Fossil SCM
Require "Read" permission (capability "u") in order to access the /reports page. Fix for ticket [a757c4fca19d]
Commit
f48c84afd1ace490256164d0746a1cc1f0f7a528
Parent
b68a48ff5fef574…
1 file changed
+3
-1
+3
-1
| --- src/timeline.c | ||
| +++ src/timeline.c | ||
| @@ -2544,13 +2544,15 @@ | ||
| 2544 | 2544 | */ |
| 2545 | 2545 | void stats_report_page(){ |
| 2546 | 2546 | HQuery url; /* URL for various branch links */ |
| 2547 | 2547 | const char * zView = P("view"); /* Which view/report to show. */ |
| 2548 | 2548 | const char *zUserName = P("user"); |
| 2549 | + | |
| 2550 | + login_check_credentials(); | |
| 2551 | + if( !g.perm.Read ){ login_needed(); return; } | |
| 2549 | 2552 | if(!zUserName) zUserName = P("u"); |
| 2550 | 2553 | url_initialize(&url, "reports"); |
| 2551 | - | |
| 2552 | 2554 | if(zUserName && *zUserName){ |
| 2553 | 2555 | url_add_parameter(&url,"user", zUserName); |
| 2554 | 2556 | timeline_submenu(&url, "(Remove User Flag)", "view", zView, "user"); |
| 2555 | 2557 | } |
| 2556 | 2558 | timeline_submenu(&url, "By Year", "view", "byyear", 0); |
| 2557 | 2559 |
| --- src/timeline.c | |
| +++ src/timeline.c | |
| @@ -2544,13 +2544,15 @@ | |
| 2544 | */ |
| 2545 | void stats_report_page(){ |
| 2546 | HQuery url; /* URL for various branch links */ |
| 2547 | const char * zView = P("view"); /* Which view/report to show. */ |
| 2548 | const char *zUserName = P("user"); |
| 2549 | if(!zUserName) zUserName = P("u"); |
| 2550 | url_initialize(&url, "reports"); |
| 2551 | |
| 2552 | if(zUserName && *zUserName){ |
| 2553 | url_add_parameter(&url,"user", zUserName); |
| 2554 | timeline_submenu(&url, "(Remove User Flag)", "view", zView, "user"); |
| 2555 | } |
| 2556 | timeline_submenu(&url, "By Year", "view", "byyear", 0); |
| 2557 |
| --- src/timeline.c | |
| +++ src/timeline.c | |
| @@ -2544,13 +2544,15 @@ | |
| 2544 | */ |
| 2545 | void stats_report_page(){ |
| 2546 | HQuery url; /* URL for various branch links */ |
| 2547 | const char * zView = P("view"); /* Which view/report to show. */ |
| 2548 | const char *zUserName = P("user"); |
| 2549 | |
| 2550 | login_check_credentials(); |
| 2551 | if( !g.perm.Read ){ login_needed(); return; } |
| 2552 | if(!zUserName) zUserName = P("u"); |
| 2553 | url_initialize(&url, "reports"); |
| 2554 | if(zUserName && *zUserName){ |
| 2555 | url_add_parameter(&url,"user", zUserName); |
| 2556 | timeline_submenu(&url, "(Remove User Flag)", "view", zView, "user"); |
| 2557 | } |
| 2558 | timeline_submenu(&url, "By Year", "view", "byyear", 0); |
| 2559 |