Fossil SCM
Cleanup of the "admin_sql" web page (formerly "admin/sql").
Commit
ef432c201469375de3aa9eb3e81ef384f42cf65c
Parent
a25092b14ca85df…
1 file changed
+10
-39
+10
-39
| --- src/admin.c | ||
| +++ src/admin.c | ||
| @@ -41,40 +41,37 @@ | ||
| 41 | 41 | const char *zArg3, |
| 42 | 42 | const char *zArg4 |
| 43 | 43 | ){ |
| 44 | 44 | int rc = SQLITE_DENY; |
| 45 | 45 | switch( type ){ |
| 46 | - case SQLITE_READ: | |
| 46 | + case SQLITE_READ: { | |
| 47 | + if( strcmp(zArg2,"pw")==0 ){ | |
| 48 | + rc = SQLITE_IGNORE; | |
| 49 | + }else{ | |
| 50 | + rc = SQLITE_OK; | |
| 51 | + } | |
| 52 | + break; | |
| 53 | + } | |
| 54 | + case SQLITE_FUNCTION: | |
| 47 | 55 | case SQLITE_SELECT: { |
| 48 | 56 | rc = SQLITE_OK; |
| 49 | 57 | break; |
| 50 | 58 | } |
| 51 | 59 | } |
| 52 | 60 | return rc; |
| 53 | 61 | } |
| 54 | 62 | |
| 55 | - | |
| 56 | -void admin_prepare_submenu(){ | |
| 57 | - if( g.okAdmin ){ | |
| 58 | - style_submenu_element("Main", "Main admin page", "%s/admin", g.zTop ); | |
| 59 | - style_submenu_element("SQL", "SQL page", "%s/admin/sql", g.zTop ); | |
| 60 | - style_submenu_element("Setup", "Setup page", "%s/setup", g.zTop ); | |
| 61 | - } | |
| 62 | -} | |
| 63 | - | |
| 64 | - | |
| 65 | 63 | /* |
| 66 | -** WEBPAGE: /admin/sql | |
| 64 | +** WEBPAGE: admin_sql | |
| 67 | 65 | */ |
| 68 | 66 | void admin_sql_page(void){ |
| 69 | 67 | const char *zSql = PD("sql",""); |
| 70 | 68 | login_check_credentials(); |
| 71 | 69 | if( !g.okAdmin ){ |
| 72 | 70 | login_needed(); |
| 73 | 71 | return; |
| 74 | 72 | } |
| 75 | - admin_prepare_submenu(); | |
| 76 | 73 | style_header("Admin SQL"); |
| 77 | 74 | @ <h2>SQL:</h2> |
| 78 | 75 | @ You can enter only SELECT statements here, and some SQL-side functions |
| 79 | 76 | @ are also restricted.<br/> |
| 80 | 77 | @ <form action='' method='post'> |
| @@ -87,33 +84,7 @@ | ||
| 87 | 84 | login_verify_csrf_secret(); |
| 88 | 85 | sqlite3_set_authorizer(g.db, selectOnly, 0); |
| 89 | 86 | db_generic_query_view(zSql, 0); |
| 90 | 87 | sqlite3_set_authorizer(g.db, 0, 0); |
| 91 | 88 | } |
| 92 | - style_footer(); | |
| 93 | -} | |
| 94 | - | |
| 95 | -/* | |
| 96 | -** WEBPAGE: /admin | |
| 97 | -*/ | |
| 98 | -void admin_page(void){ | |
| 99 | - login_check_credentials(); | |
| 100 | - if( !g.okAdmin ){ | |
| 101 | - login_needed(); | |
| 102 | - return; | |
| 103 | - } | |
| 104 | - if( g.zExtra && g.zExtra[0] ){ | |
| 105 | - if(g.zExtra == strstr(g.zExtra,"sql")) admin_sql_page(); | |
| 106 | - /* FIXME: ^^^ this ^^^ is an awful lot of work, especially once | |
| 107 | - ** the paths deepen. Figure out a way to simplify dispatching. | |
| 108 | - */ | |
| 109 | - return; | |
| 110 | - } | |
| 111 | - admin_prepare_submenu(); | |
| 112 | - style_header("Admin"); | |
| 113 | - @ <h2>Links:</h2> | |
| 114 | - @ <ul> | |
| 115 | - @ <li><a href='%s(g.zBaseURL)/setup'>Fossil WWW Setup</a></li> | |
| 116 | - @ <li><a href='%s(g.zBaseURL)/admin/sql'>Run SQL queries</a></li> | |
| 117 | - @ </ul> | |
| 118 | 89 | style_footer(); |
| 119 | 90 | } |
| 120 | 91 |
| --- src/admin.c | |
| +++ src/admin.c | |
| @@ -41,40 +41,37 @@ | |
| 41 | const char *zArg3, |
| 42 | const char *zArg4 |
| 43 | ){ |
| 44 | int rc = SQLITE_DENY; |
| 45 | switch( type ){ |
| 46 | case SQLITE_READ: |
| 47 | case SQLITE_SELECT: { |
| 48 | rc = SQLITE_OK; |
| 49 | break; |
| 50 | } |
| 51 | } |
| 52 | return rc; |
| 53 | } |
| 54 | |
| 55 | |
| 56 | void admin_prepare_submenu(){ |
| 57 | if( g.okAdmin ){ |
| 58 | style_submenu_element("Main", "Main admin page", "%s/admin", g.zTop ); |
| 59 | style_submenu_element("SQL", "SQL page", "%s/admin/sql", g.zTop ); |
| 60 | style_submenu_element("Setup", "Setup page", "%s/setup", g.zTop ); |
| 61 | } |
| 62 | } |
| 63 | |
| 64 | |
| 65 | /* |
| 66 | ** WEBPAGE: /admin/sql |
| 67 | */ |
| 68 | void admin_sql_page(void){ |
| 69 | const char *zSql = PD("sql",""); |
| 70 | login_check_credentials(); |
| 71 | if( !g.okAdmin ){ |
| 72 | login_needed(); |
| 73 | return; |
| 74 | } |
| 75 | admin_prepare_submenu(); |
| 76 | style_header("Admin SQL"); |
| 77 | @ <h2>SQL:</h2> |
| 78 | @ You can enter only SELECT statements here, and some SQL-side functions |
| 79 | @ are also restricted.<br/> |
| 80 | @ <form action='' method='post'> |
| @@ -87,33 +84,7 @@ | |
| 87 | login_verify_csrf_secret(); |
| 88 | sqlite3_set_authorizer(g.db, selectOnly, 0); |
| 89 | db_generic_query_view(zSql, 0); |
| 90 | sqlite3_set_authorizer(g.db, 0, 0); |
| 91 | } |
| 92 | style_footer(); |
| 93 | } |
| 94 | |
| 95 | /* |
| 96 | ** WEBPAGE: /admin |
| 97 | */ |
| 98 | void admin_page(void){ |
| 99 | login_check_credentials(); |
| 100 | if( !g.okAdmin ){ |
| 101 | login_needed(); |
| 102 | return; |
| 103 | } |
| 104 | if( g.zExtra && g.zExtra[0] ){ |
| 105 | if(g.zExtra == strstr(g.zExtra,"sql")) admin_sql_page(); |
| 106 | /* FIXME: ^^^ this ^^^ is an awful lot of work, especially once |
| 107 | ** the paths deepen. Figure out a way to simplify dispatching. |
| 108 | */ |
| 109 | return; |
| 110 | } |
| 111 | admin_prepare_submenu(); |
| 112 | style_header("Admin"); |
| 113 | @ <h2>Links:</h2> |
| 114 | @ <ul> |
| 115 | @ <li><a href='%s(g.zBaseURL)/setup'>Fossil WWW Setup</a></li> |
| 116 | @ <li><a href='%s(g.zBaseURL)/admin/sql'>Run SQL queries</a></li> |
| 117 | @ </ul> |
| 118 | style_footer(); |
| 119 | } |
| 120 |
| --- src/admin.c | |
| +++ src/admin.c | |
| @@ -41,40 +41,37 @@ | |
| 41 | const char *zArg3, |
| 42 | const char *zArg4 |
| 43 | ){ |
| 44 | int rc = SQLITE_DENY; |
| 45 | switch( type ){ |
| 46 | case SQLITE_READ: { |
| 47 | if( strcmp(zArg2,"pw")==0 ){ |
| 48 | rc = SQLITE_IGNORE; |
| 49 | }else{ |
| 50 | rc = SQLITE_OK; |
| 51 | } |
| 52 | break; |
| 53 | } |
| 54 | case SQLITE_FUNCTION: |
| 55 | case SQLITE_SELECT: { |
| 56 | rc = SQLITE_OK; |
| 57 | break; |
| 58 | } |
| 59 | } |
| 60 | return rc; |
| 61 | } |
| 62 | |
| 63 | /* |
| 64 | ** WEBPAGE: admin_sql |
| 65 | */ |
| 66 | void admin_sql_page(void){ |
| 67 | const char *zSql = PD("sql",""); |
| 68 | login_check_credentials(); |
| 69 | if( !g.okAdmin ){ |
| 70 | login_needed(); |
| 71 | return; |
| 72 | } |
| 73 | style_header("Admin SQL"); |
| 74 | @ <h2>SQL:</h2> |
| 75 | @ You can enter only SELECT statements here, and some SQL-side functions |
| 76 | @ are also restricted.<br/> |
| 77 | @ <form action='' method='post'> |
| @@ -87,33 +84,7 @@ | |
| 84 | login_verify_csrf_secret(); |
| 85 | sqlite3_set_authorizer(g.db, selectOnly, 0); |
| 86 | db_generic_query_view(zSql, 0); |
| 87 | sqlite3_set_authorizer(g.db, 0, 0); |
| 88 | } |
| 89 | style_footer(); |
| 90 | } |
| 91 |