Fossil SCM
Various minor cleanups.
Commit
f850be30ff91896b7c0daed8b801b8d24bbcde56735e74d50033992b21f8be16
Parent
059760519fb0a26…
3 files changed
+48
-4
+5
-10
+9
-6
+48
-4
| --- src/attach.c | ||
| +++ src/attach.c | ||
| @@ -55,10 +55,48 @@ | ||
| 55 | 55 | rc = db_column_int(&q, 0); |
| 56 | 56 | } |
| 57 | 57 | db_reset(&q); |
| 58 | 58 | return rc; |
| 59 | 59 | } |
| 60 | + | |
| 61 | +/* | |
| 62 | +** For a given aritfact ID and type, returns true if the current user | |
| 63 | +** could hypothetically attach something to it, else returns 0. | |
| 64 | +** | |
| 65 | +** The rid is currently only relevant when iArtifactType is | |
| 66 | +** CFTYPE_FORUM. For forum posts, it checks precisely the rid given, | |
| 67 | +** not the head RID, to keep non-admins from attaching files to | |
| 68 | +** threads which have since been taken over by another user (this | |
| 69 | +** happens when an admin edits another user's post). | |
| 70 | +*/ | |
| 71 | +int attach_user_may(int rid, int iArtifactType){ | |
| 72 | + if( g.perm.Admin ) return 1; | |
| 73 | + if( !login_is_individual() ) return 0; | |
| 74 | + switch(iArtifactType){ | |
| 75 | + case CFTYPE_FORUM: | |
| 76 | + return forumpost_is_owner(rid, 0); | |
| 77 | + case CFTYPE_WIKI: | |
| 78 | + return g.perm.ApndWiki && g.perm.Attach==0; | |
| 79 | + case CFTYPE_TICKET: | |
| 80 | + return g.perm.ApndTkt && g.perm.Attach==0; | |
| 81 | + case CFTYPE_EVENT: | |
| 82 | + return g.perm.Write && g.perm.ApndWiki && g.perm.Attach; | |
| 83 | + default: | |
| 84 | + return 0; | |
| 85 | + } | |
| 86 | +} | |
| 87 | + | |
| 88 | +/* | |
| 89 | +** Emits a single-button FORM which invokes | |
| 90 | +** /attachadd?target=$zTarget. | |
| 91 | +*/ | |
| 92 | +void attach_emit_attachadd_button(const char *zTarget){ | |
| 93 | + @ <form method="post" action="%R/attachadd">\ | |
| 94 | + @ <input type="hidden" name="target" value="%T(zTarget)">\ | |
| 95 | + @ <input type="submit" value="Attach..."> | |
| 96 | + @ </form>\ | |
| 97 | +} | |
| 60 | 98 | |
| 61 | 99 | /* |
| 62 | 100 | ** WEBPAGE: attachlist |
| 63 | 101 | ** List attachments. |
| 64 | 102 | ** |
| @@ -519,11 +557,14 @@ | ||
| 519 | 557 | /* This check must be done late so that zTargetType is set up. */ |
| 520 | 558 | @ <p class="generalError">Attachment %h(zName) is too large. |
| 521 | 559 | @ <a href="%R/help/attachment-size-limit">Limit</a> is |
| 522 | 560 | @ %d(szLimit ? szLimit : 0x7fffffff) bytes</p> |
| 523 | 561 | /* Fall through and render form. */ |
| 524 | - }else if( P("ok") && szContent>0 && (goodCaptcha = captcha_is_correct(0)) ){ | |
| 562 | + }else if( P("ok") | |
| 563 | + && cgi_csrf_safe(2) | |
| 564 | + && szContent>0 | |
| 565 | + && (goodCaptcha = captcha_is_correct(0)) ){ | |
| 525 | 566 | int needModerator = (zForumPost!=0 && forum_need_moderation()) || |
| 526 | 567 | (zTkt!=0 && ticket_need_moderation(0)) || |
| 527 | 568 | (zPage!=0 && wiki_need_moderation(0)); |
| 528 | 569 | attach_commit(zName, zTarget, aContent, szContent, needModerator, zComment); |
| 529 | 570 | cgi_redirect(zTo ? zTo : zFrom); |
| @@ -554,10 +595,11 @@ | ||
| 554 | 595 | @ <input type="hidden" name="from" value="%h(zFrom)"> |
| 555 | 596 | @ <input type="submit" name="ok" value="Add Attachment"> |
| 556 | 597 | @ <input type="submit" name="cancel" value="Cancel"> |
| 557 | 598 | @ </div> |
| 558 | 599 | captcha_generate(0); |
| 600 | + login_insert_csrf_secret(); | |
| 559 | 601 | @ </form> |
| 560 | 602 | builtin_fossil_js_bundle_or("attach", NULL); |
| 561 | 603 | style_finish_page(); |
| 562 | 604 | fossil_free(zTargetType); |
| 563 | 605 | fossil_free(zExtraFree); |
| @@ -742,11 +784,10 @@ | ||
| 742 | 784 | const char *zTarget = P("target"); |
| 743 | 785 | char *zTo = 0; |
| 744 | 786 | char *zTargetType = 0; |
| 745 | 787 | char *zExtraFree = 0; |
| 746 | 788 | int iTgtType = 0; |
| 747 | - int szContent = 0; | |
| 748 | 789 | int goodCaptcha = 1; |
| 749 | 790 | |
| 750 | 791 | if( zFrom==0 ) zFrom = mprintf("%R/home"); |
| 751 | 792 | if( P("cancel") ) cgi_redirect(zFrom); |
| 752 | 793 | if( 0==zTarget ){ |
| @@ -828,14 +869,16 @@ | ||
| 828 | 869 | @ <p class="generalError">Error: Incorrect security code.</p> |
| 829 | 870 | } |
| 830 | 871 | @ <h2>Attachments for %s(zTargetType)</h2> |
| 831 | 872 | attachment_list(zTarget, NULL, |
| 832 | 873 | ATTACHLIST_SIZE | ATTACHLIST_HIDE_UNAPPROVED); |
| 833 | - /* Form gets fleshed out and activate from fossil.attach.js. */ | |
| 834 | 874 | @ <div id='attachadd-form-wrapper'> |
| 875 | + /* JS code imports these hidden fields into a form it generates. */ | |
| 835 | 876 | @ <input type="hidden" name="target" value="%h(zTarget)"> |
| 836 | - @ <input type="hidden" name="from" value="%h(zFrom)"> | |
| 877 | + if( zFrom ){ | |
| 878 | + @ <input type="hidden" name="from" value="%h(zFrom)"> | |
| 879 | + } | |
| 837 | 880 | if( zTo ){ |
| 838 | 881 | @ <input type="hidden" name="to" value="%h(zTo)"> |
| 839 | 882 | } |
| 840 | 883 | captcha_generate(0); |
| 841 | 884 | login_insert_csrf_secret(); |
| @@ -1340,5 +1383,6 @@ | ||
| 1340 | 1383 | } |
| 1341 | 1384 | db_reset(&q); |
| 1342 | 1385 | } |
| 1343 | 1386 | db_finalize(&q); |
| 1344 | 1387 | } |
| 1388 | + | |
| 1345 | 1389 |
| --- src/attach.c | |
| +++ src/attach.c | |
| @@ -55,10 +55,48 @@ | |
| 55 | rc = db_column_int(&q, 0); |
| 56 | } |
| 57 | db_reset(&q); |
| 58 | return rc; |
| 59 | } |
| 60 | |
| 61 | /* |
| 62 | ** WEBPAGE: attachlist |
| 63 | ** List attachments. |
| 64 | ** |
| @@ -519,11 +557,14 @@ | |
| 519 | /* This check must be done late so that zTargetType is set up. */ |
| 520 | @ <p class="generalError">Attachment %h(zName) is too large. |
| 521 | @ <a href="%R/help/attachment-size-limit">Limit</a> is |
| 522 | @ %d(szLimit ? szLimit : 0x7fffffff) bytes</p> |
| 523 | /* Fall through and render form. */ |
| 524 | }else if( P("ok") && szContent>0 && (goodCaptcha = captcha_is_correct(0)) ){ |
| 525 | int needModerator = (zForumPost!=0 && forum_need_moderation()) || |
| 526 | (zTkt!=0 && ticket_need_moderation(0)) || |
| 527 | (zPage!=0 && wiki_need_moderation(0)); |
| 528 | attach_commit(zName, zTarget, aContent, szContent, needModerator, zComment); |
| 529 | cgi_redirect(zTo ? zTo : zFrom); |
| @@ -554,10 +595,11 @@ | |
| 554 | @ <input type="hidden" name="from" value="%h(zFrom)"> |
| 555 | @ <input type="submit" name="ok" value="Add Attachment"> |
| 556 | @ <input type="submit" name="cancel" value="Cancel"> |
| 557 | @ </div> |
| 558 | captcha_generate(0); |
| 559 | @ </form> |
| 560 | builtin_fossil_js_bundle_or("attach", NULL); |
| 561 | style_finish_page(); |
| 562 | fossil_free(zTargetType); |
| 563 | fossil_free(zExtraFree); |
| @@ -742,11 +784,10 @@ | |
| 742 | const char *zTarget = P("target"); |
| 743 | char *zTo = 0; |
| 744 | char *zTargetType = 0; |
| 745 | char *zExtraFree = 0; |
| 746 | int iTgtType = 0; |
| 747 | int szContent = 0; |
| 748 | int goodCaptcha = 1; |
| 749 | |
| 750 | if( zFrom==0 ) zFrom = mprintf("%R/home"); |
| 751 | if( P("cancel") ) cgi_redirect(zFrom); |
| 752 | if( 0==zTarget ){ |
| @@ -828,14 +869,16 @@ | |
| 828 | @ <p class="generalError">Error: Incorrect security code.</p> |
| 829 | } |
| 830 | @ <h2>Attachments for %s(zTargetType)</h2> |
| 831 | attachment_list(zTarget, NULL, |
| 832 | ATTACHLIST_SIZE | ATTACHLIST_HIDE_UNAPPROVED); |
| 833 | /* Form gets fleshed out and activate from fossil.attach.js. */ |
| 834 | @ <div id='attachadd-form-wrapper'> |
| 835 | @ <input type="hidden" name="target" value="%h(zTarget)"> |
| 836 | @ <input type="hidden" name="from" value="%h(zFrom)"> |
| 837 | if( zTo ){ |
| 838 | @ <input type="hidden" name="to" value="%h(zTo)"> |
| 839 | } |
| 840 | captcha_generate(0); |
| 841 | login_insert_csrf_secret(); |
| @@ -1340,5 +1383,6 @@ | |
| 1340 | } |
| 1341 | db_reset(&q); |
| 1342 | } |
| 1343 | db_finalize(&q); |
| 1344 | } |
| 1345 |
| --- src/attach.c | |
| +++ src/attach.c | |
| @@ -55,10 +55,48 @@ | |
| 55 | rc = db_column_int(&q, 0); |
| 56 | } |
| 57 | db_reset(&q); |
| 58 | return rc; |
| 59 | } |
| 60 | |
| 61 | /* |
| 62 | ** For a given aritfact ID and type, returns true if the current user |
| 63 | ** could hypothetically attach something to it, else returns 0. |
| 64 | ** |
| 65 | ** The rid is currently only relevant when iArtifactType is |
| 66 | ** CFTYPE_FORUM. For forum posts, it checks precisely the rid given, |
| 67 | ** not the head RID, to keep non-admins from attaching files to |
| 68 | ** threads which have since been taken over by another user (this |
| 69 | ** happens when an admin edits another user's post). |
| 70 | */ |
| 71 | int attach_user_may(int rid, int iArtifactType){ |
| 72 | if( g.perm.Admin ) return 1; |
| 73 | if( !login_is_individual() ) return 0; |
| 74 | switch(iArtifactType){ |
| 75 | case CFTYPE_FORUM: |
| 76 | return forumpost_is_owner(rid, 0); |
| 77 | case CFTYPE_WIKI: |
| 78 | return g.perm.ApndWiki && g.perm.Attach==0; |
| 79 | case CFTYPE_TICKET: |
| 80 | return g.perm.ApndTkt && g.perm.Attach==0; |
| 81 | case CFTYPE_EVENT: |
| 82 | return g.perm.Write && g.perm.ApndWiki && g.perm.Attach; |
| 83 | default: |
| 84 | return 0; |
| 85 | } |
| 86 | } |
| 87 | |
| 88 | /* |
| 89 | ** Emits a single-button FORM which invokes |
| 90 | ** /attachadd?target=$zTarget. |
| 91 | */ |
| 92 | void attach_emit_attachadd_button(const char *zTarget){ |
| 93 | @ <form method="post" action="%R/attachadd">\ |
| 94 | @ <input type="hidden" name="target" value="%T(zTarget)">\ |
| 95 | @ <input type="submit" value="Attach..."> |
| 96 | @ </form>\ |
| 97 | } |
| 98 | |
| 99 | /* |
| 100 | ** WEBPAGE: attachlist |
| 101 | ** List attachments. |
| 102 | ** |
| @@ -519,11 +557,14 @@ | |
| 557 | /* This check must be done late so that zTargetType is set up. */ |
| 558 | @ <p class="generalError">Attachment %h(zName) is too large. |
| 559 | @ <a href="%R/help/attachment-size-limit">Limit</a> is |
| 560 | @ %d(szLimit ? szLimit : 0x7fffffff) bytes</p> |
| 561 | /* Fall through and render form. */ |
| 562 | }else if( P("ok") |
| 563 | && cgi_csrf_safe(2) |
| 564 | && szContent>0 |
| 565 | && (goodCaptcha = captcha_is_correct(0)) ){ |
| 566 | int needModerator = (zForumPost!=0 && forum_need_moderation()) || |
| 567 | (zTkt!=0 && ticket_need_moderation(0)) || |
| 568 | (zPage!=0 && wiki_need_moderation(0)); |
| 569 | attach_commit(zName, zTarget, aContent, szContent, needModerator, zComment); |
| 570 | cgi_redirect(zTo ? zTo : zFrom); |
| @@ -554,10 +595,11 @@ | |
| 595 | @ <input type="hidden" name="from" value="%h(zFrom)"> |
| 596 | @ <input type="submit" name="ok" value="Add Attachment"> |
| 597 | @ <input type="submit" name="cancel" value="Cancel"> |
| 598 | @ </div> |
| 599 | captcha_generate(0); |
| 600 | login_insert_csrf_secret(); |
| 601 | @ </form> |
| 602 | builtin_fossil_js_bundle_or("attach", NULL); |
| 603 | style_finish_page(); |
| 604 | fossil_free(zTargetType); |
| 605 | fossil_free(zExtraFree); |
| @@ -742,11 +784,10 @@ | |
| 784 | const char *zTarget = P("target"); |
| 785 | char *zTo = 0; |
| 786 | char *zTargetType = 0; |
| 787 | char *zExtraFree = 0; |
| 788 | int iTgtType = 0; |
| 789 | int goodCaptcha = 1; |
| 790 | |
| 791 | if( zFrom==0 ) zFrom = mprintf("%R/home"); |
| 792 | if( P("cancel") ) cgi_redirect(zFrom); |
| 793 | if( 0==zTarget ){ |
| @@ -828,14 +869,16 @@ | |
| 869 | @ <p class="generalError">Error: Incorrect security code.</p> |
| 870 | } |
| 871 | @ <h2>Attachments for %s(zTargetType)</h2> |
| 872 | attachment_list(zTarget, NULL, |
| 873 | ATTACHLIST_SIZE | ATTACHLIST_HIDE_UNAPPROVED); |
| 874 | @ <div id='attachadd-form-wrapper'> |
| 875 | /* JS code imports these hidden fields into a form it generates. */ |
| 876 | @ <input type="hidden" name="target" value="%h(zTarget)"> |
| 877 | if( zFrom ){ |
| 878 | @ <input type="hidden" name="from" value="%h(zFrom)"> |
| 879 | } |
| 880 | if( zTo ){ |
| 881 | @ <input type="hidden" name="to" value="%h(zTo)"> |
| 882 | } |
| 883 | captcha_generate(0); |
| 884 | login_insert_csrf_secret(); |
| @@ -1340,5 +1383,6 @@ | |
| 1383 | } |
| 1384 | db_reset(&q); |
| 1385 | } |
| 1386 | db_finalize(&q); |
| 1387 | } |
| 1388 | |
| 1389 |
+5
-10
| --- src/forum.c | ||
| +++ src/forum.c | ||
| @@ -865,11 +865,13 @@ | ||
| 865 | 865 | /* |
| 866 | 866 | ** Returns true if the current user is authorized to set forum post |
| 867 | 867 | ** fpid's status. |
| 868 | 868 | */ |
| 869 | 869 | static int forum_may_set_status(int fpid){ |
| 870 | - return g.perm.Admin | |
| 870 | + if( moderation_pending(fpid) ) return 0; | |
| 871 | + return | |
| 872 | + g.perm.Admin | |
| 871 | 873 | || g.perm.ModForum |
| 872 | 874 | || (login_is_individual() |
| 873 | 875 | && forumpost_is_owner(fpid, 0)); |
| 874 | 876 | } |
| 875 | 877 | |
| @@ -1272,24 +1274,17 @@ | ||
| 1272 | 1274 | @ %s(iClosed ? "action-reopen" : "action-close")'/> |
| 1273 | 1275 | /* ^^^ activated by fossil.page.forumpost.js */ |
| 1274 | 1276 | } |
| 1275 | 1277 | @ </form> |
| 1276 | 1278 | } |
| 1277 | - if( g.perm.Admin || | |
| 1278 | - (login_is_individual() | |
| 1279 | - && forumpost_is_owner(p/*not pHead*/->fpid, 0)) ){ | |
| 1279 | + if( attach_user_may(p/*not pHead*/->fpid, CFTYPE_FORUM) ){ | |
| 1280 | 1280 | /* When an admin edits someone else's post, the admin |
| 1281 | 1281 | ** effectively takes over ownership of it (and we currently |
| 1282 | 1282 | ** have no way of passing it back). Because of this, we |
| 1283 | 1283 | ** check the ownership of `p` instead of `pHead`. */ |
| 1284 | - @ <form method="post" action="%R/attachadd" \ | |
| 1285 | - @ class='file-attach'>\ | |
| 1286 | - @ <input type="hidden" name="target" value="%T(pHead->zUuid)"> | |
| 1287 | - @ <input type="submit" value="Attach..."> | |
| 1288 | - login_insert_csrf_secret(); | |
| 1284 | + attach_emit_attachadd_button(pHead->zUuid); | |
| 1289 | 1285 | moderation_pending_www(p->fpid); |
| 1290 | - @ </form> | |
| 1291 | 1286 | } |
| 1292 | 1287 | } |
| 1293 | 1288 | @ </div> |
| 1294 | 1289 | } |
| 1295 | 1290 | if( !p->pIrt && (flags & FDISPLAY_SELECTED)){ |
| 1296 | 1291 |
| --- src/forum.c | |
| +++ src/forum.c | |
| @@ -865,11 +865,13 @@ | |
| 865 | /* |
| 866 | ** Returns true if the current user is authorized to set forum post |
| 867 | ** fpid's status. |
| 868 | */ |
| 869 | static int forum_may_set_status(int fpid){ |
| 870 | return g.perm.Admin |
| 871 | || g.perm.ModForum |
| 872 | || (login_is_individual() |
| 873 | && forumpost_is_owner(fpid, 0)); |
| 874 | } |
| 875 | |
| @@ -1272,24 +1274,17 @@ | |
| 1272 | @ %s(iClosed ? "action-reopen" : "action-close")'/> |
| 1273 | /* ^^^ activated by fossil.page.forumpost.js */ |
| 1274 | } |
| 1275 | @ </form> |
| 1276 | } |
| 1277 | if( g.perm.Admin || |
| 1278 | (login_is_individual() |
| 1279 | && forumpost_is_owner(p/*not pHead*/->fpid, 0)) ){ |
| 1280 | /* When an admin edits someone else's post, the admin |
| 1281 | ** effectively takes over ownership of it (and we currently |
| 1282 | ** have no way of passing it back). Because of this, we |
| 1283 | ** check the ownership of `p` instead of `pHead`. */ |
| 1284 | @ <form method="post" action="%R/attachadd" \ |
| 1285 | @ class='file-attach'>\ |
| 1286 | @ <input type="hidden" name="target" value="%T(pHead->zUuid)"> |
| 1287 | @ <input type="submit" value="Attach..."> |
| 1288 | login_insert_csrf_secret(); |
| 1289 | moderation_pending_www(p->fpid); |
| 1290 | @ </form> |
| 1291 | } |
| 1292 | } |
| 1293 | @ </div> |
| 1294 | } |
| 1295 | if( !p->pIrt && (flags & FDISPLAY_SELECTED)){ |
| 1296 |
| --- src/forum.c | |
| +++ src/forum.c | |
| @@ -865,11 +865,13 @@ | |
| 865 | /* |
| 866 | ** Returns true if the current user is authorized to set forum post |
| 867 | ** fpid's status. |
| 868 | */ |
| 869 | static int forum_may_set_status(int fpid){ |
| 870 | if( moderation_pending(fpid) ) return 0; |
| 871 | return |
| 872 | g.perm.Admin |
| 873 | || g.perm.ModForum |
| 874 | || (login_is_individual() |
| 875 | && forumpost_is_owner(fpid, 0)); |
| 876 | } |
| 877 | |
| @@ -1272,24 +1274,17 @@ | |
| 1274 | @ %s(iClosed ? "action-reopen" : "action-close")'/> |
| 1275 | /* ^^^ activated by fossil.page.forumpost.js */ |
| 1276 | } |
| 1277 | @ </form> |
| 1278 | } |
| 1279 | if( attach_user_may(p/*not pHead*/->fpid, CFTYPE_FORUM) ){ |
| 1280 | /* When an admin edits someone else's post, the admin |
| 1281 | ** effectively takes over ownership of it (and we currently |
| 1282 | ** have no way of passing it back). Because of this, we |
| 1283 | ** check the ownership of `p` instead of `pHead`. */ |
| 1284 | attach_emit_attachadd_button(pHead->zUuid); |
| 1285 | moderation_pending_www(p->fpid); |
| 1286 | } |
| 1287 | } |
| 1288 | @ </div> |
| 1289 | } |
| 1290 | if( !p->pIrt && (flags & FDISPLAY_SELECTED)){ |
| 1291 |
+9
-6
| --- src/fossil.attach.js | ||
| +++ src/fossil.attach.js | ||
| @@ -480,12 +480,12 @@ | ||
| 480 | 480 | return i; |
| 481 | 481 | } |
| 482 | 482 | }/*Attacher*/; |
| 483 | 483 | F.Attacher = Attacher; |
| 484 | 484 | |
| 485 | - const eFormDiv = document.querySelector('#attachadd-form-wrapper'); | |
| 486 | - if( eFormDiv ){ | |
| 485 | + const eFormWrapper = document.querySelector('#attachadd-form-wrapper'); | |
| 486 | + if( eFormWrapper ){ | |
| 487 | 487 | /* Inject a file-attachment form. */ |
| 488 | 488 | const urlArgs = new URLSearchParams(window.location.search); |
| 489 | 489 | let zTarget = urlArgs.get('target'); |
| 490 | 490 | let zTo = urlArgs.get('to') || urlArgs.get('from'); |
| 491 | 491 | const eBtnSubmit = D.button("Submit"); |
| @@ -500,11 +500,11 @@ | ||
| 500 | 500 | const cbAttacherChange = (ev)=>{ |
| 501 | 501 | const a = ev.detail.attacher; |
| 502 | 502 | updateBtnSubmit(a); |
| 503 | 503 | }; |
| 504 | 504 | const att = new Attacher({ |
| 505 | - container: eFormDiv, | |
| 505 | + container: eFormWrapper, | |
| 506 | 506 | startWith: 1, |
| 507 | 507 | listener: cbAttacherChange, |
| 508 | 508 | controls: [eBtnSubmit], |
| 509 | 509 | description: false |
| 510 | 510 | }); |
| @@ -520,11 +520,14 @@ | ||
| 520 | 520 | for(const row of li){ |
| 521 | 521 | ++i; |
| 522 | 522 | fd.append('file'+i, row.content); |
| 523 | 523 | if( row.description ) fd.append('file'+i+'_desc', row.description); |
| 524 | 524 | } |
| 525 | - for( const eIn of eFormDiv.querySelectorAll(':scope > input[type="hidden"]') ){ | |
| 525 | + for( const eIn of eFormWrapper.querySelectorAll( | |
| 526 | + ':scope > input[type="hidden"]' | |
| 527 | + ) ){ | |
| 528 | + /* Copy over hidden input fields emitted by the server. */ | |
| 526 | 529 | if( eIn.name==='target' ){ |
| 527 | 530 | zTarget = eIn.value; |
| 528 | 531 | }else if( eIn.name==='to' || (eIn.name==='from' && !zTo) ){ |
| 529 | 532 | zTo = eIn.value; |
| 530 | 533 | } |
| @@ -541,11 +544,11 @@ | ||
| 541 | 544 | err = e; |
| 542 | 545 | }); |
| 543 | 546 | D.enable(eBtnSubmit); |
| 544 | 547 | delete eBtnSubmit.dataset.submitted; |
| 545 | 548 | const jr = err ? undefined : await resp.json().catch(()=>{}); |
| 546 | - if( jr?.error || !resp.ok ){ | |
| 549 | + if( err || jr?.error || !resp.ok ){ | |
| 547 | 550 | const msg = err ? err.message : (jr?.error || resp.statusText); |
| 548 | 551 | att.reportError("Attaching failed: ", msg); |
| 549 | 552 | }else{ |
| 550 | 553 | att.clear(); |
| 551 | 554 | let to = zTo || jr?.redirect; |
| @@ -552,15 +555,15 @@ | ||
| 552 | 555 | if( to ){ |
| 553 | 556 | if( '/'!==to[0] ){ |
| 554 | 557 | to = F.repoUrl(to); |
| 555 | 558 | } |
| 556 | 559 | window.location = to; |
| 557 | - }else{ | |
| 560 | + }else if( target ){ | |
| 558 | 561 | window.location = '?target='+zTarget+'&'+Date.now(); |
| 559 | 562 | } |
| 560 | 563 | } |
| 561 | 564 | })/*submit handler*/; |
| 562 | 565 | updateBtnSubmit(att); |
| 563 | 566 | F.page.attacher = att /* only for testing via dev console */; |
| 564 | 567 | }/* /attachaddV2 */ |
| 565 | 568 | |
| 566 | 569 | })(window.fossil); |
| 567 | 570 |
| --- src/fossil.attach.js | |
| +++ src/fossil.attach.js | |
| @@ -480,12 +480,12 @@ | |
| 480 | return i; |
| 481 | } |
| 482 | }/*Attacher*/; |
| 483 | F.Attacher = Attacher; |
| 484 | |
| 485 | const eFormDiv = document.querySelector('#attachadd-form-wrapper'); |
| 486 | if( eFormDiv ){ |
| 487 | /* Inject a file-attachment form. */ |
| 488 | const urlArgs = new URLSearchParams(window.location.search); |
| 489 | let zTarget = urlArgs.get('target'); |
| 490 | let zTo = urlArgs.get('to') || urlArgs.get('from'); |
| 491 | const eBtnSubmit = D.button("Submit"); |
| @@ -500,11 +500,11 @@ | |
| 500 | const cbAttacherChange = (ev)=>{ |
| 501 | const a = ev.detail.attacher; |
| 502 | updateBtnSubmit(a); |
| 503 | }; |
| 504 | const att = new Attacher({ |
| 505 | container: eFormDiv, |
| 506 | startWith: 1, |
| 507 | listener: cbAttacherChange, |
| 508 | controls: [eBtnSubmit], |
| 509 | description: false |
| 510 | }); |
| @@ -520,11 +520,14 @@ | |
| 520 | for(const row of li){ |
| 521 | ++i; |
| 522 | fd.append('file'+i, row.content); |
| 523 | if( row.description ) fd.append('file'+i+'_desc', row.description); |
| 524 | } |
| 525 | for( const eIn of eFormDiv.querySelectorAll(':scope > input[type="hidden"]') ){ |
| 526 | if( eIn.name==='target' ){ |
| 527 | zTarget = eIn.value; |
| 528 | }else if( eIn.name==='to' || (eIn.name==='from' && !zTo) ){ |
| 529 | zTo = eIn.value; |
| 530 | } |
| @@ -541,11 +544,11 @@ | |
| 541 | err = e; |
| 542 | }); |
| 543 | D.enable(eBtnSubmit); |
| 544 | delete eBtnSubmit.dataset.submitted; |
| 545 | const jr = err ? undefined : await resp.json().catch(()=>{}); |
| 546 | if( jr?.error || !resp.ok ){ |
| 547 | const msg = err ? err.message : (jr?.error || resp.statusText); |
| 548 | att.reportError("Attaching failed: ", msg); |
| 549 | }else{ |
| 550 | att.clear(); |
| 551 | let to = zTo || jr?.redirect; |
| @@ -552,15 +555,15 @@ | |
| 552 | if( to ){ |
| 553 | if( '/'!==to[0] ){ |
| 554 | to = F.repoUrl(to); |
| 555 | } |
| 556 | window.location = to; |
| 557 | }else{ |
| 558 | window.location = '?target='+zTarget+'&'+Date.now(); |
| 559 | } |
| 560 | } |
| 561 | })/*submit handler*/; |
| 562 | updateBtnSubmit(att); |
| 563 | F.page.attacher = att /* only for testing via dev console */; |
| 564 | }/* /attachaddV2 */ |
| 565 | |
| 566 | })(window.fossil); |
| 567 |
| --- src/fossil.attach.js | |
| +++ src/fossil.attach.js | |
| @@ -480,12 +480,12 @@ | |
| 480 | return i; |
| 481 | } |
| 482 | }/*Attacher*/; |
| 483 | F.Attacher = Attacher; |
| 484 | |
| 485 | const eFormWrapper = document.querySelector('#attachadd-form-wrapper'); |
| 486 | if( eFormWrapper ){ |
| 487 | /* Inject a file-attachment form. */ |
| 488 | const urlArgs = new URLSearchParams(window.location.search); |
| 489 | let zTarget = urlArgs.get('target'); |
| 490 | let zTo = urlArgs.get('to') || urlArgs.get('from'); |
| 491 | const eBtnSubmit = D.button("Submit"); |
| @@ -500,11 +500,11 @@ | |
| 500 | const cbAttacherChange = (ev)=>{ |
| 501 | const a = ev.detail.attacher; |
| 502 | updateBtnSubmit(a); |
| 503 | }; |
| 504 | const att = new Attacher({ |
| 505 | container: eFormWrapper, |
| 506 | startWith: 1, |
| 507 | listener: cbAttacherChange, |
| 508 | controls: [eBtnSubmit], |
| 509 | description: false |
| 510 | }); |
| @@ -520,11 +520,14 @@ | |
| 520 | for(const row of li){ |
| 521 | ++i; |
| 522 | fd.append('file'+i, row.content); |
| 523 | if( row.description ) fd.append('file'+i+'_desc', row.description); |
| 524 | } |
| 525 | for( const eIn of eFormWrapper.querySelectorAll( |
| 526 | ':scope > input[type="hidden"]' |
| 527 | ) ){ |
| 528 | /* Copy over hidden input fields emitted by the server. */ |
| 529 | if( eIn.name==='target' ){ |
| 530 | zTarget = eIn.value; |
| 531 | }else if( eIn.name==='to' || (eIn.name==='from' && !zTo) ){ |
| 532 | zTo = eIn.value; |
| 533 | } |
| @@ -541,11 +544,11 @@ | |
| 544 | err = e; |
| 545 | }); |
| 546 | D.enable(eBtnSubmit); |
| 547 | delete eBtnSubmit.dataset.submitted; |
| 548 | const jr = err ? undefined : await resp.json().catch(()=>{}); |
| 549 | if( err || jr?.error || !resp.ok ){ |
| 550 | const msg = err ? err.message : (jr?.error || resp.statusText); |
| 551 | att.reportError("Attaching failed: ", msg); |
| 552 | }else{ |
| 553 | att.clear(); |
| 554 | let to = zTo || jr?.redirect; |
| @@ -552,15 +555,15 @@ | |
| 555 | if( to ){ |
| 556 | if( '/'!==to[0] ){ |
| 557 | to = F.repoUrl(to); |
| 558 | } |
| 559 | window.location = to; |
| 560 | }else if( target ){ |
| 561 | window.location = '?target='+zTarget+'&'+Date.now(); |
| 562 | } |
| 563 | } |
| 564 | })/*submit handler*/; |
| 565 | updateBtnSubmit(att); |
| 566 | F.page.attacher = att /* only for testing via dev console */; |
| 567 | }/* /attachaddV2 */ |
| 568 | |
| 569 | })(window.fossil); |
| 570 |