db.zStartFile, db.iStartLine); |
| 2041 | db_end_transaction(1); |
| 2042 | } |
| 2043 | pStmt = 0; |
| 2044 | g.dbIgnoreErrors++; /* Stop "database locked" warnings from PRAGMA optimize */ |
| 2045 | sqlite3_exec(g.db, "PRAGMA optimize", 0, 0, 0); |
| 2046 | g.dbIgnoreErrors--; |
| 2047 | db_close_config(); |
| 2048 | |
| 2049 | /* If the localdb has a lot of unused free space, |
| @@ -2083,10 +2119,11 @@ | |
| 2083 | if( g.db ){ |
| 2084 | int rc; |
| 2085 | sqlite3_wal_checkpoint(g.db, 0); |
| 2086 | rc = sqlite3_close(g.db); |
| 2087 | if( g.fSqlTrace ) fossil_trace("-- sqlite3_close(%d)\n", rc); |
| 2088 | } |
| 2089 | g.db = 0; |
| 2090 | g.repositoryOpen = 0; |
| 2091 | g.localOpen = 0; |
| 2092 | } |
| @@ -2837,17 +2874,19 @@ | |
| 2837 | dflt = 0; |
| 2838 | } |
| 2839 | fossil_free(zVal); |
| 2840 | return dflt; |
| 2841 | } |
| 2842 | int db_get_versioned_boolean(const char *zName, int dflt){ |
| 2843 | char *zVal = db_get_versioned(zName, 0); |
| 2844 | if( zVal==0 ) return dflt; |
| 2845 | if( is_truth(zVal) ) return 1; |
| 2846 | if( is_false(zVal) ) return 0; |
| 2847 | return dflt; |
| 2848 | } |
| 2849 | char *db_lget(const char *zName, const char *zDefault){ |
| 2850 | return db_text(zDefault, |
| 2851 | "SELECT value FROM vvar WHERE name=%Q", zName); |
| 2852 | } |
| 2853 | void db_lset(const char *zName, const char *zValue){ |
| @@ -3025,11 +3064,13 @@ | |
| 3025 | void cmd_open(void){ |
| 3026 | int emptyFlag; |
| 3027 | int keepFlag; |
| 3028 | int forceMissingFlag; |
| 3029 | int allowNested; |
| 3030 | int allowSymlinks; |
| 3031 | int setmtimeFlag; /* --setmtime. Set mtimes on files */ |
| 3032 | static char *azNewArgv[] = { 0, "checkout", "--prompt", 0, 0, 0, 0 }; |
| 3033 | |
| 3034 | url_proxy_options(); |
| 3035 | emptyFlag = find_option("empty",0,0)!=0; |
| @@ -3056,10 +3097,11 @@ | |
| 3056 | }else if( db_exists("SELECT 1 FROM event WHERE type='ci'") ){ |
| 3057 | g.zOpenRevision = db_get("main-branch", 0); |
| 3058 | } |
| 3059 | } |
| 3060 | |
| 3061 | if( g.zOpenRevision ){ |
| 3062 | /* Since the repository is open and we know the revision now, |
| 3063 | ** refresh the allow-symlinks flag. Since neither the local |
| 3064 | ** checkout nor the configuration database are open at this |
| 3065 | ** point, this should always return the versioned setting, |
| @@ -3069,10 +3111,11 @@ | |
| 3069 | ** repository or global configuration databases only. */ |
| 3070 | allowSymlinks = db_get_versioned_boolean("allow-symlinks", -1); |
| 3071 | }else{ |
| 3072 | allowSymlinks = -1; /* Use non-versioned settings only. */ |
| 3073 | } |
| 3074 | |
| 3075 | #if defined(_WIN32) || defined(__CYGWIN__) |
| 3076 | # define LOCALDB_NAME "./_FOSSIL_" |
| 3077 | #else |
| 3078 | # define LOCALDB_NAME "./.fslckout" |
| @@ -3082,10 +3125,11 @@ | |
| 3082 | "COMMIT; PRAGMA journal_mode=WAL; BEGIN;", |
| 3083 | #endif |
| 3084 | (char*)0); |
| 3085 | db_delete_on_failure(LOCALDB_NAME); |
| 3086 | db_open_local(0); |
| 3087 | if( allowSymlinks>=0 ){ |
| 3088 | /* Use the value from the versioned setting, which was read |
| 3089 | ** prior to opening the local checkout (i.e. which is most |
| 3090 | ** likely empty and does not actually contain any versioned |
| 3091 | ** setting files yet). Normally, this value would be given |
| @@ -3098,10 +3142,11 @@ | |
| 3098 | ** point, this will probably be the setting value from the |
| 3099 | ** repository or global configuration databases. */ |
| 3100 | g.allowSymlinks = db_get_boolean("allow-symlinks", |
| 3101 | db_allow_symlinks_by_default()); |
| 3102 | } |
| 3103 | db_lset("repository", g.argv[2]); |
| 3104 | db_record_repository_filename(g.argv[2]); |
| 3105 | db_set_checkout(0); |
| 3106 | azNewArgv[0] = g.argv[0]; |
| 3107 | g.argv = azNewArgv; |
| @@ -3209,11 +3254,29 @@ | |
| 3209 | ** SETTING: admin-log boolean default=off |
| 3210 | ** |
| 3211 | ** When the admin-log setting is enabled, configuration changes are recorded |
| 3212 | ** in the "admin_log" table of the repository. |
| 3213 | */ |
| 3214 | #if defined(_WIN32) |
| 3215 | /* |
| 3216 | ** SETTING: allow-symlinks boolean default=off versionable |
| 3217 | ** |
| 3218 | ** When allow-symlinks is OFF, symbolic links in the repository are followed |
| 3219 | ** and treated no differently from real files. When allow-symlinks is ON, |
| @@ -3220,11 +3283,11 @@ | |
| 3220 | ** the object to which the symbolic link points is ignored, and the content |
| 3221 | ** of the symbolic link that is stored in the repository is the name of the |
| 3222 | ** object to which the symbolic link points. |
| 3223 | */ |
| 3224 | #endif |
| 3225 | #if !defined(_WIN32) |
| 3226 | /* |
| 3227 | ** SETTING: allow-symlinks boolean default=on versionable |
| 3228 | ** |
| 3229 | ** When allow-symlinks is OFF, symbolic links in the repository are followed |
| 3230 | ** and treated no differently from real files. When allow-symlinks is ON, |
| 3231 |
| --- src/db.c | |
| +++ src/db.c | |
| @@ -123,10 +123,13 @@ | |
| 123 | char *azBeforeCommit[5]; /* Commands to run prior to COMMIT */ |
| 124 | int nBeforeCommit; /* Number of entries in azBeforeCommit */ |
| 125 | int nPriorChanges; /* sqlite3_total_changes() at transaction start */ |
| 126 | const char *zStartFile; /* File in which transaction was started */ |
| 127 | int iStartLine; /* Line of zStartFile where transaction started */ |
| 128 | int (*xAuth)(void*,int,const char*,const char*,const char*,const char*); |
| 129 | void *pAuthArg; /* Argument to the authorizer */ |
| 130 | const char *zAuthName; /* Name of the authorizer */ |
| 131 | } db = {0, 0, 0, 0, 0, 0, }; |
| 132 | |
| 133 | /* |
| 134 | ** Arrange for the given file to be deleted on a failure. |
| 135 | */ |
| @@ -307,10 +310,36 @@ | |
| 310 | } |
| 311 | db.aHook[db.nCommitHook].sequence = sequence; |
| 312 | db.aHook[db.nCommitHook].xHook = x; |
| 313 | db.nCommitHook++; |
| 314 | } |
| 315 | |
| 316 | /* |
| 317 | ** Set or unset the query authorizer callback function |
| 318 | */ |
| 319 | void db_set_authorizer( |
| 320 | int(*xAuth)(void*,int,const char*,const char*,const char*,const char*), |
| 321 | void *pArg, |
| 322 | const char *zName /* for tracing */ |
| 323 | ){ |
| 324 | if( db.xAuth ){ |
| 325 | fossil_panic("multiple active db_set_authorizer() calls"); |
| 326 | } |
| 327 | if( g.db ) sqlite3_set_authorizer(g.db, xAuth, pArg); |
| 328 | db.xAuth = xAuth; |
| 329 | db.pAuthArg = pArg; |
| 330 | db.zAuthName = zName; |
| 331 | if( g.fSqlTrace ) fossil_trace("-- set authorizer %s\n", zName); |
| 332 | } |
| 333 | void db_clear_authorizer(void){ |
| 334 | if( db.zAuthName && g.fSqlTrace ){ |
| 335 | fossil_trace("-- discontinue authorizer %s\n", db.zAuthName); |
| 336 | } |
| 337 | if( g.db ) sqlite3_set_authorizer(g.db, 0, 0); |
| 338 | db.xAuth = 0; |
| 339 | db.pAuthArg = 0; |
| 340 | } |
| 341 | |
| 342 | #if INTERFACE |
| 343 | /* |
| 344 | ** Possible flags to db_vprepare |
| 345 | */ |
| @@ -835,34 +864,37 @@ | |
| 864 | void db_init_database( |
| 865 | const char *zFileName, /* Name of database file to create */ |
| 866 | const char *zSchema, /* First part of schema */ |
| 867 | ... /* Additional SQL to run. Terminate with NULL. */ |
| 868 | ){ |
| 869 | sqlite3 *xdb; |
| 870 | int rc; |
| 871 | const char *zSql; |
| 872 | va_list ap; |
| 873 | |
| 874 | xdb = db_open(zFileName ? zFileName : ":memory:"); |
| 875 | sqlite3_exec(xdb, "BEGIN EXCLUSIVE", 0, 0, 0); |
| 876 | if( db.xAuth ){ |
| 877 | sqlite3_set_authorizer(xdb, db.xAuth, db.pAuthArg); |
| 878 | } |
| 879 | rc = sqlite3_exec(xdb, zSchema, 0, 0, 0); |
| 880 | if( rc!=SQLITE_OK ){ |
| 881 | db_err("%s", sqlite3_errmsg(xdb)); |
| 882 | } |
| 883 | va_start(ap, zSchema); |
| 884 | while( (zSql = va_arg(ap, const char*))!=0 ){ |
| 885 | rc = sqlite3_exec(xdb, zSql, 0, 0, 0); |
| 886 | if( rc!=SQLITE_OK ){ |
| 887 | db_err("%s", sqlite3_errmsg(xdb)); |
| 888 | } |
| 889 | } |
| 890 | va_end(ap); |
| 891 | sqlite3_exec(xdb, "COMMIT", 0, 0, 0); |
| 892 | if( zFileName || g.db!=0 ){ |
| 893 | sqlite3_close(xdb); |
| 894 | }else{ |
| 895 | g.db = xdb; |
| 896 | } |
| 897 | } |
| 898 | |
| 899 | /* |
| 900 | ** Function to return the number of seconds since 1970. This is |
| @@ -1711,11 +1743,11 @@ | |
| 1743 | /* |
| 1744 | ** Returns non-zero if the default value for the "allow-symlinks" setting |
| 1745 | ** is "on". When on Windows, this always returns false. |
| 1746 | */ |
| 1747 | int db_allow_symlinks_by_default(void){ |
| 1748 | #if defined(_WIN32) || !defined(FOSSIL_LEGACY_ALLOW_SYMLINKS) |
| 1749 | return 0; |
| 1750 | #else |
| 1751 | return 1; |
| 1752 | #endif |
| 1753 | } |
| @@ -2004,10 +2036,11 @@ | |
| 2036 | ** argument is true. Ignore unfinalized statements when false. |
| 2037 | */ |
| 2038 | void db_close(int reportErrors){ |
| 2039 | sqlite3_stmt *pStmt; |
| 2040 | if( g.db==0 ) return; |
| 2041 | sqlite3_set_authorizer(g.db, 0, 0); |
| 2042 | if( g.fSqlStats ){ |
| 2043 | int cur, hiwtr; |
| 2044 | sqlite3_db_status(g.db, SQLITE_DBSTATUS_LOOKASIDE_USED, &cur, &hiwtr, 0); |
| 2045 | fprintf(stderr, "-- LOOKASIDE_USED %10d %10d\n", cur, hiwtr); |
| 2046 | sqlite3_db_status(g.db, SQLITE_DBSTATUS_LOOKASIDE_HIT, &cur, &hiwtr, 0); |
| @@ -2033,17 +2066,20 @@ | |
| 2066 | fprintf(stderr, "-- prepared statements %10d\n", db.nPrepare); |
| 2067 | } |
| 2068 | while( db.pAllStmt ){ |
| 2069 | db_finalize(db.pAllStmt); |
| 2070 | } |
| 2071 | if( db.nBegin ){ |
| 2072 | if( reportErrors ){ |
| 2073 | fossil_warning("Transaction started at %s:%d never commits", |
| 2074 | db.zStartFile, db.iStartLine); |
| 2075 | } |
| 2076 | db_end_transaction(1); |
| 2077 | } |
| 2078 | pStmt = 0; |
| 2079 | sqlite3_busy_timeout(g.db, 0); |
| 2080 | g.dbIgnoreErrors++; /* Stop "database locked" warnings */ |
| 2081 | sqlite3_exec(g.db, "PRAGMA optimize", 0, 0, 0); |
| 2082 | g.dbIgnoreErrors--; |
| 2083 | db_close_config(); |
| 2084 | |
| 2085 | /* If the localdb has a lot of unused free space, |
| @@ -2083,10 +2119,11 @@ | |
| 2119 | if( g.db ){ |
| 2120 | int rc; |
| 2121 | sqlite3_wal_checkpoint(g.db, 0); |
| 2122 | rc = sqlite3_close(g.db); |
| 2123 | if( g.fSqlTrace ) fossil_trace("-- sqlite3_close(%d)\n", rc); |
| 2124 | db_clear_authorizer(); |
| 2125 | } |
| 2126 | g.db = 0; |
| 2127 | g.repositoryOpen = 0; |
| 2128 | g.localOpen = 0; |
| 2129 | } |
| @@ -2837,17 +2874,19 @@ | |
| 2874 | dflt = 0; |
| 2875 | } |
| 2876 | fossil_free(zVal); |
| 2877 | return dflt; |
| 2878 | } |
| 2879 | #ifdef FOSSIL_LEGACY_ALLOW_SYMLINKS |
| 2880 | int db_get_versioned_boolean(const char *zName, int dflt){ |
| 2881 | char *zVal = db_get_versioned(zName, 0); |
| 2882 | if( zVal==0 ) return dflt; |
| 2883 | if( is_truth(zVal) ) return 1; |
| 2884 | if( is_false(zVal) ) return 0; |
| 2885 | return dflt; |
| 2886 | } |
| 2887 | #endif /* FOSSIL_LEGACY_ALLOW_SYMLINKS */ |
| 2888 | char *db_lget(const char *zName, const char *zDefault){ |
| 2889 | return db_text(zDefault, |
| 2890 | "SELECT value FROM vvar WHERE name=%Q", zName); |
| 2891 | } |
| 2892 | void db_lset(const char *zName, const char *zValue){ |
| @@ -3025,11 +3064,13 @@ | |
| 3064 | void cmd_open(void){ |
| 3065 | int emptyFlag; |
| 3066 | int keepFlag; |
| 3067 | int forceMissingFlag; |
| 3068 | int allowNested; |
| 3069 | #ifdef FOSSIL_LEGACY_ALLOW_SYMLINKS |
| 3070 | int allowSymlinks; |
| 3071 | #endif |
| 3072 | int setmtimeFlag; /* --setmtime. Set mtimes on files */ |
| 3073 | static char *azNewArgv[] = { 0, "checkout", "--prompt", 0, 0, 0, 0 }; |
| 3074 | |
| 3075 | url_proxy_options(); |
| 3076 | emptyFlag = find_option("empty",0,0)!=0; |
| @@ -3056,10 +3097,11 @@ | |
| 3097 | }else if( db_exists("SELECT 1 FROM event WHERE type='ci'") ){ |
| 3098 | g.zOpenRevision = db_get("main-branch", 0); |
| 3099 | } |
| 3100 | } |
| 3101 | |
| 3102 | #ifdef FOSSIL_LEGACY_ALLOW_SYMLINKS |
| 3103 | if( g.zOpenRevision ){ |
| 3104 | /* Since the repository is open and we know the revision now, |
| 3105 | ** refresh the allow-symlinks flag. Since neither the local |
| 3106 | ** checkout nor the configuration database are open at this |
| 3107 | ** point, this should always return the versioned setting, |
| @@ -3069,10 +3111,11 @@ | |
| 3111 | ** repository or global configuration databases only. */ |
| 3112 | allowSymlinks = db_get_versioned_boolean("allow-symlinks", -1); |
| 3113 | }else{ |
| 3114 | allowSymlinks = -1; /* Use non-versioned settings only. */ |
| 3115 | } |
| 3116 | #endif |
| 3117 | |
| 3118 | #if defined(_WIN32) || defined(__CYGWIN__) |
| 3119 | # define LOCALDB_NAME "./_FOSSIL_" |
| 3120 | #else |
| 3121 | # define LOCALDB_NAME "./.fslckout" |
| @@ -3082,10 +3125,11 @@ | |
| 3125 | "COMMIT; PRAGMA journal_mode=WAL; BEGIN;", |
| 3126 | #endif |
| 3127 | (char*)0); |
| 3128 | db_delete_on_failure(LOCALDB_NAME); |
| 3129 | db_open_local(0); |
| 3130 | #ifdef FOSSIL_LEGACY_ALLOW_SYMLINKS |
| 3131 | if( allowSymlinks>=0 ){ |
| 3132 | /* Use the value from the versioned setting, which was read |
| 3133 | ** prior to opening the local checkout (i.e. which is most |
| 3134 | ** likely empty and does not actually contain any versioned |
| 3135 | ** setting files yet). Normally, this value would be given |
| @@ -3098,10 +3142,11 @@ | |
| 3142 | ** point, this will probably be the setting value from the |
| 3143 | ** repository or global configuration databases. */ |
| 3144 | g.allowSymlinks = db_get_boolean("allow-symlinks", |
| 3145 | db_allow_symlinks_by_default()); |
| 3146 | } |
| 3147 | #endif /* FOSSIL_LEGACY_ALLOW_SYMLINKS */ |
| 3148 | db_lset("repository", g.argv[2]); |
| 3149 | db_record_repository_filename(g.argv[2]); |
| 3150 | db_set_checkout(0); |
| 3151 | azNewArgv[0] = g.argv[0]; |
| 3152 | g.argv = azNewArgv; |
| @@ -3209,11 +3254,29 @@ | |
| 3254 | ** SETTING: admin-log boolean default=off |
| 3255 | ** |
| 3256 | ** When the admin-log setting is enabled, configuration changes are recorded |
| 3257 | ** in the "admin_log" table of the repository. |
| 3258 | */ |
| 3259 | #if !defined(FOSSIL_LEGACY_ALLOW_SYMLINKS) |
| 3260 | /* |
| 3261 | ** SETTING: allow-symlinks boolean default=off |
| 3262 | ** |
| 3263 | ** When allow-symlinks is OFF (which is the default and recommended setting) |
| 3264 | ** symbolic links are treated like text files that contain a single line of |
| 3265 | ** content which is the name of their target. If allow-symlinks is ON, |
| 3266 | ** the symbolic links are actually followed. |
| 3267 | ** |
| 3268 | ** The use of symbolic links is dangerous. If you checkout a maliciously |
| 3269 | ** crafted checkin that contains symbolic links, it is possible that files |
| 3270 | ** outside of the working directory might be overwritten. |
| 3271 | ** |
| 3272 | ** Keep this setting OFF unless you have a very good reason to turn it |
| 3273 | ** on and you implicitly trust the integrity of the repositories you |
| 3274 | ** open. |
| 3275 | */ |
| 3276 | #endif |
| 3277 | #if defined(_WIN32) && defined(FOSSIL_LEGACY_ALLOW_SYMLINKS) |
| 3278 | /* |
| 3279 | ** SETTING: allow-symlinks boolean default=off versionable |
| 3280 | ** |
| 3281 | ** When allow-symlinks is OFF, symbolic links in the repository are followed |
| 3282 | ** and treated no differently from real files. When allow-symlinks is ON, |
| @@ -3220,11 +3283,11 @@ | |
| 3283 | ** the object to which the symbolic link points is ignored, and the content |
| 3284 | ** of the symbolic link that is stored in the repository is the name of the |
| 3285 | ** object to which the symbolic link points. |
| 3286 | */ |
| 3287 | #endif |
| 3288 | #if !defined(_WIN32) && defined(FOSSIL_LEGACY_ALLOW_SYMLINKS) |
| 3289 | /* |
| 3290 | ** SETTING: allow-symlinks boolean default=on versionable |
| 3291 | ** |
| 3292 | ** When allow-symlinks is OFF, symbolic links in the repository are followed |
| 3293 | ** and treated no differently from real files. When allow-symlinks is ON, |
| 3294 |
M
src/db.c
+80
-17
| --- src/db.c | ||
| +++ src/db.c | ||
| @@ -123,10 +123,13 @@ | ||
| 123 | 123 | char *azBeforeCommit[5]; /* Commands to run prior to COMMIT */ |
| 124 | 124 | int nBeforeCommit; /* Number of entries in azBeforeCommit */ |
| 125 | 125 | int nPriorChanges; /* sqlite3_total_changes() at transaction start */ |
| 126 | 126 | const char *zStartFile; /* File in which transaction was started */ |
| 127 | 127 | int iStartLine; /* Line of zStartFile where transaction started */ |
| 128 | + int (*xAuth)(void*,int,const char*,const char*,const char*,const char*); | |
| 129 | + void *pAuthArg; /* Argument to the authorizer */ | |
| 130 | + const char *zAuthName; /* Name of the authorizer */ | |
| 128 | 131 | } db = {0, 0, 0, 0, 0, 0, }; |
| 129 | 132 | |
| 130 | 133 | /* |
| 131 | 134 | ** Arrange for the given file to be deleted on a failure. |
| 132 | 135 | */ |
| @@ -307,10 +310,36 @@ | ||
| 307 | 310 | } |
| 308 | 311 | db.aHook[db.nCommitHook].sequence = sequence; |
| 309 | 312 | db.aHook[db.nCommitHook].xHook = x; |
| 310 | 313 | db.nCommitHook++; |
| 311 | 314 | } |
| 315 | + | |
| 316 | +/* | |
| 317 | +** Set or unset the query authorizer callback function | |
| 318 | +*/ | |
| 319 | +void db_set_authorizer( | |
| 320 | + int(*xAuth)(void*,int,const char*,const char*,const char*,const char*), | |
| 321 | + void *pArg, | |
| 322 | + const char *zName /* for tracing */ | |
| 323 | +){ | |
| 324 | + if( db.xAuth ){ | |
| 325 | + fossil_panic("multiple active db_set_authorizer() calls"); | |
| 326 | + } | |
| 327 | + if( g.db ) sqlite3_set_authorizer(g.db, xAuth, pArg); | |
| 328 | + db.xAuth = xAuth; | |
| 329 | + db.pAuthArg = pArg; | |
| 330 | + db.zAuthName = zName; | |
| 331 | + if( g.fSqlTrace ) fossil_trace("-- set authorizer %s\n", zName); | |
| 332 | +} | |
| 333 | +void db_clear_authorizer(void){ | |
| 334 | + if( db.zAuthName && g.fSqlTrace ){ | |
| 335 | + fossil_trace("-- discontinue authorizer %s\n", db.zAuthName); | |
| 336 | + } | |
| 337 | + if( g.db ) sqlite3_set_authorizer(g.db, 0, 0); | |
| 338 | + db.xAuth = 0; | |
| 339 | + db.pAuthArg = 0; | |
| 340 | +} | |
| 312 | 341 | |
| 313 | 342 | #if INTERFACE |
| 314 | 343 | /* |
| 315 | 344 | ** Possible flags to db_vprepare |
| 316 | 345 | */ |
| @@ -835,34 +864,37 @@ | ||
| 835 | 864 | void db_init_database( |
| 836 | 865 | const char *zFileName, /* Name of database file to create */ |
| 837 | 866 | const char *zSchema, /* First part of schema */ |
| 838 | 867 | ... /* Additional SQL to run. Terminate with NULL. */ |
| 839 | 868 | ){ |
| 840 | - sqlite3 *db; | |
| 869 | + sqlite3 *xdb; | |
| 841 | 870 | int rc; |
| 842 | 871 | const char *zSql; |
| 843 | 872 | va_list ap; |
| 844 | 873 | |
| 845 | - db = db_open(zFileName ? zFileName : ":memory:"); | |
| 846 | - sqlite3_exec(db, "BEGIN EXCLUSIVE", 0, 0, 0); | |
| 847 | - rc = sqlite3_exec(db, zSchema, 0, 0, 0); | |
| 874 | + xdb = db_open(zFileName ? zFileName : ":memory:"); | |
| 875 | + sqlite3_exec(xdb, "BEGIN EXCLUSIVE", 0, 0, 0); | |
| 876 | + if( db.xAuth ){ | |
| 877 | + sqlite3_set_authorizer(xdb, db.xAuth, db.pAuthArg); | |
| 878 | + } | |
| 879 | + rc = sqlite3_exec(xdb, zSchema, 0, 0, 0); | |
| 848 | 880 | if( rc!=SQLITE_OK ){ |
| 849 | - db_err("%s", sqlite3_errmsg(db)); | |
| 881 | + db_err("%s", sqlite3_errmsg(xdb)); | |
| 850 | 882 | } |
| 851 | 883 | va_start(ap, zSchema); |
| 852 | 884 | while( (zSql = va_arg(ap, const char*))!=0 ){ |
| 853 | - rc = sqlite3_exec(db, zSql, 0, 0, 0); | |
| 885 | + rc = sqlite3_exec(xdb, zSql, 0, 0, 0); | |
| 854 | 886 | if( rc!=SQLITE_OK ){ |
| 855 | - db_err("%s", sqlite3_errmsg(db)); | |
| 887 | + db_err("%s", sqlite3_errmsg(xdb)); | |
| 856 | 888 | } |
| 857 | 889 | } |
| 858 | 890 | va_end(ap); |
| 859 | - sqlite3_exec(db, "COMMIT", 0, 0, 0); | |
| 891 | + sqlite3_exec(xdb, "COMMIT", 0, 0, 0); | |
| 860 | 892 | if( zFileName || g.db!=0 ){ |
| 861 | - sqlite3_close(db); | |
| 893 | + sqlite3_close(xdb); | |
| 862 | 894 | }else{ |
| 863 | - g.db = db; | |
| 895 | + g.db = xdb; | |
| 864 | 896 | } |
| 865 | 897 | } |
| 866 | 898 | |
| 867 | 899 | /* |
| 868 | 900 | ** Function to return the number of seconds since 1970. This is |
| @@ -1711,11 +1743,11 @@ | ||
| 1711 | 1743 | /* |
| 1712 | 1744 | ** Returns non-zero if the default value for the "allow-symlinks" setting |
| 1713 | 1745 | ** is "on". When on Windows, this always returns false. |
| 1714 | 1746 | */ |
| 1715 | 1747 | int db_allow_symlinks_by_default(void){ |
| 1716 | -#if defined(_WIN32) | |
| 1748 | +#if defined(_WIN32) || !defined(FOSSIL_LEGACY_ALLOW_SYMLINKS) | |
| 1717 | 1749 | return 0; |
| 1718 | 1750 | #else |
| 1719 | 1751 | return 1; |
| 1720 | 1752 | #endif |
| 1721 | 1753 | } |
| @@ -2004,10 +2036,11 @@ | ||
| 2004 | 2036 | ** argument is true. Ignore unfinalized statements when false. |
| 2005 | 2037 | */ |
| 2006 | 2038 | void db_close(int reportErrors){ |
| 2007 | 2039 | sqlite3_stmt *pStmt; |
| 2008 | 2040 | if( g.db==0 ) return; |
| 2041 | + sqlite3_set_authorizer(g.db, 0, 0); | |
| 2009 | 2042 | if( g.fSqlStats ){ |
| 2010 | 2043 | int cur, hiwtr; |
| 2011 | 2044 | sqlite3_db_status(g.db, SQLITE_DBSTATUS_LOOKASIDE_USED, &cur, &hiwtr, 0); |
| 2012 | 2045 | fprintf(stderr, "-- LOOKASIDE_USED %10d %10d\n", cur, hiwtr); |
| 2013 | 2046 | sqlite3_db_status(g.db, SQLITE_DBSTATUS_LOOKASIDE_HIT, &cur, &hiwtr, 0); |
| @@ -2033,17 +2066,20 @@ | ||
| 2033 | 2066 | fprintf(stderr, "-- prepared statements %10d\n", db.nPrepare); |
| 2034 | 2067 | } |
| 2035 | 2068 | while( db.pAllStmt ){ |
| 2036 | 2069 | db_finalize(db.pAllStmt); |
| 2037 | 2070 | } |
| 2038 | - if( db.nBegin && reportErrors ){ | |
| 2039 | - fossil_warning("Transaction started at %s:%d never commits", | |
| 2040 | - db.zStartFile, db.iStartLine); | |
| 2071 | + if( db.nBegin ){ | |
| 2072 | + if( reportErrors ){ | |
| 2073 | + fossil_warning("Transaction started at %s:%d never commits", | |
| 2074 | + db.zStartFile, db.iStartLine); | |
| 2075 | + } | |
| 2041 | 2076 | db_end_transaction(1); |
| 2042 | 2077 | } |
| 2043 | 2078 | pStmt = 0; |
| 2044 | - g.dbIgnoreErrors++; /* Stop "database locked" warnings from PRAGMA optimize */ | |
| 2079 | + sqlite3_busy_timeout(g.db, 0); | |
| 2080 | + g.dbIgnoreErrors++; /* Stop "database locked" warnings */ | |
| 2045 | 2081 | sqlite3_exec(g.db, "PRAGMA optimize", 0, 0, 0); |
| 2046 | 2082 | g.dbIgnoreErrors--; |
| 2047 | 2083 | db_close_config(); |
| 2048 | 2084 | |
| 2049 | 2085 | /* If the localdb has a lot of unused free space, |
| @@ -2083,10 +2119,11 @@ | ||
| 2083 | 2119 | if( g.db ){ |
| 2084 | 2120 | int rc; |
| 2085 | 2121 | sqlite3_wal_checkpoint(g.db, 0); |
| 2086 | 2122 | rc = sqlite3_close(g.db); |
| 2087 | 2123 | if( g.fSqlTrace ) fossil_trace("-- sqlite3_close(%d)\n", rc); |
| 2124 | + db_clear_authorizer(); | |
| 2088 | 2125 | } |
| 2089 | 2126 | g.db = 0; |
| 2090 | 2127 | g.repositoryOpen = 0; |
| 2091 | 2128 | g.localOpen = 0; |
| 2092 | 2129 | } |
| @@ -2837,17 +2874,19 @@ | ||
| 2837 | 2874 | dflt = 0; |
| 2838 | 2875 | } |
| 2839 | 2876 | fossil_free(zVal); |
| 2840 | 2877 | return dflt; |
| 2841 | 2878 | } |
| 2879 | +#ifdef FOSSIL_LEGACY_ALLOW_SYMLINKS | |
| 2842 | 2880 | int db_get_versioned_boolean(const char *zName, int dflt){ |
| 2843 | 2881 | char *zVal = db_get_versioned(zName, 0); |
| 2844 | 2882 | if( zVal==0 ) return dflt; |
| 2845 | 2883 | if( is_truth(zVal) ) return 1; |
| 2846 | 2884 | if( is_false(zVal) ) return 0; |
| 2847 | 2885 | return dflt; |
| 2848 | 2886 | } |
| 2887 | +#endif /* FOSSIL_LEGACY_ALLOW_SYMLINKS */ | |
| 2849 | 2888 | char *db_lget(const char *zName, const char *zDefault){ |
| 2850 | 2889 | return db_text(zDefault, |
| 2851 | 2890 | "SELECT value FROM vvar WHERE name=%Q", zName); |
| 2852 | 2891 | } |
| 2853 | 2892 | void db_lset(const char *zName, const char *zValue){ |
| @@ -3025,11 +3064,13 @@ | ||
| 3025 | 3064 | void cmd_open(void){ |
| 3026 | 3065 | int emptyFlag; |
| 3027 | 3066 | int keepFlag; |
| 3028 | 3067 | int forceMissingFlag; |
| 3029 | 3068 | int allowNested; |
| 3069 | +#ifdef FOSSIL_LEGACY_ALLOW_SYMLINKS | |
| 3030 | 3070 | int allowSymlinks; |
| 3071 | +#endif | |
| 3031 | 3072 | int setmtimeFlag; /* --setmtime. Set mtimes on files */ |
| 3032 | 3073 | static char *azNewArgv[] = { 0, "checkout", "--prompt", 0, 0, 0, 0 }; |
| 3033 | 3074 | |
| 3034 | 3075 | url_proxy_options(); |
| 3035 | 3076 | emptyFlag = find_option("empty",0,0)!=0; |
| @@ -3056,10 +3097,11 @@ | ||
| 3056 | 3097 | }else if( db_exists("SELECT 1 FROM event WHERE type='ci'") ){ |
| 3057 | 3098 | g.zOpenRevision = db_get("main-branch", 0); |
| 3058 | 3099 | } |
| 3059 | 3100 | } |
| 3060 | 3101 | |
| 3102 | +#ifdef FOSSIL_LEGACY_ALLOW_SYMLINKS | |
| 3061 | 3103 | if( g.zOpenRevision ){ |
| 3062 | 3104 | /* Since the repository is open and we know the revision now, |
| 3063 | 3105 | ** refresh the allow-symlinks flag. Since neither the local |
| 3064 | 3106 | ** checkout nor the configuration database are open at this |
| 3065 | 3107 | ** point, this should always return the versioned setting, |
| @@ -3069,10 +3111,11 @@ | ||
| 3069 | 3111 | ** repository or global configuration databases only. */ |
| 3070 | 3112 | allowSymlinks = db_get_versioned_boolean("allow-symlinks", -1); |
| 3071 | 3113 | }else{ |
| 3072 | 3114 | allowSymlinks = -1; /* Use non-versioned settings only. */ |
| 3073 | 3115 | } |
| 3116 | +#endif | |
| 3074 | 3117 | |
| 3075 | 3118 | #if defined(_WIN32) || defined(__CYGWIN__) |
| 3076 | 3119 | # define LOCALDB_NAME "./_FOSSIL_" |
| 3077 | 3120 | #else |
| 3078 | 3121 | # define LOCALDB_NAME "./.fslckout" |
| @@ -3082,10 +3125,11 @@ | ||
| 3082 | 3125 | "COMMIT; PRAGMA journal_mode=WAL; BEGIN;", |
| 3083 | 3126 | #endif |
| 3084 | 3127 | (char*)0); |
| 3085 | 3128 | db_delete_on_failure(LOCALDB_NAME); |
| 3086 | 3129 | db_open_local(0); |
| 3130 | +#ifdef FOSSIL_LEGACY_ALLOW_SYMLINKS | |
| 3087 | 3131 | if( allowSymlinks>=0 ){ |
| 3088 | 3132 | /* Use the value from the versioned setting, which was read |
| 3089 | 3133 | ** prior to opening the local checkout (i.e. which is most |
| 3090 | 3134 | ** likely empty and does not actually contain any versioned |
| 3091 | 3135 | ** setting files yet). Normally, this value would be given |
| @@ -3098,10 +3142,11 @@ | ||
| 3098 | 3142 | ** point, this will probably be the setting value from the |
| 3099 | 3143 | ** repository or global configuration databases. */ |
| 3100 | 3144 | g.allowSymlinks = db_get_boolean("allow-symlinks", |
| 3101 | 3145 | db_allow_symlinks_by_default()); |
| 3102 | 3146 | } |
| 3147 | +#endif /* FOSSIL_LEGACY_ALLOW_SYMLINKS */ | |
| 3103 | 3148 | db_lset("repository", g.argv[2]); |
| 3104 | 3149 | db_record_repository_filename(g.argv[2]); |
| 3105 | 3150 | db_set_checkout(0); |
| 3106 | 3151 | azNewArgv[0] = g.argv[0]; |
| 3107 | 3152 | g.argv = azNewArgv; |
| @@ -3209,11 +3254,29 @@ | ||
| 3209 | 3254 | ** SETTING: admin-log boolean default=off |
| 3210 | 3255 | ** |
| 3211 | 3256 | ** When the admin-log setting is enabled, configuration changes are recorded |
| 3212 | 3257 | ** in the "admin_log" table of the repository. |
| 3213 | 3258 | */ |
| 3214 | -#if defined(_WIN32) | |
| 3259 | +#if !defined(FOSSIL_LEGACY_ALLOW_SYMLINKS) | |
| 3260 | +/* | |
| 3261 | +** SETTING: allow-symlinks boolean default=off | |
| 3262 | +** | |
| 3263 | +** When allow-symlinks is OFF (which is the default and recommended setting) | |
| 3264 | +** symbolic links are treated like text files that contain a single line of | |
| 3265 | +** content which is the name of their target. If allow-symlinks is ON, | |
| 3266 | +** the symbolic links are actually followed. | |
| 3267 | +** | |
| 3268 | +** The use of symbolic links is dangerous. If you checkout a maliciously | |
| 3269 | +** crafted checkin that contains symbolic links, it is possible that files | |
| 3270 | +** outside of the working directory might be overwritten. | |
| 3271 | +** | |
| 3272 | +** Keep this setting OFF unless you have a very good reason to turn it | |
| 3273 | +** on and you implicitly trust the integrity of the repositories you | |
| 3274 | +** open. | |
| 3275 | +*/ | |
| 3276 | +#endif | |
| 3277 | +#if defined(_WIN32) && defined(FOSSIL_LEGACY_ALLOW_SYMLINKS) | |
| 3215 | 3278 | /* |
| 3216 | 3279 | ** SETTING: allow-symlinks boolean default=off versionable |
| 3217 | 3280 | ** |
| 3218 | 3281 | ** When allow-symlinks is OFF, symbolic links in the repository are followed |
| 3219 | 3282 | ** and treated no differently from real files. When allow-symlinks is ON, |
| @@ -3220,11 +3283,11 @@ | ||
| 3220 | 3283 | ** the object to which the symbolic link points is ignored, and the content |
| 3221 | 3284 | ** of the symbolic link that is stored in the repository is the name of the |
| 3222 | 3285 | ** object to which the symbolic link points. |
| 3223 | 3286 | */ |
| 3224 | 3287 | #endif |
| 3225 | -#if !defined(_WIN32) | |
| 3288 | +#if !defined(_WIN32) && defined(FOSSIL_LEGACY_ALLOW_SYMLINKS) | |
| 3226 | 3289 | /* |
| 3227 | 3290 | ** SETTING: allow-symlinks boolean default=on versionable |
| 3228 | 3291 | ** |
| 3229 | 3292 | ** When allow-symlinks is OFF, symbolic links in the repository are followed |
| 3230 | 3293 | ** and treated no differently from real files. When allow-symlinks is ON, |
| 3231 | 3294 |
| --- src/db.c | |
| +++ src/db.c | |
| @@ -123,10 +123,13 @@ | |
| 123 | char *azBeforeCommit[5]; /* Commands to run prior to COMMIT */ |
| 124 | int nBeforeCommit; /* Number of entries in azBeforeCommit */ |
| 125 | int nPriorChanges; /* sqlite3_total_changes() at transaction start */ |
| 126 | const char *zStartFile; /* File in which transaction was started */ |
| 127 | int iStartLine; /* Line of zStartFile where transaction started */ |
| 128 | } db = {0, 0, 0, 0, 0, 0, }; |
| 129 | |
| 130 | /* |
| 131 | ** Arrange for the given file to be deleted on a failure. |
| 132 | */ |
| @@ -307,10 +310,36 @@ | |
| 307 | } |
| 308 | db.aHook[db.nCommitHook].sequence = sequence; |
| 309 | db.aHook[db.nCommitHook].xHook = x; |
| 310 | db.nCommitHook++; |
| 311 | } |
| 312 | |
| 313 | #if INTERFACE |
| 314 | /* |
| 315 | ** Possible flags to db_vprepare |
| 316 | */ |
| @@ -835,34 +864,37 @@ | |
| 835 | void db_init_database( |
| 836 | const char *zFileName, /* Name of database file to create */ |
| 837 | const char *zSchema, /* First part of schema */ |
| 838 | ... /* Additional SQL to run. Terminate with NULL. */ |
| 839 | ){ |
| 840 | sqlite3 *db; |
| 841 | int rc; |
| 842 | const char *zSql; |
| 843 | va_list ap; |
| 844 | |
| 845 | db = db_open(zFileName ? zFileName : ":memory:"); |
| 846 | sqlite3_exec(db, "BEGIN EXCLUSIVE", 0, 0, 0); |
| 847 | rc = sqlite3_exec(db, zSchema, 0, 0, 0); |
| 848 | if( rc!=SQLITE_OK ){ |
| 849 | db_err("%s", sqlite3_errmsg(db)); |
| 850 | } |
| 851 | va_start(ap, zSchema); |
| 852 | while( (zSql = va_arg(ap, const char*))!=0 ){ |
| 853 | rc = sqlite3_exec(db, zSql, 0, 0, 0); |
| 854 | if( rc!=SQLITE_OK ){ |
| 855 | db_err("%s", sqlite3_errmsg(db)); |
| 856 | } |
| 857 | } |
| 858 | va_end(ap); |
| 859 | sqlite3_exec(db, "COMMIT", 0, 0, 0); |
| 860 | if( zFileName || g.db!=0 ){ |
| 861 | sqlite3_close(db); |
| 862 | }else{ |
| 863 | g.db = db; |
| 864 | } |
| 865 | } |
| 866 | |
| 867 | /* |
| 868 | ** Function to return the number of seconds since 1970. This is |
| @@ -1711,11 +1743,11 @@ | |
| 1711 | /* |
| 1712 | ** Returns non-zero if the default value for the "allow-symlinks" setting |
| 1713 | ** is "on". When on Windows, this always returns false. |
| 1714 | */ |
| 1715 | int db_allow_symlinks_by_default(void){ |
| 1716 | #if defined(_WIN32) |
| 1717 | return 0; |
| 1718 | #else |
| 1719 | return 1; |
| 1720 | #endif |
| 1721 | } |
| @@ -2004,10 +2036,11 @@ | |
| 2004 | ** argument is true. Ignore unfinalized statements when false. |
| 2005 | */ |
| 2006 | void db_close(int reportErrors){ |
| 2007 | sqlite3_stmt *pStmt; |
| 2008 | if( g.db==0 ) return; |
| 2009 | if( g.fSqlStats ){ |
| 2010 | int cur, hiwtr; |
| 2011 | sqlite3_db_status(g.db, SQLITE_DBSTATUS_LOOKASIDE_USED, &cur, &hiwtr, 0); |
| 2012 | fprintf(stderr, "-- LOOKASIDE_USED %10d %10d\n", cur, hiwtr); |
| 2013 | sqlite3_db_status(g.db, SQLITE_DBSTATUS_LOOKASIDE_HIT, &cur, &hiwtr, 0); |
| @@ -2033,17 +2066,20 @@ | |
| 2033 | fprintf(stderr, "-- prepared statements %10d\n", db.nPrepare); |
| 2034 | } |
| 2035 | while( db.pAllStmt ){ |
| 2036 | db_finalize(db.pAllStmt); |
| 2037 | } |
| 2038 | if( db.nBegin && reportErrors ){ |
| 2039 | fossil_warning("Transaction started at %s:%d never commits", |
| 2040 | db.zStartFile, db.iStartLine); |
| 2041 | db_end_transaction(1); |
| 2042 | } |
| 2043 | pStmt = 0; |
| 2044 | g.dbIgnoreErrors++; /* Stop "database locked" warnings from PRAGMA optimize */ |
| 2045 | sqlite3_exec(g.db, "PRAGMA optimize", 0, 0, 0); |
| 2046 | g.dbIgnoreErrors--; |
| 2047 | db_close_config(); |
| 2048 | |
| 2049 | /* If the localdb has a lot of unused free space, |
| @@ -2083,10 +2119,11 @@ | |
| 2083 | if( g.db ){ |
| 2084 | int rc; |
| 2085 | sqlite3_wal_checkpoint(g.db, 0); |
| 2086 | rc = sqlite3_close(g.db); |
| 2087 | if( g.fSqlTrace ) fossil_trace("-- sqlite3_close(%d)\n", rc); |
| 2088 | } |
| 2089 | g.db = 0; |
| 2090 | g.repositoryOpen = 0; |
| 2091 | g.localOpen = 0; |
| 2092 | } |
| @@ -2837,17 +2874,19 @@ | |
| 2837 | dflt = 0; |
| 2838 | } |
| 2839 | fossil_free(zVal); |
| 2840 | return dflt; |
| 2841 | } |
| 2842 | int db_get_versioned_boolean(const char *zName, int dflt){ |
| 2843 | char *zVal = db_get_versioned(zName, 0); |
| 2844 | if( zVal==0 ) return dflt; |
| 2845 | if( is_truth(zVal) ) return 1; |
| 2846 | if( is_false(zVal) ) return 0; |
| 2847 | return dflt; |
| 2848 | } |
| 2849 | char *db_lget(const char *zName, const char *zDefault){ |
| 2850 | return db_text(zDefault, |
| 2851 | "SELECT value FROM vvar WHERE name=%Q", zName); |
| 2852 | } |
| 2853 | void db_lset(const char *zName, const char *zValue){ |
| @@ -3025,11 +3064,13 @@ | |
| 3025 | void cmd_open(void){ |
| 3026 | int emptyFlag; |
| 3027 | int keepFlag; |
| 3028 | int forceMissingFlag; |
| 3029 | int allowNested; |
| 3030 | int allowSymlinks; |
| 3031 | int setmtimeFlag; /* --setmtime. Set mtimes on files */ |
| 3032 | static char *azNewArgv[] = { 0, "checkout", "--prompt", 0, 0, 0, 0 }; |
| 3033 | |
| 3034 | url_proxy_options(); |
| 3035 | emptyFlag = find_option("empty",0,0)!=0; |
| @@ -3056,10 +3097,11 @@ | |
| 3056 | }else if( db_exists("SELECT 1 FROM event WHERE type='ci'") ){ |
| 3057 | g.zOpenRevision = db_get("main-branch", 0); |
| 3058 | } |
| 3059 | } |
| 3060 | |
| 3061 | if( g.zOpenRevision ){ |
| 3062 | /* Since the repository is open and we know the revision now, |
| 3063 | ** refresh the allow-symlinks flag. Since neither the local |
| 3064 | ** checkout nor the configuration database are open at this |
| 3065 | ** point, this should always return the versioned setting, |
| @@ -3069,10 +3111,11 @@ | |
| 3069 | ** repository or global configuration databases only. */ |
| 3070 | allowSymlinks = db_get_versioned_boolean("allow-symlinks", -1); |
| 3071 | }else{ |
| 3072 | allowSymlinks = -1; /* Use non-versioned settings only. */ |
| 3073 | } |
| 3074 | |
| 3075 | #if defined(_WIN32) || defined(__CYGWIN__) |
| 3076 | # define LOCALDB_NAME "./_FOSSIL_" |
| 3077 | #else |
| 3078 | # define LOCALDB_NAME "./.fslckout" |
| @@ -3082,10 +3125,11 @@ | |
| 3082 | "COMMIT; PRAGMA journal_mode=WAL; BEGIN;", |
| 3083 | #endif |
| 3084 | (char*)0); |
| 3085 | db_delete_on_failure(LOCALDB_NAME); |
| 3086 | db_open_local(0); |
| 3087 | if( allowSymlinks>=0 ){ |
| 3088 | /* Use the value from the versioned setting, which was read |
| 3089 | ** prior to opening the local checkout (i.e. which is most |
| 3090 | ** likely empty and does not actually contain any versioned |
| 3091 | ** setting files yet). Normally, this value would be given |
| @@ -3098,10 +3142,11 @@ | |
| 3098 | ** point, this will probably be the setting value from the |
| 3099 | ** repository or global configuration databases. */ |
| 3100 | g.allowSymlinks = db_get_boolean("allow-symlinks", |
| 3101 | db_allow_symlinks_by_default()); |
| 3102 | } |
| 3103 | db_lset("repository", g.argv[2]); |
| 3104 | db_record_repository_filename(g.argv[2]); |
| 3105 | db_set_checkout(0); |
| 3106 | azNewArgv[0] = g.argv[0]; |
| 3107 | g.argv = azNewArgv; |
| @@ -3209,11 +3254,29 @@ | |
| 3209 | ** SETTING: admin-log boolean default=off |
| 3210 | ** |
| 3211 | ** When the admin-log setting is enabled, configuration changes are recorded |
| 3212 | ** in the "admin_log" table of the repository. |
| 3213 | */ |
| 3214 | #if defined(_WIN32) |
| 3215 | /* |
| 3216 | ** SETTING: allow-symlinks boolean default=off versionable |
| 3217 | ** |
| 3218 | ** When allow-symlinks is OFF, symbolic links in the repository are followed |
| 3219 | ** and treated no differently from real files. When allow-symlinks is ON, |
| @@ -3220,11 +3283,11 @@ | |
| 3220 | ** the object to which the symbolic link points is ignored, and the content |
| 3221 | ** of the symbolic link that is stored in the repository is the name of the |
| 3222 | ** object to which the symbolic link points. |
| 3223 | */ |
| 3224 | #endif |
| 3225 | #if !defined(_WIN32) |
| 3226 | /* |
| 3227 | ** SETTING: allow-symlinks boolean default=on versionable |
| 3228 | ** |
| 3229 | ** When allow-symlinks is OFF, symbolic links in the repository are followed |
| 3230 | ** and treated no differently from real files. When allow-symlinks is ON, |
| 3231 |
| --- src/db.c | |
| +++ src/db.c | |
| @@ -123,10 +123,13 @@ | |
| 123 | char *azBeforeCommit[5]; /* Commands to run prior to COMMIT */ |
| 124 | int nBeforeCommit; /* Number of entries in azBeforeCommit */ |
| 125 | int nPriorChanges; /* sqlite3_total_changes() at transaction start */ |
| 126 | const char *zStartFile; /* File in which transaction was started */ |
| 127 | int iStartLine; /* Line of zStartFile where transaction started */ |
| 128 | int (*xAuth)(void*,int,const char*,const char*,const char*,const char*); |
| 129 | void *pAuthArg; /* Argument to the authorizer */ |
| 130 | const char *zAuthName; /* Name of the authorizer */ |
| 131 | } db = {0, 0, 0, 0, 0, 0, }; |
| 132 | |
| 133 | /* |
| 134 | ** Arrange for the given file to be deleted on a failure. |
| 135 | */ |
| @@ -307,10 +310,36 @@ | |
| 310 | } |
| 311 | db.aHook[db.nCommitHook].sequence = sequence; |
| 312 | db.aHook[db.nCommitHook].xHook = x; |
| 313 | db.nCommitHook++; |
| 314 | } |
| 315 | |
| 316 | /* |
| 317 | ** Set or unset the query authorizer callback function |
| 318 | */ |
| 319 | void db_set_authorizer( |
| 320 | int(*xAuth)(void*,int,const char*,const char*,const char*,const char*), |
| 321 | void *pArg, |
| 322 | const char *zName /* for tracing */ |
| 323 | ){ |
| 324 | if( db.xAuth ){ |
| 325 | fossil_panic("multiple active db_set_authorizer() calls"); |
| 326 | } |
| 327 | if( g.db ) sqlite3_set_authorizer(g.db, xAuth, pArg); |
| 328 | db.xAuth = xAuth; |
| 329 | db.pAuthArg = pArg; |
| 330 | db.zAuthName = zName; |
| 331 | if( g.fSqlTrace ) fossil_trace("-- set authorizer %s\n", zName); |
| 332 | } |
| 333 | void db_clear_authorizer(void){ |
| 334 | if( db.zAuthName && g.fSqlTrace ){ |
| 335 | fossil_trace("-- discontinue authorizer %s\n", db.zAuthName); |
| 336 | } |
| 337 | if( g.db ) sqlite3_set_authorizer(g.db, 0, 0); |
| 338 | db.xAuth = 0; |
| 339 | db.pAuthArg = 0; |
| 340 | } |
| 341 | |
| 342 | #if INTERFACE |
| 343 | /* |
| 344 | ** Possible flags to db_vprepare |
| 345 | */ |
| @@ -835,34 +864,37 @@ | |
| 864 | void db_init_database( |
| 865 | const char *zFileName, /* Name of database file to create */ |
| 866 | const char *zSchema, /* First part of schema */ |
| 867 | ... /* Additional SQL to run. Terminate with NULL. */ |
| 868 | ){ |
| 869 | sqlite3 *xdb; |
| 870 | int rc; |
| 871 | const char *zSql; |
| 872 | va_list ap; |
| 873 | |
| 874 | xdb = db_open(zFileName ? zFileName : ":memory:"); |
| 875 | sqlite3_exec(xdb, "BEGIN EXCLUSIVE", 0, 0, 0); |
| 876 | if( db.xAuth ){ |
| 877 | sqlite3_set_authorizer(xdb, db.xAuth, db.pAuthArg); |
| 878 | } |
| 879 | rc = sqlite3_exec(xdb, zSchema, 0, 0, 0); |
| 880 | if( rc!=SQLITE_OK ){ |
| 881 | db_err("%s", sqlite3_errmsg(xdb)); |
| 882 | } |
| 883 | va_start(ap, zSchema); |
| 884 | while( (zSql = va_arg(ap, const char*))!=0 ){ |
| 885 | rc = sqlite3_exec(xdb, zSql, 0, 0, 0); |
| 886 | if( rc!=SQLITE_OK ){ |
| 887 | db_err("%s", sqlite3_errmsg(xdb)); |
| 888 | } |
| 889 | } |
| 890 | va_end(ap); |
| 891 | sqlite3_exec(xdb, "COMMIT", 0, 0, 0); |
| 892 | if( zFileName || g.db!=0 ){ |
| 893 | sqlite3_close(xdb); |
| 894 | }else{ |
| 895 | g.db = xdb; |
| 896 | } |
| 897 | } |
| 898 | |
| 899 | /* |
| 900 | ** Function to return the number of seconds since 1970. This is |
| @@ -1711,11 +1743,11 @@ | |
| 1743 | /* |
| 1744 | ** Returns non-zero if the default value for the "allow-symlinks" setting |
| 1745 | ** is "on". When on Windows, this always returns false. |
| 1746 | */ |
| 1747 | int db_allow_symlinks_by_default(void){ |
| 1748 | #if defined(_WIN32) || !defined(FOSSIL_LEGACY_ALLOW_SYMLINKS) |
| 1749 | return 0; |
| 1750 | #else |
| 1751 | return 1; |
| 1752 | #endif |
| 1753 | } |
| @@ -2004,10 +2036,11 @@ | |
| 2036 | ** argument is true. Ignore unfinalized statements when false. |
| 2037 | */ |
| 2038 | void db_close(int reportErrors){ |
| 2039 | sqlite3_stmt *pStmt; |
| 2040 | if( g.db==0 ) return; |
| 2041 | sqlite3_set_authorizer(g.db, 0, 0); |
| 2042 | if( g.fSqlStats ){ |
| 2043 | int cur, hiwtr; |
| 2044 | sqlite3_db_status(g.db, SQLITE_DBSTATUS_LOOKASIDE_USED, &cur, &hiwtr, 0); |
| 2045 | fprintf(stderr, "-- LOOKASIDE_USED %10d %10d\n", cur, hiwtr); |
| 2046 | sqlite3_db_status(g.db, SQLITE_DBSTATUS_LOOKASIDE_HIT, &cur, &hiwtr, 0); |
| @@ -2033,17 +2066,20 @@ | |
| 2066 | fprintf(stderr, "-- prepared statements %10d\n", db.nPrepare); |
| 2067 | } |
| 2068 | while( db.pAllStmt ){ |
| 2069 | db_finalize(db.pAllStmt); |
| 2070 | } |
| 2071 | if( db.nBegin ){ |
| 2072 | if( reportErrors ){ |
| 2073 | fossil_warning("Transaction started at %s:%d never commits", |
| 2074 | db.zStartFile, db.iStartLine); |
| 2075 | } |
| 2076 | db_end_transaction(1); |
| 2077 | } |
| 2078 | pStmt = 0; |
| 2079 | sqlite3_busy_timeout(g.db, 0); |
| 2080 | g.dbIgnoreErrors++; /* Stop "database locked" warnings */ |
| 2081 | sqlite3_exec(g.db, "PRAGMA optimize", 0, 0, 0); |
| 2082 | g.dbIgnoreErrors--; |
| 2083 | db_close_config(); |
| 2084 | |
| 2085 | /* If the localdb has a lot of unused free space, |
| @@ -2083,10 +2119,11 @@ | |
| 2119 | if( g.db ){ |
| 2120 | int rc; |
| 2121 | sqlite3_wal_checkpoint(g.db, 0); |
| 2122 | rc = sqlite3_close(g.db); |
| 2123 | if( g.fSqlTrace ) fossil_trace("-- sqlite3_close(%d)\n", rc); |
| 2124 | db_clear_authorizer(); |
| 2125 | } |
| 2126 | g.db = 0; |
| 2127 | g.repositoryOpen = 0; |
| 2128 | g.localOpen = 0; |
| 2129 | } |
| @@ -2837,17 +2874,19 @@ | |
| 2874 | dflt = 0; |
| 2875 | } |
| 2876 | fossil_free(zVal); |
| 2877 | return dflt; |
| 2878 | } |
| 2879 | #ifdef FOSSIL_LEGACY_ALLOW_SYMLINKS |
| 2880 | int db_get_versioned_boolean(const char *zName, int dflt){ |
| 2881 | char *zVal = db_get_versioned(zName, 0); |
| 2882 | if( zVal==0 ) return dflt; |
| 2883 | if( is_truth(zVal) ) return 1; |
| 2884 | if( is_false(zVal) ) return 0; |
| 2885 | return dflt; |
| 2886 | } |
| 2887 | #endif /* FOSSIL_LEGACY_ALLOW_SYMLINKS */ |
| 2888 | char *db_lget(const char *zName, const char *zDefault){ |
| 2889 | return db_text(zDefault, |
| 2890 | "SELECT value FROM vvar WHERE name=%Q", zName); |
| 2891 | } |
| 2892 | void db_lset(const char *zName, const char *zValue){ |
| @@ -3025,11 +3064,13 @@ | |
| 3064 | void cmd_open(void){ |
| 3065 | int emptyFlag; |
| 3066 | int keepFlag; |
| 3067 | int forceMissingFlag; |
| 3068 | int allowNested; |
| 3069 | #ifdef FOSSIL_LEGACY_ALLOW_SYMLINKS |
| 3070 | int allowSymlinks; |
| 3071 | #endif |
| 3072 | int setmtimeFlag; /* --setmtime. Set mtimes on files */ |
| 3073 | static char *azNewArgv[] = { 0, "checkout", "--prompt", 0, 0, 0, 0 }; |
| 3074 | |
| 3075 | url_proxy_options(); |
| 3076 | emptyFlag = find_option("empty",0,0)!=0; |
| @@ -3056,10 +3097,11 @@ | |
| 3097 | }else if( db_exists("SELECT 1 FROM event WHERE type='ci'") ){ |
| 3098 | g.zOpenRevision = db_get("main-branch", 0); |
| 3099 | } |
| 3100 | } |
| 3101 | |
| 3102 | #ifdef FOSSIL_LEGACY_ALLOW_SYMLINKS |
| 3103 | if( g.zOpenRevision ){ |
| 3104 | /* Since the repository is open and we know the revision now, |
| 3105 | ** refresh the allow-symlinks flag. Since neither the local |
| 3106 | ** checkout nor the configuration database are open at this |
| 3107 | ** point, this should always return the versioned setting, |
| @@ -3069,10 +3111,11 @@ | |
| 3111 | ** repository or global configuration databases only. */ |
| 3112 | allowSymlinks = db_get_versioned_boolean("allow-symlinks", -1); |
| 3113 | }else{ |
| 3114 | allowSymlinks = -1; /* Use non-versioned settings only. */ |
| 3115 | } |
| 3116 | #endif |
| 3117 | |
| 3118 | #if defined(_WIN32) || defined(__CYGWIN__) |
| 3119 | # define LOCALDB_NAME "./_FOSSIL_" |
| 3120 | #else |
| 3121 | # define LOCALDB_NAME "./.fslckout" |
| @@ -3082,10 +3125,11 @@ | |
| 3125 | "COMMIT; PRAGMA journal_mode=WAL; BEGIN;", |
| 3126 | #endif |
| 3127 | (char*)0); |
| 3128 | db_delete_on_failure(LOCALDB_NAME); |
| 3129 | db_open_local(0); |
| 3130 | #ifdef FOSSIL_LEGACY_ALLOW_SYMLINKS |
| 3131 | if( allowSymlinks>=0 ){ |
| 3132 | /* Use the value from the versioned setting, which was read |
| 3133 | ** prior to opening the local checkout (i.e. which is most |
| 3134 | ** likely empty and does not actually contain any versioned |
| 3135 | ** setting files yet). Normally, this value would be given |
| @@ -3098,10 +3142,11 @@ | |
| 3142 | ** point, this will probably be the setting value from the |
| 3143 | ** repository or global configuration databases. */ |
| 3144 | g.allowSymlinks = db_get_boolean("allow-symlinks", |
| 3145 | db_allow_symlinks_by_default()); |
| 3146 | } |
| 3147 | #endif /* FOSSIL_LEGACY_ALLOW_SYMLINKS */ |
| 3148 | db_lset("repository", g.argv[2]); |
| 3149 | db_record_repository_filename(g.argv[2]); |
| 3150 | db_set_checkout(0); |
| 3151 | azNewArgv[0] = g.argv[0]; |
| 3152 | g.argv = azNewArgv; |
| @@ -3209,11 +3254,29 @@ | |
| 3254 | ** SETTING: admin-log boolean default=off |
| 3255 | ** |
| 3256 | ** When the admin-log setting is enabled, configuration changes are recorded |
| 3257 | ** in the "admin_log" table of the repository. |
| 3258 | */ |
| 3259 | #if !defined(FOSSIL_LEGACY_ALLOW_SYMLINKS) |
| 3260 | /* |
| 3261 | ** SETTING: allow-symlinks boolean default=off |
| 3262 | ** |
| 3263 | ** When allow-symlinks is OFF (which is the default and recommended setting) |
| 3264 | ** symbolic links are treated like text files that contain a single line of |
| 3265 | ** content which is the name of their target. If allow-symlinks is ON, |
| 3266 | ** the symbolic links are actually followed. |
| 3267 | ** |
| 3268 | ** The use of symbolic links is dangerous. If you checkout a maliciously |
| 3269 | ** crafted checkin that contains symbolic links, it is possible that files |
| 3270 | ** outside of the working directory might be overwritten. |
| 3271 | ** |
| 3272 | ** Keep this setting OFF unless you have a very good reason to turn it |
| 3273 | ** on and you implicitly trust the integrity of the repositories you |
| 3274 | ** open. |
| 3275 | */ |
| 3276 | #endif |
| 3277 | #if defined(_WIN32) && defined(FOSSIL_LEGACY_ALLOW_SYMLINKS) |
| 3278 | /* |
| 3279 | ** SETTING: allow-symlinks boolean default=off versionable |
| 3280 | ** |
| 3281 | ** When allow-symlinks is OFF, symbolic links in the repository are followed |
| 3282 | ** and treated no differently from real files. When allow-symlinks is ON, |
| @@ -3220,11 +3283,11 @@ | |
| 3283 | ** the object to which the symbolic link points is ignored, and the content |
| 3284 | ** of the symbolic link that is stored in the repository is the name of the |
| 3285 | ** object to which the symbolic link points. |
| 3286 | */ |
| 3287 | #endif |
| 3288 | #if !defined(_WIN32) && defined(FOSSIL_LEGACY_ALLOW_SYMLINKS) |
| 3289 | /* |
| 3290 | ** SETTING: allow-symlinks boolean default=on versionable |
| 3291 | ** |
| 3292 | ** When allow-symlinks is OFF, symbolic links in the repository are followed |
| 3293 | ** and treated no differently from real files. When allow-symlinks is ON, |
| 3294 |
+159
-1
| --- src/file.c | ||
| +++ src/file.c | ||
| @@ -323,10 +323,82 @@ | ||
| 323 | 323 | ** On Windows, always return False. |
| 324 | 324 | */ |
| 325 | 325 | int file_islink(const char *zFilename){ |
| 326 | 326 | return file_perm(zFilename, RepoFILE)==PERM_LNK; |
| 327 | 327 | } |
| 328 | + | |
| 329 | +/* | |
| 330 | +** Check every sub-directory of zRoot along the path to zFile. | |
| 331 | +** If any sub-directory is really an ordinary file or a symbolic link, | |
| 332 | +** return an integer which is the length of the prefix of zFile which | |
| 333 | +** is the name of that object. Return 0 if all no non-directory | |
| 334 | +** objects are found along the path. | |
| 335 | +** | |
| 336 | +** Example: Given inputs | |
| 337 | +** | |
| 338 | +** zRoot = /home/alice/project1 | |
| 339 | +** zFile = /home/alice/project1/main/src/js/fileA.js | |
| 340 | +** | |
| 341 | +** Look for objects in the following order: | |
| 342 | +** | |
| 343 | +** /home/alice/project/main | |
| 344 | +** /home/alice/project/main/src | |
| 345 | +** /home/alice/project/main/src/js | |
| 346 | +** | |
| 347 | +** If any of those objects exist and are something other than a directory | |
| 348 | +** then return the length of the name of the first non-directory object | |
| 349 | +** seen. | |
| 350 | +*/ | |
| 351 | +int file_nondir_objects_on_path(const char *zRoot, const char *zFile){ | |
| 352 | + int i = (int)strlen(zRoot); | |
| 353 | + char *z = fossil_strdup(zFile); | |
| 354 | + assert( fossil_strnicmp(zRoot, z, i)==0 ); | |
| 355 | + if( i && zRoot[i-1]=='/' ) i--; | |
| 356 | + while( z[i]=='/' ){ | |
| 357 | + int j, rc; | |
| 358 | + for(j=i+1; z[j] && z[j]!='/'; j++){} | |
| 359 | + if( z[j]!='/' ) break; | |
| 360 | + z[j] = 0; | |
| 361 | + rc = file_isdir(z, SymFILE); | |
| 362 | + if( rc!=1 ){ | |
| 363 | + if( rc==2 ){ | |
| 364 | + fossil_free(z); | |
| 365 | + return j; | |
| 366 | + } | |
| 367 | + break; | |
| 368 | + } | |
| 369 | + z[j] = '/'; | |
| 370 | + i = j; | |
| 371 | + } | |
| 372 | + fossil_free(z); | |
| 373 | + return 0; | |
| 374 | +} | |
| 375 | + | |
| 376 | +/* | |
| 377 | +** The file named zFile is suppose to be an in-tree file. Check to | |
| 378 | +** ensure that it will be safe to write to this file by verifying that | |
| 379 | +** there are no symlinks or other non-directory objects in between the | |
| 380 | +** root of the checkout and zFile. | |
| 381 | +** | |
| 382 | +** If a problem is found, print a warning message (using fossil_warning()) | |
| 383 | +** and return non-zero. If everything is ok, return zero. | |
| 384 | +*/ | |
| 385 | +int file_unsafe_in_tree_path(const char *zFile){ | |
| 386 | + int n; | |
| 387 | + if( !file_is_absolute_path(zFile) ){ | |
| 388 | + fossil_panic("%s is not an absolute pathname",zFile); | |
| 389 | + } | |
| 390 | + if( fossil_strnicmp(g.zLocalRoot, zFile, (int)strlen(g.zLocalRoot)) ){ | |
| 391 | + fossil_panic("%s is not a prefix of %s", g.zLocalRoot, zFile); | |
| 392 | + } | |
| 393 | + n = file_nondir_objects_on_path(g.zLocalRoot, zFile); | |
| 394 | + if( n ){ | |
| 395 | + fossil_warning("cannot write to %s because non-directory object %.*s" | |
| 396 | + " is in the way", zFile, n, zFile); | |
| 397 | + } | |
| 398 | + return n; | |
| 399 | +} | |
| 328 | 400 | |
| 329 | 401 | /* |
| 330 | 402 | ** Return 1 if zFilename is a directory. Return 0 if zFilename |
| 331 | 403 | ** does not exist. Return 2 if zFilename exists but is something |
| 332 | 404 | ** other than a directory. |
| @@ -570,11 +642,14 @@ | ||
| 570 | 642 | */ |
| 571 | 643 | int file_setexe(const char *zFilename, int onoff){ |
| 572 | 644 | int rc = 0; |
| 573 | 645 | #if !defined(_WIN32) |
| 574 | 646 | struct stat buf; |
| 575 | - if( fossil_stat(zFilename, &buf, RepoFILE)!=0 || S_ISLNK(buf.st_mode) ){ | |
| 647 | + if( fossil_stat(zFilename, &buf, RepoFILE)!=0 | |
| 648 | + || S_ISLNK(buf.st_mode) | |
| 649 | + || S_ISDIR(buf.st_mode) | |
| 650 | + ){ | |
| 576 | 651 | return 0; |
| 577 | 652 | } |
| 578 | 653 | if( onoff ){ |
| 579 | 654 | int targetMode = (buf.st_mode & 0444)>>2; |
| 580 | 655 | if( (buf.st_mode & 0100)==0 ){ |
| @@ -2379,5 +2454,88 @@ | ||
| 2379 | 2454 | changeCount); |
| 2380 | 2455 | }else{ |
| 2381 | 2456 | fossil_print("Touched %d file(s)\n", changeCount); |
| 2382 | 2457 | } |
| 2383 | 2458 | } |
| 2459 | + | |
| 2460 | +/* | |
| 2461 | +** Returns non-zero if the specified file name ends with any reserved name, | |
| 2462 | +** e.g.: _FOSSIL_ or .fslckout. Specifically, it returns 1 for exact match | |
| 2463 | +** or 2 for a tail match on a longer file name. | |
| 2464 | +** | |
| 2465 | +** For the sake of efficiency, zFilename must be a canonical name, e.g. an | |
| 2466 | +** absolute path using only forward slash ('/') as a directory separator. | |
| 2467 | +** | |
| 2468 | +** nFilename must be the length of zFilename. When negative, strlen() will | |
| 2469 | +** be used to calculate it. | |
| 2470 | +*/ | |
| 2471 | +int file_is_reserved_name(const char *zFilename, int nFilename){ | |
| 2472 | + const char *zEnd; /* one-after-the-end of zFilename */ | |
| 2473 | + int gotSuffix = 0; /* length of suffix (-wal, -shm, -journal) */ | |
| 2474 | + | |
| 2475 | + assert( zFilename && "API misuse" ); | |
| 2476 | + if( nFilename<0 ) nFilename = (int)strlen(zFilename); | |
| 2477 | + if( nFilename<8 ) return 0; /* strlen("_FOSSIL_") */ | |
| 2478 | + zEnd = zFilename + nFilename; | |
| 2479 | + if( nFilename>=12 ){ /* strlen("_FOSSIL_-(shm|wal)") */ | |
| 2480 | + /* Check for (-wal, -shm, -journal) suffixes, with an eye towards | |
| 2481 | + ** runtime speed. */ | |
| 2482 | + if( zEnd[-4]=='-' ){ | |
| 2483 | + if( fossil_strnicmp("wal", &zEnd[-3], 3) | |
| 2484 | + && fossil_strnicmp("shm", &zEnd[-3], 3) ){ | |
| 2485 | + return 0; | |
| 2486 | + } | |
| 2487 | + gotSuffix = 4; | |
| 2488 | + }else if( nFilename>=16 && zEnd[-8]=='-' ){ /*strlen(_FOSSIL_-journal) */ | |
| 2489 | + if( fossil_strnicmp("journal", &zEnd[-7], 7) ) return 0; | |
| 2490 | + gotSuffix = 8; | |
| 2491 | + } | |
| 2492 | + if( gotSuffix ){ | |
| 2493 | + assert( 4==gotSuffix || 8==gotSuffix ); | |
| 2494 | + zEnd -= gotSuffix; | |
| 2495 | + nFilename -= gotSuffix; | |
| 2496 | + gotSuffix = 1; | |
| 2497 | + } | |
| 2498 | + assert( nFilename>=8 && "strlen(_FOSSIL_)" ); | |
| 2499 | + assert( gotSuffix==0 || gotSuffix==1 ); | |
| 2500 | + } | |
| 2501 | + switch( zEnd[-1] ){ | |
| 2502 | + case '_':{ | |
| 2503 | + if( fossil_strnicmp("_FOSSIL_", &zEnd[-8], 8) ) return 0; | |
| 2504 | + if( 8==nFilename ) return 1; | |
| 2505 | + return zEnd[-9]=='/' ? 2 : gotSuffix; | |
| 2506 | + } | |
| 2507 | + case 'T': | |
| 2508 | + case 't':{ | |
| 2509 | + if( nFilename<9 || zEnd[-9]!='.' | |
| 2510 | + || fossil_strnicmp(".fslckout", &zEnd[-9], 9) ){ | |
| 2511 | + return 0; | |
| 2512 | + } | |
| 2513 | + if( 9==nFilename ) return 1; | |
| 2514 | + return zEnd[-10]=='/' ? 2 : gotSuffix; | |
| 2515 | + } | |
| 2516 | + default:{ | |
| 2517 | + return 0; | |
| 2518 | + } | |
| 2519 | + } | |
| 2520 | +} | |
| 2521 | + | |
| 2522 | +/* | |
| 2523 | +** COMMAND: test-is-reserved-name | |
| 2524 | +** | |
| 2525 | +** Usage: %fossil test-is-ckout-db FILENAMES... | |
| 2526 | +** | |
| 2527 | +** Passes each given name to file_is_reserved_name() and outputs one | |
| 2528 | +** line per file: the result value of that function followed by the | |
| 2529 | +** name. | |
| 2530 | +*/ | |
| 2531 | +void test_is_reserved_name_cmd(void){ | |
| 2532 | + int i; | |
| 2533 | + | |
| 2534 | + if(g.argc<3){ | |
| 2535 | + usage("FILENAME_1 [...FILENAME_N]"); | |
| 2536 | + } | |
| 2537 | + for( i = 2; i < g.argc; ++i ){ | |
| 2538 | + const int check = file_is_reserved_name(g.argv[i], -1); | |
| 2539 | + fossil_print("%d %s\n", check, g.argv[i]); | |
| 2540 | + } | |
| 2541 | +} | |
| 2384 | 2542 |
| --- src/file.c | |
| +++ src/file.c | |
| @@ -323,10 +323,82 @@ | |
| 323 | ** On Windows, always return False. |
| 324 | */ |
| 325 | int file_islink(const char *zFilename){ |
| 326 | return file_perm(zFilename, RepoFILE)==PERM_LNK; |
| 327 | } |
| 328 | |
| 329 | /* |
| 330 | ** Return 1 if zFilename is a directory. Return 0 if zFilename |
| 331 | ** does not exist. Return 2 if zFilename exists but is something |
| 332 | ** other than a directory. |
| @@ -570,11 +642,14 @@ | |
| 570 | */ |
| 571 | int file_setexe(const char *zFilename, int onoff){ |
| 572 | int rc = 0; |
| 573 | #if !defined(_WIN32) |
| 574 | struct stat buf; |
| 575 | if( fossil_stat(zFilename, &buf, RepoFILE)!=0 || S_ISLNK(buf.st_mode) ){ |
| 576 | return 0; |
| 577 | } |
| 578 | if( onoff ){ |
| 579 | int targetMode = (buf.st_mode & 0444)>>2; |
| 580 | if( (buf.st_mode & 0100)==0 ){ |
| @@ -2379,5 +2454,88 @@ | |
| 2379 | changeCount); |
| 2380 | }else{ |
| 2381 | fossil_print("Touched %d file(s)\n", changeCount); |
| 2382 | } |
| 2383 | } |
| 2384 |
| --- src/file.c | |
| +++ src/file.c | |
| @@ -323,10 +323,82 @@ | |
| 323 | ** On Windows, always return False. |
| 324 | */ |
| 325 | int file_islink(const char *zFilename){ |
| 326 | return file_perm(zFilename, RepoFILE)==PERM_LNK; |
| 327 | } |
| 328 | |
| 329 | /* |
| 330 | ** Check every sub-directory of zRoot along the path to zFile. |
| 331 | ** If any sub-directory is really an ordinary file or a symbolic link, |
| 332 | ** return an integer which is the length of the prefix of zFile which |
| 333 | ** is the name of that object. Return 0 if all no non-directory |
| 334 | ** objects are found along the path. |
| 335 | ** |
| 336 | ** Example: Given inputs |
| 337 | ** |
| 338 | ** zRoot = /home/alice/project1 |
| 339 | ** zFile = /home/alice/project1/main/src/js/fileA.js |
| 340 | ** |
| 341 | ** Look for objects in the following order: |
| 342 | ** |
| 343 | ** /home/alice/project/main |
| 344 | ** /home/alice/project/main/src |
| 345 | ** /home/alice/project/main/src/js |
| 346 | ** |
| 347 | ** If any of those objects exist and are something other than a directory |
| 348 | ** then return the length of the name of the first non-directory object |
| 349 | ** seen. |
| 350 | */ |
| 351 | int file_nondir_objects_on_path(const char *zRoot, const char *zFile){ |
| 352 | int i = (int)strlen(zRoot); |
| 353 | char *z = fossil_strdup(zFile); |
| 354 | assert( fossil_strnicmp(zRoot, z, i)==0 ); |
| 355 | if( i && zRoot[i-1]=='/' ) i--; |
| 356 | while( z[i]=='/' ){ |
| 357 | int j, rc; |
| 358 | for(j=i+1; z[j] && z[j]!='/'; j++){} |
| 359 | if( z[j]!='/' ) break; |
| 360 | z[j] = 0; |
| 361 | rc = file_isdir(z, SymFILE); |
| 362 | if( rc!=1 ){ |
| 363 | if( rc==2 ){ |
| 364 | fossil_free(z); |
| 365 | return j; |
| 366 | } |
| 367 | break; |
| 368 | } |
| 369 | z[j] = '/'; |
| 370 | i = j; |
| 371 | } |
| 372 | fossil_free(z); |
| 373 | return 0; |
| 374 | } |
| 375 | |
| 376 | /* |
| 377 | ** The file named zFile is suppose to be an in-tree file. Check to |
| 378 | ** ensure that it will be safe to write to this file by verifying that |
| 379 | ** there are no symlinks or other non-directory objects in between the |
| 380 | ** root of the checkout and zFile. |
| 381 | ** |
| 382 | ** If a problem is found, print a warning message (using fossil_warning()) |
| 383 | ** and return non-zero. If everything is ok, return zero. |
| 384 | */ |
| 385 | int file_unsafe_in_tree_path(const char *zFile){ |
| 386 | int n; |
| 387 | if( !file_is_absolute_path(zFile) ){ |
| 388 | fossil_panic("%s is not an absolute pathname",zFile); |
| 389 | } |
| 390 | if( fossil_strnicmp(g.zLocalRoot, zFile, (int)strlen(g.zLocalRoot)) ){ |
| 391 | fossil_panic("%s is not a prefix of %s", g.zLocalRoot, zFile); |
| 392 | } |
| 393 | n = file_nondir_objects_on_path(g.zLocalRoot, zFile); |
| 394 | if( n ){ |
| 395 | fossil_warning("cannot write to %s because non-directory object %.*s" |
| 396 | " is in the way", zFile, n, zFile); |
| 397 | } |
| 398 | return n; |
| 399 | } |
| 400 | |
| 401 | /* |
| 402 | ** Return 1 if zFilename is a directory. Return 0 if zFilename |
| 403 | ** does not exist. Return 2 if zFilename exists but is something |
| 404 | ** other than a directory. |
| @@ -570,11 +642,14 @@ | |
| 642 | */ |
| 643 | int file_setexe(const char *zFilename, int onoff){ |
| 644 | int rc = 0; |
| 645 | #if !defined(_WIN32) |
| 646 | struct stat buf; |
| 647 | if( fossil_stat(zFilename, &buf, RepoFILE)!=0 |
| 648 | || S_ISLNK(buf.st_mode) |
| 649 | || S_ISDIR(buf.st_mode) |
| 650 | ){ |
| 651 | return 0; |
| 652 | } |
| 653 | if( onoff ){ |
| 654 | int targetMode = (buf.st_mode & 0444)>>2; |
| 655 | if( (buf.st_mode & 0100)==0 ){ |
| @@ -2379,5 +2454,88 @@ | |
| 2454 | changeCount); |
| 2455 | }else{ |
| 2456 | fossil_print("Touched %d file(s)\n", changeCount); |
| 2457 | } |
| 2458 | } |
| 2459 | |
| 2460 | /* |
| 2461 | ** Returns non-zero if the specified file name ends with any reserved name, |
| 2462 | ** e.g.: _FOSSIL_ or .fslckout. Specifically, it returns 1 for exact match |
| 2463 | ** or 2 for a tail match on a longer file name. |
| 2464 | ** |
| 2465 | ** For the sake of efficiency, zFilename must be a canonical name, e.g. an |
| 2466 | ** absolute path using only forward slash ('/') as a directory separator. |
| 2467 | ** |
| 2468 | ** nFilename must be the length of zFilename. When negative, strlen() will |
| 2469 | ** be used to calculate it. |
| 2470 | */ |
| 2471 | int file_is_reserved_name(const char *zFilename, int nFilename){ |
| 2472 | const char *zEnd; /* one-after-the-end of zFilename */ |
| 2473 | int gotSuffix = 0; /* length of suffix (-wal, -shm, -journal) */ |
| 2474 | |
| 2475 | assert( zFilename && "API misuse" ); |
| 2476 | if( nFilename<0 ) nFilename = (int)strlen(zFilename); |
| 2477 | if( nFilename<8 ) return 0; /* strlen("_FOSSIL_") */ |
| 2478 | zEnd = zFilename + nFilename; |
| 2479 | if( nFilename>=12 ){ /* strlen("_FOSSIL_-(shm|wal)") */ |
| 2480 | /* Check for (-wal, -shm, -journal) suffixes, with an eye towards |
| 2481 | ** runtime speed. */ |
| 2482 | if( zEnd[-4]=='-' ){ |
| 2483 | if( fossil_strnicmp("wal", &zEnd[-3], 3) |
| 2484 | && fossil_strnicmp("shm", &zEnd[-3], 3) ){ |
| 2485 | return 0; |
| 2486 | } |
| 2487 | gotSuffix = 4; |
| 2488 | }else if( nFilename>=16 && zEnd[-8]=='-' ){ /*strlen(_FOSSIL_-journal) */ |
| 2489 | if( fossil_strnicmp("journal", &zEnd[-7], 7) ) return 0; |
| 2490 | gotSuffix = 8; |
| 2491 | } |
| 2492 | if( gotSuffix ){ |
| 2493 | assert( 4==gotSuffix || 8==gotSuffix ); |
| 2494 | zEnd -= gotSuffix; |
| 2495 | nFilename -= gotSuffix; |
| 2496 | gotSuffix = 1; |
| 2497 | } |
| 2498 | assert( nFilename>=8 && "strlen(_FOSSIL_)" ); |
| 2499 | assert( gotSuffix==0 || gotSuffix==1 ); |
| 2500 | } |
| 2501 | switch( zEnd[-1] ){ |
| 2502 | case '_':{ |
| 2503 | if( fossil_strnicmp("_FOSSIL_", &zEnd[-8], 8) ) return 0; |
| 2504 | if( 8==nFilename ) return 1; |
| 2505 | return zEnd[-9]=='/' ? 2 : gotSuffix; |
| 2506 | } |
| 2507 | case 'T': |
| 2508 | case 't':{ |
| 2509 | if( nFilename<9 || zEnd[-9]!='.' |
| 2510 | || fossil_strnicmp(".fslckout", &zEnd[-9], 9) ){ |
| 2511 | return 0; |
| 2512 | } |
| 2513 | if( 9==nFilename ) return 1; |
| 2514 | return zEnd[-10]=='/' ? 2 : gotSuffix; |
| 2515 | } |
| 2516 | default:{ |
| 2517 | return 0; |
| 2518 | } |
| 2519 | } |
| 2520 | } |
| 2521 | |
| 2522 | /* |
| 2523 | ** COMMAND: test-is-reserved-name |
| 2524 | ** |
| 2525 | ** Usage: %fossil test-is-ckout-db FILENAMES... |
| 2526 | ** |
| 2527 | ** Passes each given name to file_is_reserved_name() and outputs one |
| 2528 | ** line per file: the result value of that function followed by the |
| 2529 | ** name. |
| 2530 | */ |
| 2531 | void test_is_reserved_name_cmd(void){ |
| 2532 | int i; |
| 2533 | |
| 2534 | if(g.argc<3){ |
| 2535 | usage("FILENAME_1 [...FILENAME_N]"); |
| 2536 | } |
| 2537 | for( i = 2; i < g.argc; ++i ){ |
| 2538 | const int check = file_is_reserved_name(g.argv[i], -1); |
| 2539 | fossil_print("%d %s\n", check, g.argv[i]); |
| 2540 | } |
| 2541 | } |
| 2542 |
+159
-1
| --- src/file.c | ||
| +++ src/file.c | ||
| @@ -323,10 +323,82 @@ | ||
| 323 | 323 | ** On Windows, always return False. |
| 324 | 324 | */ |
| 325 | 325 | int file_islink(const char *zFilename){ |
| 326 | 326 | return file_perm(zFilename, RepoFILE)==PERM_LNK; |
| 327 | 327 | } |
| 328 | + | |
| 329 | +/* | |
| 330 | +** Check every sub-directory of zRoot along the path to zFile. | |
| 331 | +** If any sub-directory is really an ordinary file or a symbolic link, | |
| 332 | +** return an integer which is the length of the prefix of zFile which | |
| 333 | +** is the name of that object. Return 0 if all no non-directory | |
| 334 | +** objects are found along the path. | |
| 335 | +** | |
| 336 | +** Example: Given inputs | |
| 337 | +** | |
| 338 | +** zRoot = /home/alice/project1 | |
| 339 | +** zFile = /home/alice/project1/main/src/js/fileA.js | |
| 340 | +** | |
| 341 | +** Look for objects in the following order: | |
| 342 | +** | |
| 343 | +** /home/alice/project/main | |
| 344 | +** /home/alice/project/main/src | |
| 345 | +** /home/alice/project/main/src/js | |
| 346 | +** | |
| 347 | +** If any of those objects exist and are something other than a directory | |
| 348 | +** then return the length of the name of the first non-directory object | |
| 349 | +** seen. | |
| 350 | +*/ | |
| 351 | +int file_nondir_objects_on_path(const char *zRoot, const char *zFile){ | |
| 352 | + int i = (int)strlen(zRoot); | |
| 353 | + char *z = fossil_strdup(zFile); | |
| 354 | + assert( fossil_strnicmp(zRoot, z, i)==0 ); | |
| 355 | + if( i && zRoot[i-1]=='/' ) i--; | |
| 356 | + while( z[i]=='/' ){ | |
| 357 | + int j, rc; | |
| 358 | + for(j=i+1; z[j] && z[j]!='/'; j++){} | |
| 359 | + if( z[j]!='/' ) break; | |
| 360 | + z[j] = 0; | |
| 361 | + rc = file_isdir(z, SymFILE); | |
| 362 | + if( rc!=1 ){ | |
| 363 | + if( rc==2 ){ | |
| 364 | + fossil_free(z); | |
| 365 | + return j; | |
| 366 | + } | |
| 367 | + break; | |
| 368 | + } | |
| 369 | + z[j] = '/'; | |
| 370 | + i = j; | |
| 371 | + } | |
| 372 | + fossil_free(z); | |
| 373 | + return 0; | |
| 374 | +} | |
| 375 | + | |
| 376 | +/* | |
| 377 | +** The file named zFile is suppose to be an in-tree file. Check to | |
| 378 | +** ensure that it will be safe to write to this file by verifying that | |
| 379 | +** there are no symlinks or other non-directory objects in between the | |
| 380 | +** root of the checkout and zFile. | |
| 381 | +** | |
| 382 | +** If a problem is found, print a warning message (using fossil_warning()) | |
| 383 | +** and return non-zero. If everything is ok, return zero. | |
| 384 | +*/ | |
| 385 | +int file_unsafe_in_tree_path(const char *zFile){ | |
| 386 | + int n; | |
| 387 | + if( !file_is_absolute_path(zFile) ){ | |
| 388 | + fossil_panic("%s is not an absolute pathname",zFile); | |
| 389 | + } | |
| 390 | + if( fossil_strnicmp(g.zLocalRoot, zFile, (int)strlen(g.zLocalRoot)) ){ | |
| 391 | + fossil_panic("%s is not a prefix of %s", g.zLocalRoot, zFile); | |
| 392 | + } | |
| 393 | + n = file_nondir_objects_on_path(g.zLocalRoot, zFile); | |
| 394 | + if( n ){ | |
| 395 | + fossil_warning("cannot write to %s because non-directory object %.*s" | |
| 396 | + " is in the way", zFile, n, zFile); | |
| 397 | + } | |
| 398 | + return n; | |
| 399 | +} | |
| 328 | 400 | |
| 329 | 401 | /* |
| 330 | 402 | ** Return 1 if zFilename is a directory. Return 0 if zFilename |
| 331 | 403 | ** does not exist. Return 2 if zFilename exists but is something |
| 332 | 404 | ** other than a directory. |
| @@ -570,11 +642,14 @@ | ||
| 570 | 642 | */ |
| 571 | 643 | int file_setexe(const char *zFilename, int onoff){ |
| 572 | 644 | int rc = 0; |
| 573 | 645 | #if !defined(_WIN32) |
| 574 | 646 | struct stat buf; |
| 575 | - if( fossil_stat(zFilename, &buf, RepoFILE)!=0 || S_ISLNK(buf.st_mode) ){ | |
| 647 | + if( fossil_stat(zFilename, &buf, RepoFILE)!=0 | |
| 648 | + || S_ISLNK(buf.st_mode) | |
| 649 | + || S_ISDIR(buf.st_mode) | |
| 650 | + ){ | |
| 576 | 651 | return 0; |
| 577 | 652 | } |
| 578 | 653 | if( onoff ){ |
| 579 | 654 | int targetMode = (buf.st_mode & 0444)>>2; |
| 580 | 655 | if( (buf.st_mode & 0100)==0 ){ |
| @@ -2379,5 +2454,88 @@ | ||
| 2379 | 2454 | changeCount); |
| 2380 | 2455 | }else{ |
| 2381 | 2456 | fossil_print("Touched %d file(s)\n", changeCount); |
| 2382 | 2457 | } |
| 2383 | 2458 | } |
| 2459 | + | |
| 2460 | +/* | |
| 2461 | +** Returns non-zero if the specified file name ends with any reserved name, | |
| 2462 | +** e.g.: _FOSSIL_ or .fslckout. Specifically, it returns 1 for exact match | |
| 2463 | +** or 2 for a tail match on a longer file name. | |
| 2464 | +** | |
| 2465 | +** For the sake of efficiency, zFilename must be a canonical name, e.g. an | |
| 2466 | +** absolute path using only forward slash ('/') as a directory separator. | |
| 2467 | +** | |
| 2468 | +** nFilename must be the length of zFilename. When negative, strlen() will | |
| 2469 | +** be used to calculate it. | |
| 2470 | +*/ | |
| 2471 | +int file_is_reserved_name(const char *zFilename, int nFilename){ | |
| 2472 | + const char *zEnd; /* one-after-the-end of zFilename */ | |
| 2473 | + int gotSuffix = 0; /* length of suffix (-wal, -shm, -journal) */ | |
| 2474 | + | |
| 2475 | + assert( zFilename && "API misuse" ); | |
| 2476 | + if( nFilename<0 ) nFilename = (int)strlen(zFilename); | |
| 2477 | + if( nFilename<8 ) return 0; /* strlen("_FOSSIL_") */ | |
| 2478 | + zEnd = zFilename + nFilename; | |
| 2479 | + if( nFilename>=12 ){ /* strlen("_FOSSIL_-(shm|wal)") */ | |
| 2480 | + /* Check for (-wal, -shm, -journal) suffixes, with an eye towards | |
| 2481 | + ** runtime speed. */ | |
| 2482 | + if( zEnd[-4]=='-' ){ | |
| 2483 | + if( fossil_strnicmp("wal", &zEnd[-3], 3) | |
| 2484 | + && fossil_strnicmp("shm", &zEnd[-3], 3) ){ | |
| 2485 | + return 0; | |
| 2486 | + } | |
| 2487 | + gotSuffix = 4; | |
| 2488 | + }else if( nFilename>=16 && zEnd[-8]=='-' ){ /*strlen(_FOSSIL_-journal) */ | |
| 2489 | + if( fossil_strnicmp("journal", &zEnd[-7], 7) ) return 0; | |
| 2490 | + gotSuffix = 8; | |
| 2491 | + } | |
| 2492 | + if( gotSuffix ){ | |
| 2493 | + assert( 4==gotSuffix || 8==gotSuffix ); | |
| 2494 | + zEnd -= gotSuffix; | |
| 2495 | + nFilename -= gotSuffix; | |
| 2496 | + gotSuffix = 1; | |
| 2497 | + } | |
| 2498 | + assert( nFilename>=8 && "strlen(_FOSSIL_)" ); | |
| 2499 | + assert( gotSuffix==0 || gotSuffix==1 ); | |
| 2500 | + } | |
| 2501 | + switch( zEnd[-1] ){ | |
| 2502 | + case '_':{ | |
| 2503 | + if( fossil_strnicmp("_FOSSIL_", &zEnd[-8], 8) ) return 0; | |
| 2504 | + if( 8==nFilename ) return 1; | |
| 2505 | + return zEnd[-9]=='/' ? 2 : gotSuffix; | |
| 2506 | + } | |
| 2507 | + case 'T': | |
| 2508 | + case 't':{ | |
| 2509 | + if( nFilename<9 || zEnd[-9]!='.' | |
| 2510 | + || fossil_strnicmp(".fslckout", &zEnd[-9], 9) ){ | |
| 2511 | + return 0; | |
| 2512 | + } | |
| 2513 | + if( 9==nFilename ) return 1; | |
| 2514 | + return zEnd[-10]=='/' ? 2 : gotSuffix; | |
| 2515 | + } | |
| 2516 | + default:{ | |
| 2517 | + return 0; | |
| 2518 | + } | |
| 2519 | + } | |
| 2520 | +} | |
| 2521 | + | |
| 2522 | +/* | |
| 2523 | +** COMMAND: test-is-reserved-name | |
| 2524 | +** | |
| 2525 | +** Usage: %fossil test-is-ckout-db FILENAMES... | |
| 2526 | +** | |
| 2527 | +** Passes each given name to file_is_reserved_name() and outputs one | |
| 2528 | +** line per file: the result value of that function followed by the | |
| 2529 | +** name. | |
| 2530 | +*/ | |
| 2531 | +void test_is_reserved_name_cmd(void){ | |
| 2532 | + int i; | |
| 2533 | + | |
| 2534 | + if(g.argc<3){ | |
| 2535 | + usage("FILENAME_1 [...FILENAME_N]"); | |
| 2536 | + } | |
| 2537 | + for( i = 2; i < g.argc; ++i ){ | |
| 2538 | + const int check = file_is_reserved_name(g.argv[i], -1); | |
| 2539 | + fossil_print("%d %s\n", check, g.argv[i]); | |
| 2540 | + } | |
| 2541 | +} | |
| 2384 | 2542 |
| --- src/file.c | |
| +++ src/file.c | |
| @@ -323,10 +323,82 @@ | |
| 323 | ** On Windows, always return False. |
| 324 | */ |
| 325 | int file_islink(const char *zFilename){ |
| 326 | return file_perm(zFilename, RepoFILE)==PERM_LNK; |
| 327 | } |
| 328 | |
| 329 | /* |
| 330 | ** Return 1 if zFilename is a directory. Return 0 if zFilename |
| 331 | ** does not exist. Return 2 if zFilename exists but is something |
| 332 | ** other than a directory. |
| @@ -570,11 +642,14 @@ | |
| 570 | */ |
| 571 | int file_setexe(const char *zFilename, int onoff){ |
| 572 | int rc = 0; |
| 573 | #if !defined(_WIN32) |
| 574 | struct stat buf; |
| 575 | if( fossil_stat(zFilename, &buf, RepoFILE)!=0 || S_ISLNK(buf.st_mode) ){ |
| 576 | return 0; |
| 577 | } |
| 578 | if( onoff ){ |
| 579 | int targetMode = (buf.st_mode & 0444)>>2; |
| 580 | if( (buf.st_mode & 0100)==0 ){ |
| @@ -2379,5 +2454,88 @@ | |
| 2379 | changeCount); |
| 2380 | }else{ |
| 2381 | fossil_print("Touched %d file(s)\n", changeCount); |
| 2382 | } |
| 2383 | } |
| 2384 |
| --- src/file.c | |
| +++ src/file.c | |
| @@ -323,10 +323,82 @@ | |
| 323 | ** On Windows, always return False. |
| 324 | */ |
| 325 | int file_islink(const char *zFilename){ |
| 326 | return file_perm(zFilename, RepoFILE)==PERM_LNK; |
| 327 | } |
| 328 | |
| 329 | /* |
| 330 | ** Check every sub-directory of zRoot along the path to zFile. |
| 331 | ** If any sub-directory is really an ordinary file or a symbolic link, |
| 332 | ** return an integer which is the length of the prefix of zFile which |
| 333 | ** is the name of that object. Return 0 if all no non-directory |
| 334 | ** objects are found along the path. |
| 335 | ** |
| 336 | ** Example: Given inputs |
| 337 | ** |
| 338 | ** zRoot = /home/alice/project1 |
| 339 | ** zFile = /home/alice/project1/main/src/js/fileA.js |
| 340 | ** |
| 341 | ** Look for objects in the following order: |
| 342 | ** |
| 343 | ** /home/alice/project/main |
| 344 | ** /home/alice/project/main/src |
| 345 | ** /home/alice/project/main/src/js |
| 346 | ** |
| 347 | ** If any of those objects exist and are something other than a directory |
| 348 | ** then return the length of the name of the first non-directory object |
| 349 | ** seen. |
| 350 | */ |
| 351 | int file_nondir_objects_on_path(const char *zRoot, const char *zFile){ |
| 352 | int i = (int)strlen(zRoot); |
| 353 | char *z = fossil_strdup(zFile); |
| 354 | assert( fossil_strnicmp(zRoot, z, i)==0 ); |
| 355 | if( i && zRoot[i-1]=='/' ) i--; |
| 356 | while( z[i]=='/' ){ |
| 357 | int j, rc; |
| 358 | for(j=i+1; z[j] && z[j]!='/'; j++){} |
| 359 | if( z[j]!='/' ) break; |
| 360 | z[j] = 0; |
| 361 | rc = file_isdir(z, SymFILE); |
| 362 | if( rc!=1 ){ |
| 363 | if( rc==2 ){ |
| 364 | fossil_free(z); |
| 365 | return j; |
| 366 | } |
| 367 | break; |
| 368 | } |
| 369 | z[j] = '/'; |
| 370 | i = j; |
| 371 | } |
| 372 | fossil_free(z); |
| 373 | return 0; |
| 374 | } |
| 375 | |
| 376 | /* |
| 377 | ** The file named zFile is suppose to be an in-tree file. Check to |
| 378 | ** ensure that it will be safe to write to this file by verifying that |
| 379 | ** there are no symlinks or other non-directory objects in between the |
| 380 | ** root of the checkout and zFile. |
| 381 | ** |
| 382 | ** If a problem is found, print a warning message (using fossil_warning()) |
| 383 | ** and return non-zero. If everything is ok, return zero. |
| 384 | */ |
| 385 | int file_unsafe_in_tree_path(const char *zFile){ |
| 386 | int n; |
| 387 | if( !file_is_absolute_path(zFile) ){ |
| 388 | fossil_panic("%s is not an absolute pathname",zFile); |
| 389 | } |
| 390 | if( fossil_strnicmp(g.zLocalRoot, zFile, (int)strlen(g.zLocalRoot)) ){ |
| 391 | fossil_panic("%s is not a prefix of %s", g.zLocalRoot, zFile); |
| 392 | } |
| 393 | n = file_nondir_objects_on_path(g.zLocalRoot, zFile); |
| 394 | if( n ){ |
| 395 | fossil_warning("cannot write to %s because non-directory object %.*s" |
| 396 | " is in the way", zFile, n, zFile); |
| 397 | } |
| 398 | return n; |
| 399 | } |
| 400 | |
| 401 | /* |
| 402 | ** Return 1 if zFilename is a directory. Return 0 if zFilename |
| 403 | ** does not exist. Return 2 if zFilename exists but is something |
| 404 | ** other than a directory. |
| @@ -570,11 +642,14 @@ | |
| 642 | */ |
| 643 | int file_setexe(const char *zFilename, int onoff){ |
| 644 | int rc = 0; |
| 645 | #if !defined(_WIN32) |
| 646 | struct stat buf; |
| 647 | if( fossil_stat(zFilename, &buf, RepoFILE)!=0 |
| 648 | || S_ISLNK(buf.st_mode) |
| 649 | || S_ISDIR(buf.st_mode) |
| 650 | ){ |
| 651 | return 0; |
| 652 | } |
| 653 | if( onoff ){ |
| 654 | int targetMode = (buf.st_mode & 0444)>>2; |
| 655 | if( (buf.st_mode & 0100)==0 ){ |
| @@ -2379,5 +2454,88 @@ | |
| 2454 | changeCount); |
| 2455 | }else{ |
| 2456 | fossil_print("Touched %d file(s)\n", changeCount); |
| 2457 | } |
| 2458 | } |
| 2459 | |
| 2460 | /* |
| 2461 | ** Returns non-zero if the specified file name ends with any reserved name, |
| 2462 | ** e.g.: _FOSSIL_ or .fslckout. Specifically, it returns 1 for exact match |
| 2463 | ** or 2 for a tail match on a longer file name. |
| 2464 | ** |
| 2465 | ** For the sake of efficiency, zFilename must be a canonical name, e.g. an |
| 2466 | ** absolute path using only forward slash ('/') as a directory separator. |
| 2467 | ** |
| 2468 | ** nFilename must be the length of zFilename. When negative, strlen() will |
| 2469 | ** be used to calculate it. |
| 2470 | */ |
| 2471 | int file_is_reserved_name(const char *zFilename, int nFilename){ |
| 2472 | const char *zEnd; /* one-after-the-end of zFilename */ |
| 2473 | int gotSuffix = 0; /* length of suffix (-wal, -shm, -journal) */ |
| 2474 | |
| 2475 | assert( zFilename && "API misuse" ); |
| 2476 | if( nFilename<0 ) nFilename = (int)strlen(zFilename); |
| 2477 | if( nFilename<8 ) return 0; /* strlen("_FOSSIL_") */ |
| 2478 | zEnd = zFilename + nFilename; |
| 2479 | if( nFilename>=12 ){ /* strlen("_FOSSIL_-(shm|wal)") */ |
| 2480 | /* Check for (-wal, -shm, -journal) suffixes, with an eye towards |
| 2481 | ** runtime speed. */ |
| 2482 | if( zEnd[-4]=='-' ){ |
| 2483 | if( fossil_strnicmp("wal", &zEnd[-3], 3) |
| 2484 | && fossil_strnicmp("shm", &zEnd[-3], 3) ){ |
| 2485 | return 0; |
| 2486 | } |
| 2487 | gotSuffix = 4; |
| 2488 | }else if( nFilename>=16 && zEnd[-8]=='-' ){ /*strlen(_FOSSIL_-journal) */ |
| 2489 | if( fossil_strnicmp("journal", &zEnd[-7], 7) ) return 0; |
| 2490 | gotSuffix = 8; |
| 2491 | } |
| 2492 | if( gotSuffix ){ |
| 2493 | assert( 4==gotSuffix || 8==gotSuffix ); |
| 2494 | zEnd -= gotSuffix; |
| 2495 | nFilename -= gotSuffix; |
| 2496 | gotSuffix = 1; |
| 2497 | } |
| 2498 | assert( nFilename>=8 && "strlen(_FOSSIL_)" ); |
| 2499 | assert( gotSuffix==0 || gotSuffix==1 ); |
| 2500 | } |
| 2501 | switch( zEnd[-1] ){ |
| 2502 | case '_':{ |
| 2503 | if( fossil_strnicmp("_FOSSIL_", &zEnd[-8], 8) ) return 0; |
| 2504 | if( 8==nFilename ) return 1; |
| 2505 | return zEnd[-9]=='/' ? 2 : gotSuffix; |
| 2506 | } |
| 2507 | case 'T': |
| 2508 | case 't':{ |
| 2509 | if( nFilename<9 || zEnd[-9]!='.' |
| 2510 | || fossil_strnicmp(".fslckout", &zEnd[-9], 9) ){ |
| 2511 | return 0; |
| 2512 | } |
| 2513 | if( 9==nFilename ) return 1; |
| 2514 | return zEnd[-10]=='/' ? 2 : gotSuffix; |
| 2515 | } |
| 2516 | default:{ |
| 2517 | return 0; |
| 2518 | } |
| 2519 | } |
| 2520 | } |
| 2521 | |
| 2522 | /* |
| 2523 | ** COMMAND: test-is-reserved-name |
| 2524 | ** |
| 2525 | ** Usage: %fossil test-is-ckout-db FILENAMES... |
| 2526 | ** |
| 2527 | ** Passes each given name to file_is_reserved_name() and outputs one |
| 2528 | ** line per file: the result value of that function followed by the |
| 2529 | ** name. |
| 2530 | */ |
| 2531 | void test_is_reserved_name_cmd(void){ |
| 2532 | int i; |
| 2533 | |
| 2534 | if(g.argc<3){ |
| 2535 | usage("FILENAME_1 [...FILENAME_N]"); |
| 2536 | } |
| 2537 | for( i = 2; i < g.argc; ++i ){ |
| 2538 | const int check = file_is_reserved_name(g.argv[i], -1); |
| 2539 | fossil_print("%d %s\n", check, g.argv[i]); |
| 2540 | } |
| 2541 | } |
| 2542 |
+10
-1
| --- src/http.c | ||
| +++ src/http.c | ||
| @@ -375,17 +375,26 @@ | ||
| 375 | 375 | j -= 4; |
| 376 | 376 | zLine[j] = 0; |
| 377 | 377 | } |
| 378 | 378 | if( (mHttpFlags & HTTP_QUIET)==0 ){ |
| 379 | 379 | fossil_print("redirect with status %d to %s\n", rc, &zLine[i]); |
| 380 | + } | |
| 381 | + if( g.url.isFile || g.url.isSsh ){ | |
| 382 | + fossil_warning("cannot redirect from %s to %s", g.url.canonical, | |
| 383 | + &zLine[i]); | |
| 384 | + goto write_err; | |
| 380 | 385 | } |
| 381 | 386 | wasHttps = g.url.isHttps; |
| 382 | 387 | url_parse(&zLine[i], 0); |
| 383 | 388 | if( wasHttps && !g.url.isHttps ){ |
| 384 | 389 | fossil_warning("cannot redirect from HTTPS to HTTP"); |
| 385 | 390 | goto write_err; |
| 386 | - } | |
| 391 | + } | |
| 392 | + if( g.url.isSsh || g.url.isFile ){ | |
| 393 | + fossil_warning("cannot redirect to %s", &zLine[i]); | |
| 394 | + goto write_err; | |
| 395 | + } | |
| 387 | 396 | transport_close(&g.url); |
| 388 | 397 | transport_global_shutdown(&g.url); |
| 389 | 398 | fSeenHttpAuth = 0; |
| 390 | 399 | if( g.zHttpAuth ) free(g.zHttpAuth); |
| 391 | 400 | g.zHttpAuth = get_httpauth(); |
| 392 | 401 |
| --- src/http.c | |
| +++ src/http.c | |
| @@ -375,17 +375,26 @@ | |
| 375 | j -= 4; |
| 376 | zLine[j] = 0; |
| 377 | } |
| 378 | if( (mHttpFlags & HTTP_QUIET)==0 ){ |
| 379 | fossil_print("redirect with status %d to %s\n", rc, &zLine[i]); |
| 380 | } |
| 381 | wasHttps = g.url.isHttps; |
| 382 | url_parse(&zLine[i], 0); |
| 383 | if( wasHttps && !g.url.isHttps ){ |
| 384 | fossil_warning("cannot redirect from HTTPS to HTTP"); |
| 385 | goto write_err; |
| 386 | } |
| 387 | transport_close(&g.url); |
| 388 | transport_global_shutdown(&g.url); |
| 389 | fSeenHttpAuth = 0; |
| 390 | if( g.zHttpAuth ) free(g.zHttpAuth); |
| 391 | g.zHttpAuth = get_httpauth(); |
| 392 |
| --- src/http.c | |
| +++ src/http.c | |
| @@ -375,17 +375,26 @@ | |
| 375 | j -= 4; |
| 376 | zLine[j] = 0; |
| 377 | } |
| 378 | if( (mHttpFlags & HTTP_QUIET)==0 ){ |
| 379 | fossil_print("redirect with status %d to %s\n", rc, &zLine[i]); |
| 380 | } |
| 381 | if( g.url.isFile || g.url.isSsh ){ |
| 382 | fossil_warning("cannot redirect from %s to %s", g.url.canonical, |
| 383 | &zLine[i]); |
| 384 | goto write_err; |
| 385 | } |
| 386 | wasHttps = g.url.isHttps; |
| 387 | url_parse(&zLine[i], 0); |
| 388 | if( wasHttps && !g.url.isHttps ){ |
| 389 | fossil_warning("cannot redirect from HTTPS to HTTP"); |
| 390 | goto write_err; |
| 391 | } |
| 392 | if( g.url.isSsh || g.url.isFile ){ |
| 393 | fossil_warning("cannot redirect to %s", &zLine[i]); |
| 394 | goto write_err; |
| 395 | } |
| 396 | transport_close(&g.url); |
| 397 | transport_global_shutdown(&g.url); |
| 398 | fSeenHttpAuth = 0; |
| 399 | if( g.zHttpAuth ) free(g.zHttpAuth); |
| 400 | g.zHttpAuth = get_httpauth(); |
| 401 |
+2
| --- src/json_config.c | ||
| +++ src/json_config.c | ||
| @@ -81,11 +81,13 @@ | ||
| 81 | 81 | { "keep-glob", CONFIGSET_PROJ }, |
| 82 | 82 | { "crlf-glob", CONFIGSET_PROJ }, |
| 83 | 83 | { "crnl-glob", CONFIGSET_PROJ }, |
| 84 | 84 | { "encoding-glob", CONFIGSET_PROJ }, |
| 85 | 85 | { "empty-dirs", CONFIGSET_PROJ }, |
| 86 | +#ifdef FOSSIL_LEGACY_ALLOW_SYMLINKS | |
| 86 | 87 | { "allow-symlinks", CONFIGSET_PROJ }, |
| 88 | +#endif | |
| 87 | 89 | { "dotfiles", CONFIGSET_PROJ }, |
| 88 | 90 | |
| 89 | 91 | { "ticket-table", CONFIGSET_TKT }, |
| 90 | 92 | { "ticket-common", CONFIGSET_TKT }, |
| 91 | 93 | { "ticket-change", CONFIGSET_TKT }, |
| 92 | 94 |
| --- src/json_config.c | |
| +++ src/json_config.c | |
| @@ -81,11 +81,13 @@ | |
| 81 | { "keep-glob", CONFIGSET_PROJ }, |
| 82 | { "crlf-glob", CONFIGSET_PROJ }, |
| 83 | { "crnl-glob", CONFIGSET_PROJ }, |
| 84 | { "encoding-glob", CONFIGSET_PROJ }, |
| 85 | { "empty-dirs", CONFIGSET_PROJ }, |
| 86 | { "allow-symlinks", CONFIGSET_PROJ }, |
| 87 | { "dotfiles", CONFIGSET_PROJ }, |
| 88 | |
| 89 | { "ticket-table", CONFIGSET_TKT }, |
| 90 | { "ticket-common", CONFIGSET_TKT }, |
| 91 | { "ticket-change", CONFIGSET_TKT }, |
| 92 |
| --- src/json_config.c | |
| +++ src/json_config.c | |
| @@ -81,11 +81,13 @@ | |
| 81 | { "keep-glob", CONFIGSET_PROJ }, |
| 82 | { "crlf-glob", CONFIGSET_PROJ }, |
| 83 | { "crnl-glob", CONFIGSET_PROJ }, |
| 84 | { "encoding-glob", CONFIGSET_PROJ }, |
| 85 | { "empty-dirs", CONFIGSET_PROJ }, |
| 86 | #ifdef FOSSIL_LEGACY_ALLOW_SYMLINKS |
| 87 | { "allow-symlinks", CONFIGSET_PROJ }, |
| 88 | #endif |
| 89 | { "dotfiles", CONFIGSET_PROJ }, |
| 90 | |
| 91 | { "ticket-table", CONFIGSET_TKT }, |
| 92 | { "ticket-common", CONFIGSET_TKT }, |
| 93 | { "ticket-change", CONFIGSET_TKT }, |
| 94 |
+2
| --- src/json_config.c | ||
| +++ src/json_config.c | ||
| @@ -81,11 +81,13 @@ | ||
| 81 | 81 | { "keep-glob", CONFIGSET_PROJ }, |
| 82 | 82 | { "crlf-glob", CONFIGSET_PROJ }, |
| 83 | 83 | { "crnl-glob", CONFIGSET_PROJ }, |
| 84 | 84 | { "encoding-glob", CONFIGSET_PROJ }, |
| 85 | 85 | { "empty-dirs", CONFIGSET_PROJ }, |
| 86 | +#ifdef FOSSIL_LEGACY_ALLOW_SYMLINKS | |
| 86 | 87 | { "allow-symlinks", CONFIGSET_PROJ }, |
| 88 | +#endif | |
| 87 | 89 | { "dotfiles", CONFIGSET_PROJ }, |
| 88 | 90 | |
| 89 | 91 | { "ticket-table", CONFIGSET_TKT }, |
| 90 | 92 | { "ticket-common", CONFIGSET_TKT }, |
| 91 | 93 | { "ticket-change", CONFIGSET_TKT }, |
| 92 | 94 |
| --- src/json_config.c | |
| +++ src/json_config.c | |
| @@ -81,11 +81,13 @@ | |
| 81 | { "keep-glob", CONFIGSET_PROJ }, |
| 82 | { "crlf-glob", CONFIGSET_PROJ }, |
| 83 | { "crnl-glob", CONFIGSET_PROJ }, |
| 84 | { "encoding-glob", CONFIGSET_PROJ }, |
| 85 | { "empty-dirs", CONFIGSET_PROJ }, |
| 86 | { "allow-symlinks", CONFIGSET_PROJ }, |
| 87 | { "dotfiles", CONFIGSET_PROJ }, |
| 88 | |
| 89 | { "ticket-table", CONFIGSET_TKT }, |
| 90 | { "ticket-common", CONFIGSET_TKT }, |
| 91 | { "ticket-change", CONFIGSET_TKT }, |
| 92 |
| --- src/json_config.c | |
| +++ src/json_config.c | |
| @@ -81,11 +81,13 @@ | |
| 81 | { "keep-glob", CONFIGSET_PROJ }, |
| 82 | { "crlf-glob", CONFIGSET_PROJ }, |
| 83 | { "crnl-glob", CONFIGSET_PROJ }, |
| 84 | { "encoding-glob", CONFIGSET_PROJ }, |
| 85 | { "empty-dirs", CONFIGSET_PROJ }, |
| 86 | #ifdef FOSSIL_LEGACY_ALLOW_SYMLINKS |
| 87 | { "allow-symlinks", CONFIGSET_PROJ }, |
| 88 | #endif |
| 89 | { "dotfiles", CONFIGSET_PROJ }, |
| 90 | |
| 91 | { "ticket-table", CONFIGSET_TKT }, |
| 92 | { "ticket-common", CONFIGSET_TKT }, |
| 93 | { "ticket-change", CONFIGSET_TKT }, |
| 94 |
+3
| --- src/main.c | ||
| +++ src/main.c | ||
| @@ -1198,10 +1198,13 @@ | ||
| 1198 | 1198 | #if defined(FOSSIL_DYNAMIC_BUILD) |
| 1199 | 1199 | blob_append(pOut, "FOSSIL_DYNAMIC_BUILD\n", -1); |
| 1200 | 1200 | #else |
| 1201 | 1201 | blob_append(pOut, "FOSSIL_STATIC_BUILD\n", -1); |
| 1202 | 1202 | #endif |
| 1203 | +#if defined(FOSSIL_LEGACY_ALLOW_SYMLINKS) | |
| 1204 | + blob_append(pOut, "FOSSIL_LEGACY_ALLOW_SYMLINKS\n", -1); | |
| 1205 | +#endif | |
| 1203 | 1206 | #if defined(HAVE_PLEDGE) |
| 1204 | 1207 | blob_append(pOut, "HAVE_PLEDGE\n", -1); |
| 1205 | 1208 | #endif |
| 1206 | 1209 | #if defined(USE_MMAN_H) |
| 1207 | 1210 | blob_append(pOut, "USE_MMAN_H\n", -1); |
| 1208 | 1211 |
| --- src/main.c | |
| +++ src/main.c | |
| @@ -1198,10 +1198,13 @@ | |
| 1198 | #if defined(FOSSIL_DYNAMIC_BUILD) |
| 1199 | blob_append(pOut, "FOSSIL_DYNAMIC_BUILD\n", -1); |
| 1200 | #else |
| 1201 | blob_append(pOut, "FOSSIL_STATIC_BUILD\n", -1); |
| 1202 | #endif |
| 1203 | #if defined(HAVE_PLEDGE) |
| 1204 | blob_append(pOut, "HAVE_PLEDGE\n", -1); |
| 1205 | #endif |
| 1206 | #if defined(USE_MMAN_H) |
| 1207 | blob_append(pOut, "USE_MMAN_H\n", -1); |
| 1208 |
| --- src/main.c | |
| +++ src/main.c | |
| @@ -1198,10 +1198,13 @@ | |
| 1198 | #if defined(FOSSIL_DYNAMIC_BUILD) |
| 1199 | blob_append(pOut, "FOSSIL_DYNAMIC_BUILD\n", -1); |
| 1200 | #else |
| 1201 | blob_append(pOut, "FOSSIL_STATIC_BUILD\n", -1); |
| 1202 | #endif |
| 1203 | #if defined(FOSSIL_LEGACY_ALLOW_SYMLINKS) |
| 1204 | blob_append(pOut, "FOSSIL_LEGACY_ALLOW_SYMLINKS\n", -1); |
| 1205 | #endif |
| 1206 | #if defined(HAVE_PLEDGE) |
| 1207 | blob_append(pOut, "HAVE_PLEDGE\n", -1); |
| 1208 | #endif |
| 1209 | #if defined(USE_MMAN_H) |
| 1210 | blob_append(pOut, "USE_MMAN_H\n", -1); |
| 1211 |
+3
| --- src/main.c | ||
| +++ src/main.c | ||
| @@ -1198,10 +1198,13 @@ | ||
| 1198 | 1198 | #if defined(FOSSIL_DYNAMIC_BUILD) |
| 1199 | 1199 | blob_append(pOut, "FOSSIL_DYNAMIC_BUILD\n", -1); |
| 1200 | 1200 | #else |
| 1201 | 1201 | blob_append(pOut, "FOSSIL_STATIC_BUILD\n", -1); |
| 1202 | 1202 | #endif |
| 1203 | +#if defined(FOSSIL_LEGACY_ALLOW_SYMLINKS) | |
| 1204 | + blob_append(pOut, "FOSSIL_LEGACY_ALLOW_SYMLINKS\n", -1); | |
| 1205 | +#endif | |
| 1203 | 1206 | #if defined(HAVE_PLEDGE) |
| 1204 | 1207 | blob_append(pOut, "HAVE_PLEDGE\n", -1); |
| 1205 | 1208 | #endif |
| 1206 | 1209 | #if defined(USE_MMAN_H) |
| 1207 | 1210 | blob_append(pOut, "USE_MMAN_H\n", -1); |
| 1208 | 1211 |
| --- src/main.c | |
| +++ src/main.c | |
| @@ -1198,10 +1198,13 @@ | |
| 1198 | #if defined(FOSSIL_DYNAMIC_BUILD) |
| 1199 | blob_append(pOut, "FOSSIL_DYNAMIC_BUILD\n", -1); |
| 1200 | #else |
| 1201 | blob_append(pOut, "FOSSIL_STATIC_BUILD\n", -1); |
| 1202 | #endif |
| 1203 | #if defined(HAVE_PLEDGE) |
| 1204 | blob_append(pOut, "HAVE_PLEDGE\n", -1); |
| 1205 | #endif |
| 1206 | #if defined(USE_MMAN_H) |
| 1207 | blob_append(pOut, "USE_MMAN_H\n", -1); |
| 1208 |
| --- src/main.c | |
| +++ src/main.c | |
| @@ -1198,10 +1198,13 @@ | |
| 1198 | #if defined(FOSSIL_DYNAMIC_BUILD) |
| 1199 | blob_append(pOut, "FOSSIL_DYNAMIC_BUILD\n", -1); |
| 1200 | #else |
| 1201 | blob_append(pOut, "FOSSIL_STATIC_BUILD\n", -1); |
| 1202 | #endif |
| 1203 | #if defined(FOSSIL_LEGACY_ALLOW_SYMLINKS) |
| 1204 | blob_append(pOut, "FOSSIL_LEGACY_ALLOW_SYMLINKS\n", -1); |
| 1205 | #endif |
| 1206 | #if defined(HAVE_PLEDGE) |
| 1207 | blob_append(pOut, "HAVE_PLEDGE\n", -1); |
| 1208 | #endif |
| 1209 | #if defined(USE_MMAN_H) |
| 1210 | blob_append(pOut, "USE_MMAN_H\n", -1); |
| 1211 |
+21
-3
| --- src/manifest.c | ||
| +++ src/manifest.c | ||
| @@ -481,14 +481,23 @@ | ||
| 481 | 481 | blob_appendf(pErr, "line 1 not recognized"); |
| 482 | 482 | return 0; |
| 483 | 483 | } |
| 484 | 484 | /* Then verify the Z-card. |
| 485 | 485 | */ |
| 486 | +#if 1 | |
| 487 | + /* Disable this ***ONLY*** (ONLY!) when testing hand-written inputs | |
| 488 | + for card-related syntax errors. */ | |
| 486 | 489 | if( verify_z_card(z, n, pErr)==2 ){ |
| 487 | 490 | blob_reset(pContent); |
| 488 | 491 | return 0; |
| 489 | 492 | } |
| 493 | +#else | |
| 494 | +#warning ACHTUNG - z-card check is disabled for testing purposes. | |
| 495 | + if(0 && verify_z_card(NULL, 0, NULL)){ | |
| 496 | + /*avoid unused static func error*/ | |
| 497 | + } | |
| 498 | +#endif | |
| 490 | 499 | |
| 491 | 500 | /* Allocate a Manifest object to hold the parsed control artifact. |
| 492 | 501 | */ |
| 493 | 502 | p = fossil_malloc( sizeof(*p) ); |
| 494 | 503 | memset(p, 0, sizeof(*p)); |
| @@ -601,10 +610,11 @@ | ||
| 601 | 610 | case 'E': { |
| 602 | 611 | if( p->rEventDate>0.0 ) SYNTAX("more than one E-card"); |
| 603 | 612 | p->rEventDate = db_double(0.0,"SELECT julianday(%Q)", next_token(&x,0)); |
| 604 | 613 | if( p->rEventDate<=0.0 ) SYNTAX("malformed date on E-card"); |
| 605 | 614 | p->zEventId = next_token(&x, &sz); |
| 615 | + if( p->zEventId==0 ) SYNTAX("missing hash on E-card"); | |
| 606 | 616 | if( !hname_validate(p->zEventId, sz) ){ |
| 607 | 617 | SYNTAX("malformed hash on E-card"); |
| 608 | 618 | } |
| 609 | 619 | p->type = CFTYPE_EVENT; |
| 610 | 620 | break; |
| @@ -625,10 +635,11 @@ | ||
| 625 | 635 | if( !file_is_simple_pathname_nonstrict(zName) ){ |
| 626 | 636 | SYNTAX("F-card filename is not a simple path"); |
| 627 | 637 | } |
| 628 | 638 | zUuid = next_token(&x, &sz); |
| 629 | 639 | if( p->zBaseline==0 || zUuid!=0 ){ |
| 640 | + if( zUuid==0 ) SYNTAX("missing hash on F-card"); | |
| 630 | 641 | if( !hname_validate(zUuid,sz) ){ |
| 631 | 642 | SYNTAX("F-card hash invalid"); |
| 632 | 643 | } |
| 633 | 644 | } |
| 634 | 645 | zPerm = next_token(&x,0); |
| @@ -643,17 +654,24 @@ | ||
| 643 | 654 | p->nFileAlloc = p->nFileAlloc*2 + 10; |
| 644 | 655 | p->aFile = fossil_realloc(p->aFile, |
| 645 | 656 | p->nFileAlloc*sizeof(p->aFile[0]) ); |
| 646 | 657 | } |
| 647 | 658 | i = p->nFile++; |
| 659 | + if( i>0 && fossil_strcmp(p->aFile[i-1].zName, zName)>=0 ){ | |
| 660 | + SYNTAX("incorrect F-card sort order"); | |
| 661 | + } | |
| 662 | + if( file_is_reserved_name(zName,-1) ){ | |
| 663 | + /* If reserved names leaked into historical manifests due to | |
| 664 | + ** slack oversight by older versions of Fossil, simply ignore | |
| 665 | + ** those files */ | |
| 666 | + p->nFile--; | |
| 667 | + break; | |
| 668 | + } | |
| 648 | 669 | p->aFile[i].zName = zName; |
| 649 | 670 | p->aFile[i].zUuid = zUuid; |
| 650 | 671 | p->aFile[i].zPerm = zPerm; |
| 651 | 672 | p->aFile[i].zPrior = zPriorName; |
| 652 | - if( i>0 && fossil_strcmp(p->aFile[i-1].zName, zName)>=0 ){ | |
| 653 | - SYNTAX("incorrect F-card sort order"); | |
| 654 | - } | |
| 655 | 673 | p->type = CFTYPE_MANIFEST; |
| 656 | 674 | break; |
| 657 | 675 | } |
| 658 | 676 | |
| 659 | 677 | /* |
| 660 | 678 |
| --- src/manifest.c | |
| +++ src/manifest.c | |
| @@ -481,14 +481,23 @@ | |
| 481 | blob_appendf(pErr, "line 1 not recognized"); |
| 482 | return 0; |
| 483 | } |
| 484 | /* Then verify the Z-card. |
| 485 | */ |
| 486 | if( verify_z_card(z, n, pErr)==2 ){ |
| 487 | blob_reset(pContent); |
| 488 | return 0; |
| 489 | } |
| 490 | |
| 491 | /* Allocate a Manifest object to hold the parsed control artifact. |
| 492 | */ |
| 493 | p = fossil_malloc( sizeof(*p) ); |
| 494 | memset(p, 0, sizeof(*p)); |
| @@ -601,10 +610,11 @@ | |
| 601 | case 'E': { |
| 602 | if( p->rEventDate>0.0 ) SYNTAX("more than one E-card"); |
| 603 | p->rEventDate = db_double(0.0,"SELECT julianday(%Q)", next_token(&x,0)); |
| 604 | if( p->rEventDate<=0.0 ) SYNTAX("malformed date on E-card"); |
| 605 | p->zEventId = next_token(&x, &sz); |
| 606 | if( !hname_validate(p->zEventId, sz) ){ |
| 607 | SYNTAX("malformed hash on E-card"); |
| 608 | } |
| 609 | p->type = CFTYPE_EVENT; |
| 610 | break; |
| @@ -625,10 +635,11 @@ | |
| 625 | if( !file_is_simple_pathname_nonstrict(zName) ){ |
| 626 | SYNTAX("F-card filename is not a simple path"); |
| 627 | } |
| 628 | zUuid = next_token(&x, &sz); |
| 629 | if( p->zBaseline==0 || zUuid!=0 ){ |
| 630 | if( !hname_validate(zUuid,sz) ){ |
| 631 | SYNTAX("F-card hash invalid"); |
| 632 | } |
| 633 | } |
| 634 | zPerm = next_token(&x,0); |
| @@ -643,17 +654,24 @@ | |
| 643 | p->nFileAlloc = p->nFileAlloc*2 + 10; |
| 644 | p->aFile = fossil_realloc(p->aFile, |
| 645 | p->nFileAlloc*sizeof(p->aFile[0]) ); |
| 646 | } |
| 647 | i = p->nFile++; |
| 648 | p->aFile[i].zName = zName; |
| 649 | p->aFile[i].zUuid = zUuid; |
| 650 | p->aFile[i].zPerm = zPerm; |
| 651 | p->aFile[i].zPrior = zPriorName; |
| 652 | if( i>0 && fossil_strcmp(p->aFile[i-1].zName, zName)>=0 ){ |
| 653 | SYNTAX("incorrect F-card sort order"); |
| 654 | } |
| 655 | p->type = CFTYPE_MANIFEST; |
| 656 | break; |
| 657 | } |
| 658 | |
| 659 | /* |
| 660 |
| --- src/manifest.c | |
| +++ src/manifest.c | |
| @@ -481,14 +481,23 @@ | |
| 481 | blob_appendf(pErr, "line 1 not recognized"); |
| 482 | return 0; |
| 483 | } |
| 484 | /* Then verify the Z-card. |
| 485 | */ |
| 486 | #if 1 |
| 487 | /* Disable this ***ONLY*** (ONLY!) when testing hand-written inputs |
| 488 | for card-related syntax errors. */ |
| 489 | if( verify_z_card(z, n, pErr)==2 ){ |
| 490 | blob_reset(pContent); |
| 491 | return 0; |
| 492 | } |
| 493 | #else |
| 494 | #warning ACHTUNG - z-card check is disabled for testing purposes. |
| 495 | if(0 && verify_z_card(NULL, 0, NULL)){ |
| 496 | /*avoid unused static func error*/ |
| 497 | } |
| 498 | #endif |
| 499 | |
| 500 | /* Allocate a Manifest object to hold the parsed control artifact. |
| 501 | */ |
| 502 | p = fossil_malloc( sizeof(*p) ); |
| 503 | memset(p, 0, sizeof(*p)); |
| @@ -601,10 +610,11 @@ | |
| 610 | case 'E': { |
| 611 | if( p->rEventDate>0.0 ) SYNTAX("more than one E-card"); |
| 612 | p->rEventDate = db_double(0.0,"SELECT julianday(%Q)", next_token(&x,0)); |
| 613 | if( p->rEventDate<=0.0 ) SYNTAX("malformed date on E-card"); |
| 614 | p->zEventId = next_token(&x, &sz); |
| 615 | if( p->zEventId==0 ) SYNTAX("missing hash on E-card"); |
| 616 | if( !hname_validate(p->zEventId, sz) ){ |
| 617 | SYNTAX("malformed hash on E-card"); |
| 618 | } |
| 619 | p->type = CFTYPE_EVENT; |
| 620 | break; |
| @@ -625,10 +635,11 @@ | |
| 635 | if( !file_is_simple_pathname_nonstrict(zName) ){ |
| 636 | SYNTAX("F-card filename is not a simple path"); |
| 637 | } |
| 638 | zUuid = next_token(&x, &sz); |
| 639 | if( p->zBaseline==0 || zUuid!=0 ){ |
| 640 | if( zUuid==0 ) SYNTAX("missing hash on F-card"); |
| 641 | if( !hname_validate(zUuid,sz) ){ |
| 642 | SYNTAX("F-card hash invalid"); |
| 643 | } |
| 644 | } |
| 645 | zPerm = next_token(&x,0); |
| @@ -643,17 +654,24 @@ | |
| 654 | p->nFileAlloc = p->nFileAlloc*2 + 10; |
| 655 | p->aFile = fossil_realloc(p->aFile, |
| 656 | p->nFileAlloc*sizeof(p->aFile[0]) ); |
| 657 | } |
| 658 | i = p->nFile++; |
| 659 | if( i>0 && fossil_strcmp(p->aFile[i-1].zName, zName)>=0 ){ |
| 660 | SYNTAX("incorrect F-card sort order"); |
| 661 | } |
| 662 | if( file_is_reserved_name(zName,-1) ){ |
| 663 | /* If reserved names leaked into historical manifests due to |
| 664 | ** slack oversight by older versions of Fossil, simply ignore |
| 665 | ** those files */ |
| 666 | p->nFile--; |
| 667 | break; |
| 668 | } |
| 669 | p->aFile[i].zName = zName; |
| 670 | p->aFile[i].zUuid = zUuid; |
| 671 | p->aFile[i].zPerm = zPerm; |
| 672 | p->aFile[i].zPrior = zPriorName; |
| 673 | p->type = CFTYPE_MANIFEST; |
| 674 | break; |
| 675 | } |
| 676 | |
| 677 | /* |
| 678 |
+21
-3
| --- src/manifest.c | ||
| +++ src/manifest.c | ||
| @@ -481,14 +481,23 @@ | ||
| 481 | 481 | blob_appendf(pErr, "line 1 not recognized"); |
| 482 | 482 | return 0; |
| 483 | 483 | } |
| 484 | 484 | /* Then verify the Z-card. |
| 485 | 485 | */ |
| 486 | +#if 1 | |
| 487 | + /* Disable this ***ONLY*** (ONLY!) when testing hand-written inputs | |
| 488 | + for card-related syntax errors. */ | |
| 486 | 489 | if( verify_z_card(z, n, pErr)==2 ){ |
| 487 | 490 | blob_reset(pContent); |
| 488 | 491 | return 0; |
| 489 | 492 | } |
| 493 | +#else | |
| 494 | +#warning ACHTUNG - z-card check is disabled for testing purposes. | |
| 495 | + if(0 && verify_z_card(NULL, 0, NULL)){ | |
| 496 | + /*avoid unused static func error*/ | |
| 497 | + } | |
| 498 | +#endif | |
| 490 | 499 | |
| 491 | 500 | /* Allocate a Manifest object to hold the parsed control artifact. |
| 492 | 501 | */ |
| 493 | 502 | p = fossil_malloc( sizeof(*p) ); |
| 494 | 503 | memset(p, 0, sizeof(*p)); |
| @@ -601,10 +610,11 @@ | ||
| 601 | 610 | case 'E': { |
| 602 | 611 | if( p->rEventDate>0.0 ) SYNTAX("more than one E-card"); |
| 603 | 612 | p->rEventDate = db_double(0.0,"SELECT julianday(%Q)", next_token(&x,0)); |
| 604 | 613 | if( p->rEventDate<=0.0 ) SYNTAX("malformed date on E-card"); |
| 605 | 614 | p->zEventId = next_token(&x, &sz); |
| 615 | + if( p->zEventId==0 ) SYNTAX("missing hash on E-card"); | |
| 606 | 616 | if( !hname_validate(p->zEventId, sz) ){ |
| 607 | 617 | SYNTAX("malformed hash on E-card"); |
| 608 | 618 | } |
| 609 | 619 | p->type = CFTYPE_EVENT; |
| 610 | 620 | break; |
| @@ -625,10 +635,11 @@ | ||
| 625 | 635 | if( !file_is_simple_pathname_nonstrict(zName) ){ |
| 626 | 636 | SYNTAX("F-card filename is not a simple path"); |
| 627 | 637 | } |
| 628 | 638 | zUuid = next_token(&x, &sz); |
| 629 | 639 | if( p->zBaseline==0 || zUuid!=0 ){ |
| 640 | + if( zUuid==0 ) SYNTAX("missing hash on F-card"); | |
| 630 | 641 | if( !hname_validate(zUuid,sz) ){ |
| 631 | 642 | SYNTAX("F-card hash invalid"); |
| 632 | 643 | } |
| 633 | 644 | } |
| 634 | 645 | zPerm = next_token(&x,0); |
| @@ -643,17 +654,24 @@ | ||
| 643 | 654 | p->nFileAlloc = p->nFileAlloc*2 + 10; |
| 644 | 655 | p->aFile = fossil_realloc(p->aFile, |
| 645 | 656 | p->nFileAlloc*sizeof(p->aFile[0]) ); |
| 646 | 657 | } |
| 647 | 658 | i = p->nFile++; |
| 659 | + if( i>0 && fossil_strcmp(p->aFile[i-1].zName, zName)>=0 ){ | |
| 660 | + SYNTAX("incorrect F-card sort order"); | |
| 661 | + } | |
| 662 | + if( file_is_reserved_name(zName,-1) ){ | |
| 663 | + /* If reserved names leaked into historical manifests due to | |
| 664 | + ** slack oversight by older versions of Fossil, simply ignore | |
| 665 | + ** those files */ | |
| 666 | + p->nFile--; | |
| 667 | + break; | |
| 668 | + } | |
| 648 | 669 | p->aFile[i].zName = zName; |
| 649 | 670 | p->aFile[i].zUuid = zUuid; |
| 650 | 671 | p->aFile[i].zPerm = zPerm; |
| 651 | 672 | p->aFile[i].zPrior = zPriorName; |
| 652 | - if( i>0 && fossil_strcmp(p->aFile[i-1].zName, zName)>=0 ){ | |
| 653 | - SYNTAX("incorrect F-card sort order"); | |
| 654 | - } | |
| 655 | 673 | p->type = CFTYPE_MANIFEST; |
| 656 | 674 | break; |
| 657 | 675 | } |
| 658 | 676 | |
| 659 | 677 | /* |
| 660 | 678 |
| --- src/manifest.c | |
| +++ src/manifest.c | |
| @@ -481,14 +481,23 @@ | |
| 481 | blob_appendf(pErr, "line 1 not recognized"); |
| 482 | return 0; |
| 483 | } |
| 484 | /* Then verify the Z-card. |
| 485 | */ |
| 486 | if( verify_z_card(z, n, pErr)==2 ){ |
| 487 | blob_reset(pContent); |
| 488 | return 0; |
| 489 | } |
| 490 | |
| 491 | /* Allocate a Manifest object to hold the parsed control artifact. |
| 492 | */ |
| 493 | p = fossil_malloc( sizeof(*p) ); |
| 494 | memset(p, 0, sizeof(*p)); |
| @@ -601,10 +610,11 @@ | |
| 601 | case 'E': { |
| 602 | if( p->rEventDate>0.0 ) SYNTAX("more than one E-card"); |
| 603 | p->rEventDate = db_double(0.0,"SELECT julianday(%Q)", next_token(&x,0)); |
| 604 | if( p->rEventDate<=0.0 ) SYNTAX("malformed date on E-card"); |
| 605 | p->zEventId = next_token(&x, &sz); |
| 606 | if( !hname_validate(p->zEventId, sz) ){ |
| 607 | SYNTAX("malformed hash on E-card"); |
| 608 | } |
| 609 | p->type = CFTYPE_EVENT; |
| 610 | break; |
| @@ -625,10 +635,11 @@ | |
| 625 | if( !file_is_simple_pathname_nonstrict(zName) ){ |
| 626 | SYNTAX("F-card filename is not a simple path"); |
| 627 | } |
| 628 | zUuid = next_token(&x, &sz); |
| 629 | if( p->zBaseline==0 || zUuid!=0 ){ |
| 630 | if( !hname_validate(zUuid,sz) ){ |
| 631 | SYNTAX("F-card hash invalid"); |
| 632 | } |
| 633 | } |
| 634 | zPerm = next_token(&x,0); |
| @@ -643,17 +654,24 @@ | |
| 643 | p->nFileAlloc = p->nFileAlloc*2 + 10; |
| 644 | p->aFile = fossil_realloc(p->aFile, |
| 645 | p->nFileAlloc*sizeof(p->aFile[0]) ); |
| 646 | } |
| 647 | i = p->nFile++; |
| 648 | p->aFile[i].zName = zName; |
| 649 | p->aFile[i].zUuid = zUuid; |
| 650 | p->aFile[i].zPerm = zPerm; |
| 651 | p->aFile[i].zPrior = zPriorName; |
| 652 | if( i>0 && fossil_strcmp(p->aFile[i-1].zName, zName)>=0 ){ |
| 653 | SYNTAX("incorrect F-card sort order"); |
| 654 | } |
| 655 | p->type = CFTYPE_MANIFEST; |
| 656 | break; |
| 657 | } |
| 658 | |
| 659 | /* |
| 660 |
| --- src/manifest.c | |
| +++ src/manifest.c | |
| @@ -481,14 +481,23 @@ | |
| 481 | blob_appendf(pErr, "line 1 not recognized"); |
| 482 | return 0; |
| 483 | } |
| 484 | /* Then verify the Z-card. |
| 485 | */ |
| 486 | #if 1 |
| 487 | /* Disable this ***ONLY*** (ONLY!) when testing hand-written inputs |
| 488 | for card-related syntax errors. */ |
| 489 | if( verify_z_card(z, n, pErr)==2 ){ |
| 490 | blob_reset(pContent); |
| 491 | return 0; |
| 492 | } |
| 493 | #else |
| 494 | #warning ACHTUNG - z-card check is disabled for testing purposes. |
| 495 | if(0 && verify_z_card(NULL, 0, NULL)){ |
| 496 | /*avoid unused static func error*/ |
| 497 | } |
| 498 | #endif |
| 499 | |
| 500 | /* Allocate a Manifest object to hold the parsed control artifact. |
| 501 | */ |
| 502 | p = fossil_malloc( sizeof(*p) ); |
| 503 | memset(p, 0, sizeof(*p)); |
| @@ -601,10 +610,11 @@ | |
| 610 | case 'E': { |
| 611 | if( p->rEventDate>0.0 ) SYNTAX("more than one E-card"); |
| 612 | p->rEventDate = db_double(0.0,"SELECT julianday(%Q)", next_token(&x,0)); |
| 613 | if( p->rEventDate<=0.0 ) SYNTAX("malformed date on E-card"); |
| 614 | p->zEventId = next_token(&x, &sz); |
| 615 | if( p->zEventId==0 ) SYNTAX("missing hash on E-card"); |
| 616 | if( !hname_validate(p->zEventId, sz) ){ |
| 617 | SYNTAX("malformed hash on E-card"); |
| 618 | } |
| 619 | p->type = CFTYPE_EVENT; |
| 620 | break; |
| @@ -625,10 +635,11 @@ | |
| 635 | if( !file_is_simple_pathname_nonstrict(zName) ){ |
| 636 | SYNTAX("F-card filename is not a simple path"); |
| 637 | } |
| 638 | zUuid = next_token(&x, &sz); |
| 639 | if( p->zBaseline==0 || zUuid!=0 ){ |
| 640 | if( zUuid==0 ) SYNTAX("missing hash on F-card"); |
| 641 | if( !hname_validate(zUuid,sz) ){ |
| 642 | SYNTAX("F-card hash invalid"); |
| 643 | } |
| 644 | } |
| 645 | zPerm = next_token(&x,0); |
| @@ -643,17 +654,24 @@ | |
| 654 | p->nFileAlloc = p->nFileAlloc*2 + 10; |
| 655 | p->aFile = fossil_realloc(p->aFile, |
| 656 | p->nFileAlloc*sizeof(p->aFile[0]) ); |
| 657 | } |
| 658 | i = p->nFile++; |
| 659 | if( i>0 && fossil_strcmp(p->aFile[i-1].zName, zName)>=0 ){ |
| 660 | SYNTAX("incorrect F-card sort order"); |
| 661 | } |
| 662 | if( file_is_reserved_name(zName,-1) ){ |
| 663 | /* If reserved names leaked into historical manifests due to |
| 664 | ** slack oversight by older versions of Fossil, simply ignore |
| 665 | ** those files */ |
| 666 | p->nFile--; |
| 667 | break; |
| 668 | } |
| 669 | p->aFile[i].zName = zName; |
| 670 | p->aFile[i].zUuid = zUuid; |
| 671 | p->aFile[i].zPerm = zPerm; |
| 672 | p->aFile[i].zPrior = zPriorName; |
| 673 | p->type = CFTYPE_MANIFEST; |
| 674 | break; |
| 675 | } |
| 676 | |
| 677 | /* |
| 678 |
+3
-3
| --- src/report.c | ||
| +++ src/report.c | ||
| @@ -229,15 +229,15 @@ | ||
| 229 | 229 | |
| 230 | 230 | /* |
| 231 | 231 | ** Activate the query authorizer |
| 232 | 232 | */ |
| 233 | 233 | void report_restrict_sql(char **pzErr){ |
| 234 | - sqlite3_set_authorizer(g.db, report_query_authorizer, (void*)pzErr); | |
| 234 | + db_set_authorizer(report_query_authorizer,(void*)pzErr,"Ticket-Report"); | |
| 235 | 235 | sqlite3_limit(g.db, SQLITE_LIMIT_VDBE_OP, 10000); |
| 236 | 236 | } |
| 237 | 237 | void report_unrestrict_sql(void){ |
| 238 | - sqlite3_set_authorizer(g.db, 0, 0); | |
| 238 | + db_clear_authorizer(); | |
| 239 | 239 | } |
| 240 | 240 | |
| 241 | 241 | |
| 242 | 242 | /* |
| 243 | 243 | ** Check the given SQL to see if is a valid query that does not |
| @@ -679,11 +679,11 @@ | ||
| 679 | 679 | */ |
| 680 | 680 | if( pState->nCount==0 ){ |
| 681 | 681 | /* Turn off the authorizer. It is no longer doing anything since the |
| 682 | 682 | ** query has already been prepared. |
| 683 | 683 | */ |
| 684 | - sqlite3_set_authorizer(g.db, 0, 0); | |
| 684 | + db_clear_authorizer(); | |
| 685 | 685 | |
| 686 | 686 | /* Figure out the number of columns, the column that determines background |
| 687 | 687 | ** color, and whether or not this row of data is represented by multiple |
| 688 | 688 | ** rows in the table. |
| 689 | 689 | */ |
| 690 | 690 |
| --- src/report.c | |
| +++ src/report.c | |
| @@ -229,15 +229,15 @@ | |
| 229 | |
| 230 | /* |
| 231 | ** Activate the query authorizer |
| 232 | */ |
| 233 | void report_restrict_sql(char **pzErr){ |
| 234 | sqlite3_set_authorizer(g.db, report_query_authorizer, (void*)pzErr); |
| 235 | sqlite3_limit(g.db, SQLITE_LIMIT_VDBE_OP, 10000); |
| 236 | } |
| 237 | void report_unrestrict_sql(void){ |
| 238 | sqlite3_set_authorizer(g.db, 0, 0); |
| 239 | } |
| 240 | |
| 241 | |
| 242 | /* |
| 243 | ** Check the given SQL to see if is a valid query that does not |
| @@ -679,11 +679,11 @@ | |
| 679 | */ |
| 680 | if( pState->nCount==0 ){ |
| 681 | /* Turn off the authorizer. It is no longer doing anything since the |
| 682 | ** query has already been prepared. |
| 683 | */ |
| 684 | sqlite3_set_authorizer(g.db, 0, 0); |
| 685 | |
| 686 | /* Figure out the number of columns, the column that determines background |
| 687 | ** color, and whether or not this row of data is represented by multiple |
| 688 | ** rows in the table. |
| 689 | */ |
| 690 |
| --- src/report.c | |
| +++ src/report.c | |
| @@ -229,15 +229,15 @@ | |
| 229 | |
| 230 | /* |
| 231 | ** Activate the query authorizer |
| 232 | */ |
| 233 | void report_restrict_sql(char **pzErr){ |
| 234 | db_set_authorizer(report_query_authorizer,(void*)pzErr,"Ticket-Report"); |
| 235 | sqlite3_limit(g.db, SQLITE_LIMIT_VDBE_OP, 10000); |
| 236 | } |
| 237 | void report_unrestrict_sql(void){ |
| 238 | db_clear_authorizer(); |
| 239 | } |
| 240 | |
| 241 | |
| 242 | /* |
| 243 | ** Check the given SQL to see if is a valid query that does not |
| @@ -679,11 +679,11 @@ | |
| 679 | */ |
| 680 | if( pState->nCount==0 ){ |
| 681 | /* Turn off the authorizer. It is no longer doing anything since the |
| 682 | ** query has already been prepared. |
| 683 | */ |
| 684 | db_clear_authorizer(); |
| 685 | |
| 686 | /* Figure out the number of columns, the column that determines background |
| 687 | ** color, and whether or not this row of data is represented by multiple |
| 688 | ** rows in the table. |
| 689 | */ |
| 690 |
+3
-3
| --- src/report.c | ||
| +++ src/report.c | ||
| @@ -229,15 +229,15 @@ | ||
| 229 | 229 | |
| 230 | 230 | /* |
| 231 | 231 | ** Activate the query authorizer |
| 232 | 232 | */ |
| 233 | 233 | void report_restrict_sql(char **pzErr){ |
| 234 | - sqlite3_set_authorizer(g.db, report_query_authorizer, (void*)pzErr); | |
| 234 | + db_set_authorizer(report_query_authorizer,(void*)pzErr,"Ticket-Report"); | |
| 235 | 235 | sqlite3_limit(g.db, SQLITE_LIMIT_VDBE_OP, 10000); |
| 236 | 236 | } |
| 237 | 237 | void report_unrestrict_sql(void){ |
| 238 | - sqlite3_set_authorizer(g.db, 0, 0); | |
| 238 | + db_clear_authorizer(); | |
| 239 | 239 | } |
| 240 | 240 | |
| 241 | 241 | |
| 242 | 242 | /* |
| 243 | 243 | ** Check the given SQL to see if is a valid query that does not |
| @@ -679,11 +679,11 @@ | ||
| 679 | 679 | */ |
| 680 | 680 | if( pState->nCount==0 ){ |
| 681 | 681 | /* Turn off the authorizer. It is no longer doing anything since the |
| 682 | 682 | ** query has already been prepared. |
| 683 | 683 | */ |
| 684 | - sqlite3_set_authorizer(g.db, 0, 0); | |
| 684 | + db_clear_authorizer(); | |
| 685 | 685 | |
| 686 | 686 | /* Figure out the number of columns, the column that determines background |
| 687 | 687 | ** color, and whether or not this row of data is represented by multiple |
| 688 | 688 | ** rows in the table. |
| 689 | 689 | */ |
| 690 | 690 |
| --- src/report.c | |
| +++ src/report.c | |
| @@ -229,15 +229,15 @@ | |
| 229 | |
| 230 | /* |
| 231 | ** Activate the query authorizer |
| 232 | */ |
| 233 | void report_restrict_sql(char **pzErr){ |
| 234 | sqlite3_set_authorizer(g.db, report_query_authorizer, (void*)pzErr); |
| 235 | sqlite3_limit(g.db, SQLITE_LIMIT_VDBE_OP, 10000); |
| 236 | } |
| 237 | void report_unrestrict_sql(void){ |
| 238 | sqlite3_set_authorizer(g.db, 0, 0); |
| 239 | } |
| 240 | |
| 241 | |
| 242 | /* |
| 243 | ** Check the given SQL to see if is a valid query that does not |
| @@ -679,11 +679,11 @@ | |
| 679 | */ |
| 680 | if( pState->nCount==0 ){ |
| 681 | /* Turn off the authorizer. It is no longer doing anything since the |
| 682 | ** query has already been prepared. |
| 683 | */ |
| 684 | sqlite3_set_authorizer(g.db, 0, 0); |
| 685 | |
| 686 | /* Figure out the number of columns, the column that determines background |
| 687 | ** color, and whether or not this row of data is represented by multiple |
| 688 | ** rows in the table. |
| 689 | */ |
| 690 |
| --- src/report.c | |
| +++ src/report.c | |
| @@ -229,15 +229,15 @@ | |
| 229 | |
| 230 | /* |
| 231 | ** Activate the query authorizer |
| 232 | */ |
| 233 | void report_restrict_sql(char **pzErr){ |
| 234 | db_set_authorizer(report_query_authorizer,(void*)pzErr,"Ticket-Report"); |
| 235 | sqlite3_limit(g.db, SQLITE_LIMIT_VDBE_OP, 10000); |
| 236 | } |
| 237 | void report_unrestrict_sql(void){ |
| 238 | db_clear_authorizer(); |
| 239 | } |
| 240 | |
| 241 | |
| 242 | /* |
| 243 | ** Check the given SQL to see if is a valid query that does not |
| @@ -679,11 +679,11 @@ | |
| 679 | */ |
| 680 | if( pState->nCount==0 ){ |
| 681 | /* Turn off the authorizer. It is no longer doing anything since the |
| 682 | ** query has already been prepared. |
| 683 | */ |
| 684 | db_clear_authorizer(); |
| 685 | |
| 686 | /* Figure out the number of columns, the column that determines background |
| 687 | ** color, and whether or not this row of data is represented by multiple |
| 688 | ** rows in the table. |
| 689 | */ |
| 690 |
+2
| --- src/stash.c | ||
| +++ src/stash.c | ||
| @@ -334,10 +334,12 @@ | ||
| 334 | 334 | blob_write_to_file(&delta, zNPath); |
| 335 | 335 | file_setexe(zNPath, isExec); |
| 336 | 336 | }else if( isRemoved ){ |
| 337 | 337 | fossil_print("DELETE %s\n", zOrig); |
| 338 | 338 | file_delete(zOPath); |
| 339 | + }else if( file_unsafe_in_tree_path(zNPath) ){ | |
| 340 | + /* Ignore the unsafe path */ | |
| 339 | 341 | }else{ |
| 340 | 342 | Blob a, b, out, disk; |
| 341 | 343 | int isNewLink = file_islink(zOPath); |
| 342 | 344 | db_ephemeral_blob(&q, 6, &delta); |
| 343 | 345 | blob_read_from_file(&disk, zOPath, RepoFILE); |
| 344 | 346 |
| --- src/stash.c | |
| +++ src/stash.c | |
| @@ -334,10 +334,12 @@ | |
| 334 | blob_write_to_file(&delta, zNPath); |
| 335 | file_setexe(zNPath, isExec); |
| 336 | }else if( isRemoved ){ |
| 337 | fossil_print("DELETE %s\n", zOrig); |
| 338 | file_delete(zOPath); |
| 339 | }else{ |
| 340 | Blob a, b, out, disk; |
| 341 | int isNewLink = file_islink(zOPath); |
| 342 | db_ephemeral_blob(&q, 6, &delta); |
| 343 | blob_read_from_file(&disk, zOPath, RepoFILE); |
| 344 |
| --- src/stash.c | |
| +++ src/stash.c | |
| @@ -334,10 +334,12 @@ | |
| 334 | blob_write_to_file(&delta, zNPath); |
| 335 | file_setexe(zNPath, isExec); |
| 336 | }else if( isRemoved ){ |
| 337 | fossil_print("DELETE %s\n", zOrig); |
| 338 | file_delete(zOPath); |
| 339 | }else if( file_unsafe_in_tree_path(zNPath) ){ |
| 340 | /* Ignore the unsafe path */ |
| 341 | }else{ |
| 342 | Blob a, b, out, disk; |
| 343 | int isNewLink = file_islink(zOPath); |
| 344 | db_ephemeral_blob(&q, 6, &delta); |
| 345 | blob_read_from_file(&disk, zOPath, RepoFILE); |
| 346 |
+2
| --- src/stash.c | ||
| +++ src/stash.c | ||
| @@ -334,10 +334,12 @@ | ||
| 334 | 334 | blob_write_to_file(&delta, zNPath); |
| 335 | 335 | file_setexe(zNPath, isExec); |
| 336 | 336 | }else if( isRemoved ){ |
| 337 | 337 | fossil_print("DELETE %s\n", zOrig); |
| 338 | 338 | file_delete(zOPath); |
| 339 | + }else if( file_unsafe_in_tree_path(zNPath) ){ | |
| 340 | + /* Ignore the unsafe path */ | |
| 339 | 341 | }else{ |
| 340 | 342 | Blob a, b, out, disk; |
| 341 | 343 | int isNewLink = file_islink(zOPath); |
| 342 | 344 | db_ephemeral_blob(&q, 6, &delta); |
| 343 | 345 | blob_read_from_file(&disk, zOPath, RepoFILE); |
| 344 | 346 |
| --- src/stash.c | |
| +++ src/stash.c | |
| @@ -334,10 +334,12 @@ | |
| 334 | blob_write_to_file(&delta, zNPath); |
| 335 | file_setexe(zNPath, isExec); |
| 336 | }else if( isRemoved ){ |
| 337 | fossil_print("DELETE %s\n", zOrig); |
| 338 | file_delete(zOPath); |
| 339 | }else{ |
| 340 | Blob a, b, out, disk; |
| 341 | int isNewLink = file_islink(zOPath); |
| 342 | db_ephemeral_blob(&q, 6, &delta); |
| 343 | blob_read_from_file(&disk, zOPath, RepoFILE); |
| 344 |
| --- src/stash.c | |
| +++ src/stash.c | |
| @@ -334,10 +334,12 @@ | |
| 334 | blob_write_to_file(&delta, zNPath); |
| 335 | file_setexe(zNPath, isExec); |
| 336 | }else if( isRemoved ){ |
| 337 | fossil_print("DELETE %s\n", zOrig); |
| 338 | file_delete(zOPath); |
| 339 | }else if( file_unsafe_in_tree_path(zNPath) ){ |
| 340 | /* Ignore the unsafe path */ |
| 341 | }else{ |
| 342 | Blob a, b, out, disk; |
| 343 | int isNewLink = file_islink(zOPath); |
| 344 | db_ephemeral_blob(&q, 6, &delta); |
| 345 | blob_read_from_file(&disk, zOPath, RepoFILE); |
| 346 |
+72
| --- src/tkt.c | ||
| +++ src/tkt.c | ||
| @@ -370,10 +370,79 @@ | ||
| 370 | 370 | Th_FossilInit(TH_INIT_DEFAULT); |
| 371 | 371 | Th_Store("uuid", zUuid); |
| 372 | 372 | zConfig = ticket_change_code(); |
| 373 | 373 | return Th_Eval(g.interp, 0, zConfig, -1); |
| 374 | 374 | } |
| 375 | + | |
| 376 | +/* | |
| 377 | +** An authorizer function for the SQL used to initialize the | |
| 378 | +** schema for the ticketing system. Only allow CREATE TABLE and | |
| 379 | +** CREATE INDEX for tables whose names begin with "ticket" and | |
| 380 | +** changes to tables whose names begin with "ticket". | |
| 381 | +*/ | |
| 382 | +static int ticket_schema_auth( | |
| 383 | + void *pNErr, | |
| 384 | + int eCode, | |
| 385 | + const char *z0, | |
| 386 | + const char *z1, | |
| 387 | + const char *z2, | |
| 388 | + const char *z3 | |
| 389 | +){ | |
| 390 | + switch( eCode ){ | |
| 391 | + case SQLITE_CREATE_TABLE: { | |
| 392 | + if( sqlite3_stricmp(z2,"main")!=0 | |
| 393 | + && sqlite3_stricmp(z2,"repository")!=0 | |
| 394 | + ){ | |
| 395 | + goto ticket_schema_error; | |
| 396 | + } | |
| 397 | + if( sqlite3_strnicmp(z0,"ticket",6)!=0 ){ | |
| 398 | + goto ticket_schema_error; | |
| 399 | + } | |
| 400 | + break; | |
| 401 | + } | |
| 402 | + case SQLITE_CREATE_INDEX: { | |
| 403 | + if( sqlite3_stricmp(z2,"main")!=0 | |
| 404 | + && sqlite3_stricmp(z2,"repository")!=0 | |
| 405 | + ){ | |
| 406 | + goto ticket_schema_error; | |
| 407 | + } | |
| 408 | + if( sqlite3_strnicmp(z1,"ticket",6)!=0 ){ | |
| 409 | + goto ticket_schema_error; | |
| 410 | + } | |
| 411 | + break; | |
| 412 | + } | |
| 413 | + case SQLITE_INSERT: | |
| 414 | + case SQLITE_UPDATE: | |
| 415 | + case SQLITE_DELETE: { | |
| 416 | + if( sqlite3_stricmp(z2,"main")!=0 | |
| 417 | + && sqlite3_stricmp(z2,"repository")!=0 | |
| 418 | + ){ | |
| 419 | + goto ticket_schema_error; | |
| 420 | + } | |
| 421 | + if( sqlite3_strnicmp(z0,"ticket",6)!=0 | |
| 422 | + && sqlite3_strnicmp(z0,"sqlite_",7)!=0 | |
| 423 | + ){ | |
| 424 | + goto ticket_schema_error; | |
| 425 | + } | |
| 426 | + break; | |
| 427 | + } | |
| 428 | + case SQLITE_REINDEX: | |
| 429 | + case SQLITE_TRANSACTION: | |
| 430 | + case SQLITE_READ: { | |
| 431 | + break; | |
| 432 | + } | |
| 433 | + default: { | |
| 434 | + goto ticket_schema_error; | |
| 435 | + } | |
| 436 | + } | |
| 437 | + return SQLITE_OK; | |
| 438 | + | |
| 439 | +ticket_schema_error: | |
| 440 | + if( pNErr ) *(int*)pNErr = 1; | |
| 441 | + return SQLITE_DENY; | |
| 442 | +} | |
| 443 | + | |
| 375 | 444 | |
| 376 | 445 | /* |
| 377 | 446 | ** Recreate the TICKET and TICKETCHNG tables. |
| 378 | 447 | */ |
| 379 | 448 | void ticket_create_table(int separateConnection){ |
| @@ -384,14 +453,17 @@ | ||
| 384 | 453 | "DROP TABLE IF EXISTS ticketchng;" |
| 385 | 454 | ); |
| 386 | 455 | zSql = ticket_table_schema(); |
| 387 | 456 | if( separateConnection ){ |
| 388 | 457 | if( db_transaction_nesting_depth() ) db_end_transaction(0); |
| 458 | + db_set_authorizer(ticket_schema_auth,0,"Ticket-Schema"); | |
| 389 | 459 | db_init_database(g.zRepositoryName, zSql, 0); |
| 390 | 460 | }else{ |
| 461 | + db_set_authorizer(ticket_schema_auth,0,"Ticket-Schema"); | |
| 391 | 462 | db_multi_exec("%s", zSql/*safe-for-%s*/); |
| 392 | 463 | } |
| 464 | + db_clear_authorizer(); | |
| 393 | 465 | fossil_free(zSql); |
| 394 | 466 | } |
| 395 | 467 | |
| 396 | 468 | /* |
| 397 | 469 | ** Repopulate the TICKET and TICKETCHNG tables from scratch using all |
| 398 | 470 |
| --- src/tkt.c | |
| +++ src/tkt.c | |
| @@ -370,10 +370,79 @@ | |
| 370 | Th_FossilInit(TH_INIT_DEFAULT); |
| 371 | Th_Store("uuid", zUuid); |
| 372 | zConfig = ticket_change_code(); |
| 373 | return Th_Eval(g.interp, 0, zConfig, -1); |
| 374 | } |
| 375 | |
| 376 | /* |
| 377 | ** Recreate the TICKET and TICKETCHNG tables. |
| 378 | */ |
| 379 | void ticket_create_table(int separateConnection){ |
| @@ -384,14 +453,17 @@ | |
| 384 | "DROP TABLE IF EXISTS ticketchng;" |
| 385 | ); |
| 386 | zSql = ticket_table_schema(); |
| 387 | if( separateConnection ){ |
| 388 | if( db_transaction_nesting_depth() ) db_end_transaction(0); |
| 389 | db_init_database(g.zRepositoryName, zSql, 0); |
| 390 | }else{ |
| 391 | db_multi_exec("%s", zSql/*safe-for-%s*/); |
| 392 | } |
| 393 | fossil_free(zSql); |
| 394 | } |
| 395 | |
| 396 | /* |
| 397 | ** Repopulate the TICKET and TICKETCHNG tables from scratch using all |
| 398 |
| --- src/tkt.c | |
| +++ src/tkt.c | |
| @@ -370,10 +370,79 @@ | |
| 370 | Th_FossilInit(TH_INIT_DEFAULT); |
| 371 | Th_Store("uuid", zUuid); |
| 372 | zConfig = ticket_change_code(); |
| 373 | return Th_Eval(g.interp, 0, zConfig, -1); |
| 374 | } |
| 375 | |
| 376 | /* |
| 377 | ** An authorizer function for the SQL used to initialize the |
| 378 | ** schema for the ticketing system. Only allow CREATE TABLE and |
| 379 | ** CREATE INDEX for tables whose names begin with "ticket" and |
| 380 | ** changes to tables whose names begin with "ticket". |
| 381 | */ |
| 382 | static int ticket_schema_auth( |
| 383 | void *pNErr, |
| 384 | int eCode, |
| 385 | const char *z0, |
| 386 | const char *z1, |
| 387 | const char *z2, |
| 388 | const char *z3 |
| 389 | ){ |
| 390 | switch( eCode ){ |
| 391 | case SQLITE_CREATE_TABLE: { |
| 392 | if( sqlite3_stricmp(z2,"main")!=0 |
| 393 | && sqlite3_stricmp(z2,"repository")!=0 |
| 394 | ){ |
| 395 | goto ticket_schema_error; |
| 396 | } |
| 397 | if( sqlite3_strnicmp(z0,"ticket",6)!=0 ){ |
| 398 | goto ticket_schema_error; |
| 399 | } |
| 400 | break; |
| 401 | } |
| 402 | case SQLITE_CREATE_INDEX: { |
| 403 | if( sqlite3_stricmp(z2,"main")!=0 |
| 404 | && sqlite3_stricmp(z2,"repository")!=0 |
| 405 | ){ |
| 406 | goto ticket_schema_error; |
| 407 | } |
| 408 | if( sqlite3_strnicmp(z1,"ticket",6)!=0 ){ |
| 409 | goto ticket_schema_error; |
| 410 | } |
| 411 | break; |
| 412 | } |
| 413 | case SQLITE_INSERT: |
| 414 | case SQLITE_UPDATE: |
| 415 | case SQLITE_DELETE: { |
| 416 | if( sqlite3_stricmp(z2,"main")!=0 |
| 417 | && sqlite3_stricmp(z2,"repository")!=0 |
| 418 | ){ |
| 419 | goto ticket_schema_error; |
| 420 | } |
| 421 | if( sqlite3_strnicmp(z0,"ticket",6)!=0 |
| 422 | && sqlite3_strnicmp(z0,"sqlite_",7)!=0 |
| 423 | ){ |
| 424 | goto ticket_schema_error; |
| 425 | } |
| 426 | break; |
| 427 | } |
| 428 | case SQLITE_REINDEX: |
| 429 | case SQLITE_TRANSACTION: |
| 430 | case SQLITE_READ: { |
| 431 | break; |
| 432 | } |
| 433 | default: { |
| 434 | goto ticket_schema_error; |
| 435 | } |
| 436 | } |
| 437 | return SQLITE_OK; |
| 438 | |
| 439 | ticket_schema_error: |
| 440 | if( pNErr ) *(int*)pNErr = 1; |
| 441 | return SQLITE_DENY; |
| 442 | } |
| 443 | |
| 444 | |
| 445 | /* |
| 446 | ** Recreate the TICKET and TICKETCHNG tables. |
| 447 | */ |
| 448 | void ticket_create_table(int separateConnection){ |
| @@ -384,14 +453,17 @@ | |
| 453 | "DROP TABLE IF EXISTS ticketchng;" |
| 454 | ); |
| 455 | zSql = ticket_table_schema(); |
| 456 | if( separateConnection ){ |
| 457 | if( db_transaction_nesting_depth() ) db_end_transaction(0); |
| 458 | db_set_authorizer(ticket_schema_auth,0,"Ticket-Schema"); |
| 459 | db_init_database(g.zRepositoryName, zSql, 0); |
| 460 | }else{ |
| 461 | db_set_authorizer(ticket_schema_auth,0,"Ticket-Schema"); |
| 462 | db_multi_exec("%s", zSql/*safe-for-%s*/); |
| 463 | } |
| 464 | db_clear_authorizer(); |
| 465 | fossil_free(zSql); |
| 466 | } |
| 467 | |
| 468 | /* |
| 469 | ** Repopulate the TICKET and TICKETCHNG tables from scratch using all |
| 470 |
+72
| --- src/tkt.c | ||
| +++ src/tkt.c | ||
| @@ -370,10 +370,79 @@ | ||
| 370 | 370 | Th_FossilInit(TH_INIT_DEFAULT); |
| 371 | 371 | Th_Store("uuid", zUuid); |
| 372 | 372 | zConfig = ticket_change_code(); |
| 373 | 373 | return Th_Eval(g.interp, 0, zConfig, -1); |
| 374 | 374 | } |
| 375 | + | |
| 376 | +/* | |
| 377 | +** An authorizer function for the SQL used to initialize the | |
| 378 | +** schema for the ticketing system. Only allow CREATE TABLE and | |
| 379 | +** CREATE INDEX for tables whose names begin with "ticket" and | |
| 380 | +** changes to tables whose names begin with "ticket". | |
| 381 | +*/ | |
| 382 | +static int ticket_schema_auth( | |
| 383 | + void *pNErr, | |
| 384 | + int eCode, | |
| 385 | + const char *z0, | |
| 386 | + const char *z1, | |
| 387 | + const char *z2, | |
| 388 | + const char *z3 | |
| 389 | +){ | |
| 390 | + switch( eCode ){ | |
| 391 | + case SQLITE_CREATE_TABLE: { | |
| 392 | + if( sqlite3_stricmp(z2,"main")!=0 | |
| 393 | + && sqlite3_stricmp(z2,"repository")!=0 | |
| 394 | + ){ | |
| 395 | + goto ticket_schema_error; | |
| 396 | + } | |
| 397 | + if( sqlite3_strnicmp(z0,"ticket",6)!=0 ){ | |
| 398 | + goto ticket_schema_error; | |
| 399 | + } | |
| 400 | + break; | |
| 401 | + } | |
| 402 | + case SQLITE_CREATE_INDEX: { | |
| 403 | + if( sqlite3_stricmp(z2,"main")!=0 | |
| 404 | + && sqlite3_stricmp(z2,"repository")!=0 | |
| 405 | + ){ | |
| 406 | + goto ticket_schema_error; | |
| 407 | + } | |
| 408 | + if( sqlite3_strnicmp(z1,"ticket",6)!=0 ){ | |
| 409 | + goto ticket_schema_error; | |
| 410 | + } | |
| 411 | + break; | |
| 412 | + } | |
| 413 | + case SQLITE_INSERT: | |
| 414 | + case SQLITE_UPDATE: | |
| 415 | + case SQLITE_DELETE: { | |
| 416 | + if( sqlite3_stricmp(z2,"main")!=0 | |
| 417 | + && sqlite3_stricmp(z2,"repository")!=0 | |
| 418 | + ){ | |
| 419 | + goto ticket_schema_error; | |
| 420 | + } | |
| 421 | + if( sqlite3_strnicmp(z0,"ticket",6)!=0 | |
| 422 | + && sqlite3_strnicmp(z0,"sqlite_",7)!=0 | |
| 423 | + ){ | |
| 424 | + goto ticket_schema_error; | |
| 425 | + } | |
| 426 | + break; | |
| 427 | + } | |
| 428 | + case SQLITE_REINDEX: | |
| 429 | + case SQLITE_TRANSACTION: | |
| 430 | + case SQLITE_READ: { | |
| 431 | + break; | |
| 432 | + } | |
| 433 | + default: { | |
| 434 | + goto ticket_schema_error; | |
| 435 | + } | |
| 436 | + } | |
| 437 | + return SQLITE_OK; | |
| 438 | + | |
| 439 | +ticket_schema_error: | |
| 440 | + if( pNErr ) *(int*)pNErr = 1; | |
| 441 | + return SQLITE_DENY; | |
| 442 | +} | |
| 443 | + | |
| 375 | 444 | |
| 376 | 445 | /* |
| 377 | 446 | ** Recreate the TICKET and TICKETCHNG tables. |
| 378 | 447 | */ |
| 379 | 448 | void ticket_create_table(int separateConnection){ |
| @@ -384,14 +453,17 @@ | ||
| 384 | 453 | "DROP TABLE IF EXISTS ticketchng;" |
| 385 | 454 | ); |
| 386 | 455 | zSql = ticket_table_schema(); |
| 387 | 456 | if( separateConnection ){ |
| 388 | 457 | if( db_transaction_nesting_depth() ) db_end_transaction(0); |
| 458 | + db_set_authorizer(ticket_schema_auth,0,"Ticket-Schema"); | |
| 389 | 459 | db_init_database(g.zRepositoryName, zSql, 0); |
| 390 | 460 | }else{ |
| 461 | + db_set_authorizer(ticket_schema_auth,0,"Ticket-Schema"); | |
| 391 | 462 | db_multi_exec("%s", zSql/*safe-for-%s*/); |
| 392 | 463 | } |
| 464 | + db_clear_authorizer(); | |
| 393 | 465 | fossil_free(zSql); |
| 394 | 466 | } |
| 395 | 467 | |
| 396 | 468 | /* |
| 397 | 469 | ** Repopulate the TICKET and TICKETCHNG tables from scratch using all |
| 398 | 470 |
| --- src/tkt.c | |
| +++ src/tkt.c | |
| @@ -370,10 +370,79 @@ | |
| 370 | Th_FossilInit(TH_INIT_DEFAULT); |
| 371 | Th_Store("uuid", zUuid); |
| 372 | zConfig = ticket_change_code(); |
| 373 | return Th_Eval(g.interp, 0, zConfig, -1); |
| 374 | } |
| 375 | |
| 376 | /* |
| 377 | ** Recreate the TICKET and TICKETCHNG tables. |
| 378 | */ |
| 379 | void ticket_create_table(int separateConnection){ |
| @@ -384,14 +453,17 @@ | |
| 384 | "DROP TABLE IF EXISTS ticketchng;" |
| 385 | ); |
| 386 | zSql = ticket_table_schema(); |
| 387 | if( separateConnection ){ |
| 388 | if( db_transaction_nesting_depth() ) db_end_transaction(0); |
| 389 | db_init_database(g.zRepositoryName, zSql, 0); |
| 390 | }else{ |
| 391 | db_multi_exec("%s", zSql/*safe-for-%s*/); |
| 392 | } |
| 393 | fossil_free(zSql); |
| 394 | } |
| 395 | |
| 396 | /* |
| 397 | ** Repopulate the TICKET and TICKETCHNG tables from scratch using all |
| 398 |
| --- src/tkt.c | |
| +++ src/tkt.c | |
| @@ -370,10 +370,79 @@ | |
| 370 | Th_FossilInit(TH_INIT_DEFAULT); |
| 371 | Th_Store("uuid", zUuid); |
| 372 | zConfig = ticket_change_code(); |
| 373 | return Th_Eval(g.interp, 0, zConfig, -1); |
| 374 | } |
| 375 | |
| 376 | /* |
| 377 | ** An authorizer function for the SQL used to initialize the |
| 378 | ** schema for the ticketing system. Only allow CREATE TABLE and |
| 379 | ** CREATE INDEX for tables whose names begin with "ticket" and |
| 380 | ** changes to tables whose names begin with "ticket". |
| 381 | */ |
| 382 | static int ticket_schema_auth( |
| 383 | void *pNErr, |
| 384 | int eCode, |
| 385 | const char *z0, |
| 386 | const char *z1, |
| 387 | const char *z2, |
| 388 | const char *z3 |
| 389 | ){ |
| 390 | switch( eCode ){ |
| 391 | case SQLITE_CREATE_TABLE: { |
| 392 | if( sqlite3_stricmp(z2,"main")!=0 |
| 393 | && sqlite3_stricmp(z2,"repository")!=0 |
| 394 | ){ |
| 395 | goto ticket_schema_error; |
| 396 | } |
| 397 | if( sqlite3_strnicmp(z0,"ticket",6)!=0 ){ |
| 398 | goto ticket_schema_error; |
| 399 | } |
| 400 | break; |
| 401 | } |
| 402 | case SQLITE_CREATE_INDEX: { |
| 403 | if( sqlite3_stricmp(z2,"main")!=0 |
| 404 | && sqlite3_stricmp(z2,"repository")!=0 |
| 405 | ){ |
| 406 | goto ticket_schema_error; |
| 407 | } |
| 408 | if( sqlite3_strnicmp(z1,"ticket",6)!=0 ){ |
| 409 | goto ticket_schema_error; |
| 410 | } |
| 411 | break; |
| 412 | } |
| 413 | case SQLITE_INSERT: |
| 414 | case SQLITE_UPDATE: |
| 415 | case SQLITE_DELETE: { |
| 416 | if( sqlite3_stricmp(z2,"main")!=0 |
| 417 | && sqlite3_stricmp(z2,"repository")!=0 |
| 418 | ){ |
| 419 | goto ticket_schema_error; |
| 420 | } |
| 421 | if( sqlite3_strnicmp(z0,"ticket",6)!=0 |
| 422 | && sqlite3_strnicmp(z0,"sqlite_",7)!=0 |
| 423 | ){ |
| 424 | goto ticket_schema_error; |
| 425 | } |
| 426 | break; |
| 427 | } |
| 428 | case SQLITE_REINDEX: |
| 429 | case SQLITE_TRANSACTION: |
| 430 | case SQLITE_READ: { |
| 431 | break; |
| 432 | } |
| 433 | default: { |
| 434 | goto ticket_schema_error; |
| 435 | } |
| 436 | } |
| 437 | return SQLITE_OK; |
| 438 | |
| 439 | ticket_schema_error: |
| 440 | if( pNErr ) *(int*)pNErr = 1; |
| 441 | return SQLITE_DENY; |
| 442 | } |
| 443 | |
| 444 | |
| 445 | /* |
| 446 | ** Recreate the TICKET and TICKETCHNG tables. |
| 447 | */ |
| 448 | void ticket_create_table(int separateConnection){ |
| @@ -384,14 +453,17 @@ | |
| 453 | "DROP TABLE IF EXISTS ticketchng;" |
| 454 | ); |
| 455 | zSql = ticket_table_schema(); |
| 456 | if( separateConnection ){ |
| 457 | if( db_transaction_nesting_depth() ) db_end_transaction(0); |
| 458 | db_set_authorizer(ticket_schema_auth,0,"Ticket-Schema"); |
| 459 | db_init_database(g.zRepositoryName, zSql, 0); |
| 460 | }else{ |
| 461 | db_set_authorizer(ticket_schema_auth,0,"Ticket-Schema"); |
| 462 | db_multi_exec("%s", zSql/*safe-for-%s*/); |
| 463 | } |
| 464 | db_clear_authorizer(); |
| 465 | fossil_free(zSql); |
| 466 | } |
| 467 | |
| 468 | /* |
| 469 | ** Repopulate the TICKET and TICKETCHNG tables from scratch using all |
| 470 |
+4
-2
| --- src/undo.c | ||
| +++ src/undo.c | ||
| @@ -52,11 +52,11 @@ | ||
| 52 | 52 | int new_exe; |
| 53 | 53 | int new_link; |
| 54 | 54 | int old_link; |
| 55 | 55 | Blob current; |
| 56 | 56 | Blob new; |
| 57 | - zFullname = mprintf("%s/%s", g.zLocalRoot, zPathname); | |
| 57 | + zFullname = mprintf("%s%s", g.zLocalRoot, zPathname); | |
| 58 | 58 | old_link = db_column_int(&q, 3); |
| 59 | 59 | new_exists = file_size(zFullname, RepoFILE)>=0; |
| 60 | 60 | new_link = file_islink(0); |
| 61 | 61 | if( new_exists ){ |
| 62 | 62 | blob_read_from_file(¤t, zFullname, RepoFILE); |
| @@ -69,11 +69,13 @@ | ||
| 69 | 69 | old_exists = db_column_int(&q, 1); |
| 70 | 70 | old_exe = db_column_int(&q, 2); |
| 71 | 71 | if( old_exists ){ |
| 72 | 72 | db_ephemeral_blob(&q, 0, &new); |
| 73 | 73 | } |
| 74 | - if( old_exists ){ | |
| 74 | + if( file_unsafe_in_tree_path(zFullname) ){ | |
| 75 | + /* do nothign with this unsafe file */ | |
| 76 | + }else if( old_exists ){ | |
| 75 | 77 | if( new_exists ){ |
| 76 | 78 | fossil_print("%s %s\n", redoFlag ? "REDO" : "UNDO", zPathname); |
| 77 | 79 | }else{ |
| 78 | 80 | fossil_print("NEW %s\n", zPathname); |
| 79 | 81 | } |
| 80 | 82 |
| --- src/undo.c | |
| +++ src/undo.c | |
| @@ -52,11 +52,11 @@ | |
| 52 | int new_exe; |
| 53 | int new_link; |
| 54 | int old_link; |
| 55 | Blob current; |
| 56 | Blob new; |
| 57 | zFullname = mprintf("%s/%s", g.zLocalRoot, zPathname); |
| 58 | old_link = db_column_int(&q, 3); |
| 59 | new_exists = file_size(zFullname, RepoFILE)>=0; |
| 60 | new_link = file_islink(0); |
| 61 | if( new_exists ){ |
| 62 | blob_read_from_file(¤t, zFullname, RepoFILE); |
| @@ -69,11 +69,13 @@ | |
| 69 | old_exists = db_column_int(&q, 1); |
| 70 | old_exe = db_column_int(&q, 2); |
| 71 | if( old_exists ){ |
| 72 | db_ephemeral_blob(&q, 0, &new); |
| 73 | } |
| 74 | if( old_exists ){ |
| 75 | if( new_exists ){ |
| 76 | fossil_print("%s %s\n", redoFlag ? "REDO" : "UNDO", zPathname); |
| 77 | }else{ |
| 78 | fossil_print("NEW %s\n", zPathname); |
| 79 | } |
| 80 |
| --- src/undo.c | |
| +++ src/undo.c | |
| @@ -52,11 +52,11 @@ | |
| 52 | int new_exe; |
| 53 | int new_link; |
| 54 | int old_link; |
| 55 | Blob current; |
| 56 | Blob new; |
| 57 | zFullname = mprintf("%s%s", g.zLocalRoot, zPathname); |
| 58 | old_link = db_column_int(&q, 3); |
| 59 | new_exists = file_size(zFullname, RepoFILE)>=0; |
| 60 | new_link = file_islink(0); |
| 61 | if( new_exists ){ |
| 62 | blob_read_from_file(¤t, zFullname, RepoFILE); |
| @@ -69,11 +69,13 @@ | |
| 69 | old_exists = db_column_int(&q, 1); |
| 70 | old_exe = db_column_int(&q, 2); |
| 71 | if( old_exists ){ |
| 72 | db_ephemeral_blob(&q, 0, &new); |
| 73 | } |
| 74 | if( file_unsafe_in_tree_path(zFullname) ){ |
| 75 | /* do nothign with this unsafe file */ |
| 76 | }else if( old_exists ){ |
| 77 | if( new_exists ){ |
| 78 | fossil_print("%s %s\n", redoFlag ? "REDO" : "UNDO", zPathname); |
| 79 | }else{ |
| 80 | fossil_print("NEW %s\n", zPathname); |
| 81 | } |
| 82 |
+4
-2
| --- src/undo.c | ||
| +++ src/undo.c | ||
| @@ -52,11 +52,11 @@ | ||
| 52 | 52 | int new_exe; |
| 53 | 53 | int new_link; |
| 54 | 54 | int old_link; |
| 55 | 55 | Blob current; |
| 56 | 56 | Blob new; |
| 57 | - zFullname = mprintf("%s/%s", g.zLocalRoot, zPathname); | |
| 57 | + zFullname = mprintf("%s%s", g.zLocalRoot, zPathname); | |
| 58 | 58 | old_link = db_column_int(&q, 3); |
| 59 | 59 | new_exists = file_size(zFullname, RepoFILE)>=0; |
| 60 | 60 | new_link = file_islink(0); |
| 61 | 61 | if( new_exists ){ |
| 62 | 62 | blob_read_from_file(¤t, zFullname, RepoFILE); |
| @@ -69,11 +69,13 @@ | ||
| 69 | 69 | old_exists = db_column_int(&q, 1); |
| 70 | 70 | old_exe = db_column_int(&q, 2); |
| 71 | 71 | if( old_exists ){ |
| 72 | 72 | db_ephemeral_blob(&q, 0, &new); |
| 73 | 73 | } |
| 74 | - if( old_exists ){ | |
| 74 | + if( file_unsafe_in_tree_path(zFullname) ){ | |
| 75 | + /* do nothign with this unsafe file */ | |
| 76 | + }else if( old_exists ){ | |
| 75 | 77 | if( new_exists ){ |
| 76 | 78 | fossil_print("%s %s\n", redoFlag ? "REDO" : "UNDO", zPathname); |
| 77 | 79 | }else{ |
| 78 | 80 | fossil_print("NEW %s\n", zPathname); |
| 79 | 81 | } |
| 80 | 82 |
| --- src/undo.c | |
| +++ src/undo.c | |
| @@ -52,11 +52,11 @@ | |
| 52 | int new_exe; |
| 53 | int new_link; |
| 54 | int old_link; |
| 55 | Blob current; |
| 56 | Blob new; |
| 57 | zFullname = mprintf("%s/%s", g.zLocalRoot, zPathname); |
| 58 | old_link = db_column_int(&q, 3); |
| 59 | new_exists = file_size(zFullname, RepoFILE)>=0; |
| 60 | new_link = file_islink(0); |
| 61 | if( new_exists ){ |
| 62 | blob_read_from_file(¤t, zFullname, RepoFILE); |
| @@ -69,11 +69,13 @@ | |
| 69 | old_exists = db_column_int(&q, 1); |
| 70 | old_exe = db_column_int(&q, 2); |
| 71 | if( old_exists ){ |
| 72 | db_ephemeral_blob(&q, 0, &new); |
| 73 | } |
| 74 | if( old_exists ){ |
| 75 | if( new_exists ){ |
| 76 | fossil_print("%s %s\n", redoFlag ? "REDO" : "UNDO", zPathname); |
| 77 | }else{ |
| 78 | fossil_print("NEW %s\n", zPathname); |
| 79 | } |
| 80 |
| --- src/undo.c | |
| +++ src/undo.c | |
| @@ -52,11 +52,11 @@ | |
| 52 | int new_exe; |
| 53 | int new_link; |
| 54 | int old_link; |
| 55 | Blob current; |
| 56 | Blob new; |
| 57 | zFullname = mprintf("%s%s", g.zLocalRoot, zPathname); |
| 58 | old_link = db_column_int(&q, 3); |
| 59 | new_exists = file_size(zFullname, RepoFILE)>=0; |
| 60 | new_link = file_islink(0); |
| 61 | if( new_exists ){ |
| 62 | blob_read_from_file(¤t, zFullname, RepoFILE); |
| @@ -69,11 +69,13 @@ | |
| 69 | old_exists = db_column_int(&q, 1); |
| 70 | old_exe = db_column_int(&q, 2); |
| 71 | if( old_exists ){ |
| 72 | db_ephemeral_blob(&q, 0, &new); |
| 73 | } |
| 74 | if( file_unsafe_in_tree_path(zFullname) ){ |
| 75 | /* do nothign with this unsafe file */ |
| 76 | }else if( old_exists ){ |
| 77 | if( new_exists ){ |
| 78 | fossil_print("%s %s\n", redoFlag ? "REDO" : "UNDO", zPathname); |
| 79 | }else{ |
| 80 | fossil_print("NEW %s\n", zPathname); |
| 81 | } |
| 82 |
+2
| --- src/update.c | ||
| +++ src/update.c | ||
| @@ -876,10 +876,12 @@ | ||
| 876 | 876 | " SET pathname=origname, origname=NULL" |
| 877 | 877 | " WHERE pathname=%Q AND origname!=pathname;" |
| 878 | 878 | "DELETE FROM vfile WHERE pathname=%Q", |
| 879 | 879 | zFile, zFile |
| 880 | 880 | ); |
| 881 | + }else if( file_unsafe_in_tree_path(zFull) ){ | |
| 882 | + /* Ignore this file */ | |
| 881 | 883 | }else{ |
| 882 | 884 | sqlite3_int64 mtime; |
| 883 | 885 | int rvChnged = 0; |
| 884 | 886 | int rvPerm = manifest_file_mperm(pRvFile); |
| 885 | 887 | |
| 886 | 888 |
| --- src/update.c | |
| +++ src/update.c | |
| @@ -876,10 +876,12 @@ | |
| 876 | " SET pathname=origname, origname=NULL" |
| 877 | " WHERE pathname=%Q AND origname!=pathname;" |
| 878 | "DELETE FROM vfile WHERE pathname=%Q", |
| 879 | zFile, zFile |
| 880 | ); |
| 881 | }else{ |
| 882 | sqlite3_int64 mtime; |
| 883 | int rvChnged = 0; |
| 884 | int rvPerm = manifest_file_mperm(pRvFile); |
| 885 | |
| 886 |
| --- src/update.c | |
| +++ src/update.c | |
| @@ -876,10 +876,12 @@ | |
| 876 | " SET pathname=origname, origname=NULL" |
| 877 | " WHERE pathname=%Q AND origname!=pathname;" |
| 878 | "DELETE FROM vfile WHERE pathname=%Q", |
| 879 | zFile, zFile |
| 880 | ); |
| 881 | }else if( file_unsafe_in_tree_path(zFull) ){ |
| 882 | /* Ignore this file */ |
| 883 | }else{ |
| 884 | sqlite3_int64 mtime; |
| 885 | int rvChnged = 0; |
| 886 | int rvPerm = manifest_file_mperm(pRvFile); |
| 887 | |
| 888 |
+2
| --- src/update.c | ||
| +++ src/update.c | ||
| @@ -876,10 +876,12 @@ | ||
| 876 | 876 | " SET pathname=origname, origname=NULL" |
| 877 | 877 | " WHERE pathname=%Q AND origname!=pathname;" |
| 878 | 878 | "DELETE FROM vfile WHERE pathname=%Q", |
| 879 | 879 | zFile, zFile |
| 880 | 880 | ); |
| 881 | + }else if( file_unsafe_in_tree_path(zFull) ){ | |
| 882 | + /* Ignore this file */ | |
| 881 | 883 | }else{ |
| 882 | 884 | sqlite3_int64 mtime; |
| 883 | 885 | int rvChnged = 0; |
| 884 | 886 | int rvPerm = manifest_file_mperm(pRvFile); |
| 885 | 887 | |
| 886 | 888 |
| --- src/update.c | |
| +++ src/update.c | |
| @@ -876,10 +876,12 @@ | |
| 876 | " SET pathname=origname, origname=NULL" |
| 877 | " WHERE pathname=%Q AND origname!=pathname;" |
| 878 | "DELETE FROM vfile WHERE pathname=%Q", |
| 879 | zFile, zFile |
| 880 | ); |
| 881 | }else{ |
| 882 | sqlite3_int64 mtime; |
| 883 | int rvChnged = 0; |
| 884 | int rvPerm = manifest_file_mperm(pRvFile); |
| 885 | |
| 886 |
| --- src/update.c | |
| +++ src/update.c | |
| @@ -876,10 +876,12 @@ | |
| 876 | " SET pathname=origname, origname=NULL" |
| 877 | " WHERE pathname=%Q AND origname!=pathname;" |
| 878 | "DELETE FROM vfile WHERE pathname=%Q", |
| 879 | zFile, zFile |
| 880 | ); |
| 881 | }else if( file_unsafe_in_tree_path(zFull) ){ |
| 882 | /* Ignore this file */ |
| 883 | }else{ |
| 884 | sqlite3_int64 mtime; |
| 885 | int rvChnged = 0; |
| 886 | int rvPerm = manifest_file_mperm(pRvFile); |
| 887 | |
| 888 |
+3
| --- src/vfile.c | ||
| +++ src/vfile.c | ||
| @@ -313,10 +313,13 @@ | ||
| 313 | 313 | id = db_column_int(&q, 0); |
| 314 | 314 | zName = db_column_text(&q, 1); |
| 315 | 315 | rid = db_column_int(&q, 2); |
| 316 | 316 | isExe = db_column_int(&q, 3); |
| 317 | 317 | isLink = db_column_int(&q, 4); |
| 318 | + if( file_unsafe_in_tree_path(zName) ){ | |
| 319 | + continue; | |
| 320 | + } | |
| 318 | 321 | content_get(rid, &content); |
| 319 | 322 | if( file_is_the_same(&content, zName) ){ |
| 320 | 323 | blob_reset(&content); |
| 321 | 324 | if( file_setexe(zName, isExe) ){ |
| 322 | 325 | db_multi_exec("UPDATE vfile SET mtime=%lld WHERE id=%d", |
| 323 | 326 |
| --- src/vfile.c | |
| +++ src/vfile.c | |
| @@ -313,10 +313,13 @@ | |
| 313 | id = db_column_int(&q, 0); |
| 314 | zName = db_column_text(&q, 1); |
| 315 | rid = db_column_int(&q, 2); |
| 316 | isExe = db_column_int(&q, 3); |
| 317 | isLink = db_column_int(&q, 4); |
| 318 | content_get(rid, &content); |
| 319 | if( file_is_the_same(&content, zName) ){ |
| 320 | blob_reset(&content); |
| 321 | if( file_setexe(zName, isExe) ){ |
| 322 | db_multi_exec("UPDATE vfile SET mtime=%lld WHERE id=%d", |
| 323 |
| --- src/vfile.c | |
| +++ src/vfile.c | |
| @@ -313,10 +313,13 @@ | |
| 313 | id = db_column_int(&q, 0); |
| 314 | zName = db_column_text(&q, 1); |
| 315 | rid = db_column_int(&q, 2); |
| 316 | isExe = db_column_int(&q, 3); |
| 317 | isLink = db_column_int(&q, 4); |
| 318 | if( file_unsafe_in_tree_path(zName) ){ |
| 319 | continue; |
| 320 | } |
| 321 | content_get(rid, &content); |
| 322 | if( file_is_the_same(&content, zName) ){ |
| 323 | blob_reset(&content); |
| 324 | if( file_setexe(zName, isExe) ){ |
| 325 | db_multi_exec("UPDATE vfile SET mtime=%lld WHERE id=%d", |
| 326 |