Fossil SCM
New <b>Zip</b> permission. This permission allow someone to download a zipped artifact via the wiki's <tt>/zip</tt> URL. It can given the user <tt>nobody</tt> to allow automatic package builder to download the sources they know from <tt>fossil-scm.org</tt> or other servers without any intervening login necessary. As the <tt>/zip</tt> page do not expose anything, a spider should have a hard time to crawl thru the project using this URL. So IMO it does not open a break-in hole for spiders.
Commit
fa6e9930177e84ce089b30ad768c454a012364f7
Parent
91ec6982e9668b4…
4 files changed
+1
+1
+17
-3
+1
-1
+1
| --- src/login.c | ||
| +++ src/login.c | ||
| @@ -328,10 +328,11 @@ | ||
| 328 | 328 | g.okApndWiki = g.okHistory = g.okClone = |
| 329 | 329 | g.okNewTkt = g.okPassword = g.okRdAddr = |
| 330 | 330 | g.okTktFmt = 1; |
| 331 | 331 | case 'i': g.okRead = g.okWrite = 1; break; |
| 332 | 332 | case 'o': g.okRead = 1; break; |
| 333 | + case 'z': g.okZip = 1; break; | |
| 333 | 334 | |
| 334 | 335 | case 'd': g.okDelete = 1; break; |
| 335 | 336 | case 'h': g.okHistory = 1; break; |
| 336 | 337 | case 'g': g.okClone = 1; break; |
| 337 | 338 | case 'p': g.okPassword = 1; break; |
| 338 | 339 |
| --- src/login.c | |
| +++ src/login.c | |
| @@ -328,10 +328,11 @@ | |
| 328 | g.okApndWiki = g.okHistory = g.okClone = |
| 329 | g.okNewTkt = g.okPassword = g.okRdAddr = |
| 330 | g.okTktFmt = 1; |
| 331 | case 'i': g.okRead = g.okWrite = 1; break; |
| 332 | case 'o': g.okRead = 1; break; |
| 333 | |
| 334 | case 'd': g.okDelete = 1; break; |
| 335 | case 'h': g.okHistory = 1; break; |
| 336 | case 'g': g.okClone = 1; break; |
| 337 | case 'p': g.okPassword = 1; break; |
| 338 |
| --- src/login.c | |
| +++ src/login.c | |
| @@ -328,10 +328,11 @@ | |
| 328 | g.okApndWiki = g.okHistory = g.okClone = |
| 329 | g.okNewTkt = g.okPassword = g.okRdAddr = |
| 330 | g.okTktFmt = 1; |
| 331 | case 'i': g.okRead = g.okWrite = 1; break; |
| 332 | case 'o': g.okRead = 1; break; |
| 333 | case 'z': g.okZip = 1; break; |
| 334 | |
| 335 | case 'd': g.okDelete = 1; break; |
| 336 | case 'h': g.okHistory = 1; break; |
| 337 | case 'g': g.okClone = 1; break; |
| 338 | case 'p': g.okPassword = 1; break; |
| 339 |
+1
| --- src/main.c | ||
| +++ src/main.c | ||
| @@ -117,10 +117,11 @@ | ||
| 117 | 117 | int okNewTkt; /* n: create new tickets */ |
| 118 | 118 | int okApndTkt; /* c: append to tickets via the web */ |
| 119 | 119 | int okWrTkt; /* w: make changes to tickets via web */ |
| 120 | 120 | int okTktFmt; /* t: create new ticket report formats */ |
| 121 | 121 | int okRdAddr; /* e: read email addresses or other private data */ |
| 122 | + int okZip; /* z: download zipped artifact via /zip URL */ | |
| 122 | 123 | |
| 123 | 124 | FILE *fDebug; /* Write debug information here, if the file exists */ |
| 124 | 125 | |
| 125 | 126 | /* Storage for the aux() and/or option() SQL function arguments */ |
| 126 | 127 | int nAux; /* Number of distinct aux() or option() values */ |
| 127 | 128 |
| --- src/main.c | |
| +++ src/main.c | |
| @@ -117,10 +117,11 @@ | |
| 117 | int okNewTkt; /* n: create new tickets */ |
| 118 | int okApndTkt; /* c: append to tickets via the web */ |
| 119 | int okWrTkt; /* w: make changes to tickets via web */ |
| 120 | int okTktFmt; /* t: create new ticket report formats */ |
| 121 | int okRdAddr; /* e: read email addresses or other private data */ |
| 122 | |
| 123 | FILE *fDebug; /* Write debug information here, if the file exists */ |
| 124 | |
| 125 | /* Storage for the aux() and/or option() SQL function arguments */ |
| 126 | int nAux; /* Number of distinct aux() or option() values */ |
| 127 |
| --- src/main.c | |
| +++ src/main.c | |
| @@ -117,10 +117,11 @@ | |
| 117 | int okNewTkt; /* n: create new tickets */ |
| 118 | int okApndTkt; /* c: append to tickets via the web */ |
| 119 | int okWrTkt; /* w: make changes to tickets via web */ |
| 120 | int okTktFmt; /* t: create new ticket report formats */ |
| 121 | int okRdAddr; /* e: read email addresses or other private data */ |
| 122 | int okZip; /* z: download zipped artifact via /zip URL */ |
| 123 | |
| 124 | FILE *fDebug; /* Write debug information here, if the file exists */ |
| 125 | |
| 126 | /* Storage for the aux() and/or option() SQL function arguments */ |
| 127 | int nAux; /* Number of distinct aux() or option() values */ |
| 128 |
+17
-3
| --- src/setup.c | ||
| +++ src/setup.c | ||
| @@ -154,10 +154,11 @@ | ||
| 154 | 154 | @ <li value="18"><b>Read-Tkt</b>: View tickets</li> |
| 155 | 155 | @ <li value="19"><b>Setup:</b> Setup and configure this website</li> |
| 156 | 156 | @ <li value="20"><b>Tkt-Report:</b> Create new bug summary reports</li> |
| 157 | 157 | @ <li value="22"><b>Developer:</b> Inherit privileges of user "developer"</li> |
| 158 | 158 | @ <li value="23"><b>Write-Tkt</b>: Edit tickets</li> |
| 159 | + @ <li value="26"><b>Zip</b>: Download zipped artifacts</li> | |
| 159 | 160 | @ </ol> |
| 160 | 161 | @ </p></li> |
| 161 | 162 | @ |
| 162 | 163 | @ <li><p> |
| 163 | 164 | @ Every user, logged in or not, inherits the privileges of <b>nobody</b>. |
| @@ -191,11 +192,11 @@ | ||
| 191 | 192 | */ |
| 192 | 193 | void user_edit(void){ |
| 193 | 194 | const char *zId, *zLogin, *zInfo, *zCap, *zPw; |
| 194 | 195 | char *oaa, *oas, *oar, *oaw, *oan, *oai, *oaj, *oao, *oap; |
| 195 | 196 | char *oak, *oad, *oac, *oaf, *oam, *oah, *oag, *oae; |
| 196 | - char *oat, *oav; | |
| 197 | + char *oat, *oav, *oaz; | |
| 197 | 198 | int doWrite; |
| 198 | 199 | int uid; |
| 199 | 200 | int higherUser = 0; /* True if user being edited is SETUP and the */ |
| 200 | 201 | /* user doing the editing is ADMIN. Disallow editing */ |
| 201 | 202 | |
| @@ -245,10 +246,11 @@ | ||
| 245 | 246 | int am = P("am")!=0; |
| 246 | 247 | int ah = P("ah")!=0; |
| 247 | 248 | int ag = P("ag")!=0; |
| 248 | 249 | int at = P("at")!=0; |
| 249 | 250 | int av = P("av")!=0; |
| 251 | + int az = P("az")!=0; | |
| 250 | 252 | if( aa ){ zCap[i++] = 'a'; } |
| 251 | 253 | if( ac ){ zCap[i++] = 'c'; } |
| 252 | 254 | if( ad ){ zCap[i++] = 'd'; } |
| 253 | 255 | if( ae ){ zCap[i++] = 'e'; } |
| 254 | 256 | if( af ){ zCap[i++] = 'f'; } |
| @@ -264,10 +266,11 @@ | ||
| 264 | 266 | if( ar ){ zCap[i++] = 'r'; } |
| 265 | 267 | if( as ){ zCap[i++] = 's'; } |
| 266 | 268 | if( at ){ zCap[i++] = 't'; } |
| 267 | 269 | if( av ){ zCap[i++] = 'v'; } |
| 268 | 270 | if( aw ){ zCap[i++] = 'w'; } |
| 271 | + if( az ){ zCap[i++] = 'z'; } | |
| 269 | 272 | |
| 270 | 273 | zCap[i] = 0; |
| 271 | 274 | zPw = P("pw"); |
| 272 | 275 | if( !isValidPwString(zPw) ){ |
| 273 | 276 | zPw = db_text(0, "SELECT pw FROM user WHERE uid=%d", uid); |
| @@ -298,11 +301,11 @@ | ||
| 298 | 301 | zLogin = ""; |
| 299 | 302 | zInfo = ""; |
| 300 | 303 | zCap = ""; |
| 301 | 304 | zPw = ""; |
| 302 | 305 | oaa = oac = oad = oae = oaf = oag = oah = oai = oaj = oak = oam = |
| 303 | - oan = oao = oap = oar = oas = oat = oav = oaw = ""; | |
| 306 | + oan = oao = oap = oar = oas = oat = oav = oaw = oaz = ""; | |
| 304 | 307 | if( uid ){ |
| 305 | 308 | zLogin = db_text("", "SELECT login FROM user WHERE uid=%d", uid); |
| 306 | 309 | zInfo = db_text("", "SELECT info FROM user WHERE uid=%d", uid); |
| 307 | 310 | zCap = db_text("", "SELECT cap FROM user WHERE uid=%d", uid); |
| 308 | 311 | zPw = db_text("", "SELECT pw FROM user WHERE uid=%d", uid); |
| @@ -323,10 +326,11 @@ | ||
| 323 | 326 | if( strchr(zCap, 'r') ) oar = " checked"; |
| 324 | 327 | if( strchr(zCap, 's') ) oas = " checked"; |
| 325 | 328 | if( strchr(zCap, 't') ) oat = " checked"; |
| 326 | 329 | if( strchr(zCap, 'v') ) oav = " checked"; |
| 327 | 330 | if( strchr(zCap, 'w') ) oaw = " checked"; |
| 331 | + if( strchr(zCap, 'z') ) oaz = " checked"; | |
| 328 | 332 | } |
| 329 | 333 | |
| 330 | 334 | /* Begin generating the page |
| 331 | 335 | */ |
| 332 | 336 | style_submenu_element("Cancel", "Cancel", "setup_ulist"); |
| @@ -375,11 +379,12 @@ | ||
| 375 | 379 | @ <input type="checkbox" name="ak"%s(oak)>Write Wiki</input><br> |
| 376 | 380 | @ <input type="checkbox" name="ar"%s(oar)>Read Tkt</input><br> |
| 377 | 381 | @ <input type="checkbox" name="an"%s(oan)>New Tkt</input><br> |
| 378 | 382 | @ <input type="checkbox" name="ac"%s(oac)>Append Tkt</input><br> |
| 379 | 383 | @ <input type="checkbox" name="aw"%s(oaw)>Write Tkt</input><br> |
| 380 | - @ <input type="checkbox" name="at"%s(oat)>Tkt Report</input> | |
| 384 | + @ <input type="checkbox" name="at"%s(oat)>Tkt Report</input><br> | |
| 385 | + @ <input type="checkbox" name="az"%s(oaz)>Download Zip</input> | |
| 381 | 386 | @ </td> |
| 382 | 387 | @ </tr> |
| 383 | 388 | @ <tr> |
| 384 | 389 | @ <td align="right">Password:</td> |
| 385 | 390 | if( strcmp(zLogin, "anonymous")==0 ){ |
| @@ -430,10 +435,19 @@ | ||
| 430 | 435 | @ This is recommended ON for most logged-in users but OFF for |
| 431 | 436 | @ user "nobody" to avoid problems with spiders trying to walk every |
| 432 | 437 | @ historical version of every baseline and file. |
| 433 | 438 | @ </p></li> |
| 434 | 439 | @ |
| 440 | + @ <li><p> | |
| 441 | + @ The <b>Zip</b> privilege allows a user to see the download as zip hyperlink | |
| 442 | + @ as well as permit access to the <tt>/zip</tt> page. It can be allowed for | |
| 443 | + @ user "nobody" to grant him access to download artifacts he know from the | |
| 444 | + @ server without giving him other rights like <b>Read</b> or <b>History</b>. | |
| 445 | + @ So automatic package dowloaders could be able to obtain the sources without | |
| 446 | + @ going thru the login procedure. | |
| 447 | + @ </p></li> | |
| 448 | + @ | |
| 435 | 449 | @ <li><p> |
| 436 | 450 | @ The <b>Developer</b> privilege causes all privileges of the user |
| 437 | 451 | @ named "developer" to be inherited by this user. |
| 438 | 452 | @ </p></li> |
| 439 | 453 | @ |
| 440 | 454 |
| --- src/setup.c | |
| +++ src/setup.c | |
| @@ -154,10 +154,11 @@ | |
| 154 | @ <li value="18"><b>Read-Tkt</b>: View tickets</li> |
| 155 | @ <li value="19"><b>Setup:</b> Setup and configure this website</li> |
| 156 | @ <li value="20"><b>Tkt-Report:</b> Create new bug summary reports</li> |
| 157 | @ <li value="22"><b>Developer:</b> Inherit privileges of user "developer"</li> |
| 158 | @ <li value="23"><b>Write-Tkt</b>: Edit tickets</li> |
| 159 | @ </ol> |
| 160 | @ </p></li> |
| 161 | @ |
| 162 | @ <li><p> |
| 163 | @ Every user, logged in or not, inherits the privileges of <b>nobody</b>. |
| @@ -191,11 +192,11 @@ | |
| 191 | */ |
| 192 | void user_edit(void){ |
| 193 | const char *zId, *zLogin, *zInfo, *zCap, *zPw; |
| 194 | char *oaa, *oas, *oar, *oaw, *oan, *oai, *oaj, *oao, *oap; |
| 195 | char *oak, *oad, *oac, *oaf, *oam, *oah, *oag, *oae; |
| 196 | char *oat, *oav; |
| 197 | int doWrite; |
| 198 | int uid; |
| 199 | int higherUser = 0; /* True if user being edited is SETUP and the */ |
| 200 | /* user doing the editing is ADMIN. Disallow editing */ |
| 201 | |
| @@ -245,10 +246,11 @@ | |
| 245 | int am = P("am")!=0; |
| 246 | int ah = P("ah")!=0; |
| 247 | int ag = P("ag")!=0; |
| 248 | int at = P("at")!=0; |
| 249 | int av = P("av")!=0; |
| 250 | if( aa ){ zCap[i++] = 'a'; } |
| 251 | if( ac ){ zCap[i++] = 'c'; } |
| 252 | if( ad ){ zCap[i++] = 'd'; } |
| 253 | if( ae ){ zCap[i++] = 'e'; } |
| 254 | if( af ){ zCap[i++] = 'f'; } |
| @@ -264,10 +266,11 @@ | |
| 264 | if( ar ){ zCap[i++] = 'r'; } |
| 265 | if( as ){ zCap[i++] = 's'; } |
| 266 | if( at ){ zCap[i++] = 't'; } |
| 267 | if( av ){ zCap[i++] = 'v'; } |
| 268 | if( aw ){ zCap[i++] = 'w'; } |
| 269 | |
| 270 | zCap[i] = 0; |
| 271 | zPw = P("pw"); |
| 272 | if( !isValidPwString(zPw) ){ |
| 273 | zPw = db_text(0, "SELECT pw FROM user WHERE uid=%d", uid); |
| @@ -298,11 +301,11 @@ | |
| 298 | zLogin = ""; |
| 299 | zInfo = ""; |
| 300 | zCap = ""; |
| 301 | zPw = ""; |
| 302 | oaa = oac = oad = oae = oaf = oag = oah = oai = oaj = oak = oam = |
| 303 | oan = oao = oap = oar = oas = oat = oav = oaw = ""; |
| 304 | if( uid ){ |
| 305 | zLogin = db_text("", "SELECT login FROM user WHERE uid=%d", uid); |
| 306 | zInfo = db_text("", "SELECT info FROM user WHERE uid=%d", uid); |
| 307 | zCap = db_text("", "SELECT cap FROM user WHERE uid=%d", uid); |
| 308 | zPw = db_text("", "SELECT pw FROM user WHERE uid=%d", uid); |
| @@ -323,10 +326,11 @@ | |
| 323 | if( strchr(zCap, 'r') ) oar = " checked"; |
| 324 | if( strchr(zCap, 's') ) oas = " checked"; |
| 325 | if( strchr(zCap, 't') ) oat = " checked"; |
| 326 | if( strchr(zCap, 'v') ) oav = " checked"; |
| 327 | if( strchr(zCap, 'w') ) oaw = " checked"; |
| 328 | } |
| 329 | |
| 330 | /* Begin generating the page |
| 331 | */ |
| 332 | style_submenu_element("Cancel", "Cancel", "setup_ulist"); |
| @@ -375,11 +379,12 @@ | |
| 375 | @ <input type="checkbox" name="ak"%s(oak)>Write Wiki</input><br> |
| 376 | @ <input type="checkbox" name="ar"%s(oar)>Read Tkt</input><br> |
| 377 | @ <input type="checkbox" name="an"%s(oan)>New Tkt</input><br> |
| 378 | @ <input type="checkbox" name="ac"%s(oac)>Append Tkt</input><br> |
| 379 | @ <input type="checkbox" name="aw"%s(oaw)>Write Tkt</input><br> |
| 380 | @ <input type="checkbox" name="at"%s(oat)>Tkt Report</input> |
| 381 | @ </td> |
| 382 | @ </tr> |
| 383 | @ <tr> |
| 384 | @ <td align="right">Password:</td> |
| 385 | if( strcmp(zLogin, "anonymous")==0 ){ |
| @@ -430,10 +435,19 @@ | |
| 430 | @ This is recommended ON for most logged-in users but OFF for |
| 431 | @ user "nobody" to avoid problems with spiders trying to walk every |
| 432 | @ historical version of every baseline and file. |
| 433 | @ </p></li> |
| 434 | @ |
| 435 | @ <li><p> |
| 436 | @ The <b>Developer</b> privilege causes all privileges of the user |
| 437 | @ named "developer" to be inherited by this user. |
| 438 | @ </p></li> |
| 439 | @ |
| 440 |
| --- src/setup.c | |
| +++ src/setup.c | |
| @@ -154,10 +154,11 @@ | |
| 154 | @ <li value="18"><b>Read-Tkt</b>: View tickets</li> |
| 155 | @ <li value="19"><b>Setup:</b> Setup and configure this website</li> |
| 156 | @ <li value="20"><b>Tkt-Report:</b> Create new bug summary reports</li> |
| 157 | @ <li value="22"><b>Developer:</b> Inherit privileges of user "developer"</li> |
| 158 | @ <li value="23"><b>Write-Tkt</b>: Edit tickets</li> |
| 159 | @ <li value="26"><b>Zip</b>: Download zipped artifacts</li> |
| 160 | @ </ol> |
| 161 | @ </p></li> |
| 162 | @ |
| 163 | @ <li><p> |
| 164 | @ Every user, logged in or not, inherits the privileges of <b>nobody</b>. |
| @@ -191,11 +192,11 @@ | |
| 192 | */ |
| 193 | void user_edit(void){ |
| 194 | const char *zId, *zLogin, *zInfo, *zCap, *zPw; |
| 195 | char *oaa, *oas, *oar, *oaw, *oan, *oai, *oaj, *oao, *oap; |
| 196 | char *oak, *oad, *oac, *oaf, *oam, *oah, *oag, *oae; |
| 197 | char *oat, *oav, *oaz; |
| 198 | int doWrite; |
| 199 | int uid; |
| 200 | int higherUser = 0; /* True if user being edited is SETUP and the */ |
| 201 | /* user doing the editing is ADMIN. Disallow editing */ |
| 202 | |
| @@ -245,10 +246,11 @@ | |
| 246 | int am = P("am")!=0; |
| 247 | int ah = P("ah")!=0; |
| 248 | int ag = P("ag")!=0; |
| 249 | int at = P("at")!=0; |
| 250 | int av = P("av")!=0; |
| 251 | int az = P("az")!=0; |
| 252 | if( aa ){ zCap[i++] = 'a'; } |
| 253 | if( ac ){ zCap[i++] = 'c'; } |
| 254 | if( ad ){ zCap[i++] = 'd'; } |
| 255 | if( ae ){ zCap[i++] = 'e'; } |
| 256 | if( af ){ zCap[i++] = 'f'; } |
| @@ -264,10 +266,11 @@ | |
| 266 | if( ar ){ zCap[i++] = 'r'; } |
| 267 | if( as ){ zCap[i++] = 's'; } |
| 268 | if( at ){ zCap[i++] = 't'; } |
| 269 | if( av ){ zCap[i++] = 'v'; } |
| 270 | if( aw ){ zCap[i++] = 'w'; } |
| 271 | if( az ){ zCap[i++] = 'z'; } |
| 272 | |
| 273 | zCap[i] = 0; |
| 274 | zPw = P("pw"); |
| 275 | if( !isValidPwString(zPw) ){ |
| 276 | zPw = db_text(0, "SELECT pw FROM user WHERE uid=%d", uid); |
| @@ -298,11 +301,11 @@ | |
| 301 | zLogin = ""; |
| 302 | zInfo = ""; |
| 303 | zCap = ""; |
| 304 | zPw = ""; |
| 305 | oaa = oac = oad = oae = oaf = oag = oah = oai = oaj = oak = oam = |
| 306 | oan = oao = oap = oar = oas = oat = oav = oaw = oaz = ""; |
| 307 | if( uid ){ |
| 308 | zLogin = db_text("", "SELECT login FROM user WHERE uid=%d", uid); |
| 309 | zInfo = db_text("", "SELECT info FROM user WHERE uid=%d", uid); |
| 310 | zCap = db_text("", "SELECT cap FROM user WHERE uid=%d", uid); |
| 311 | zPw = db_text("", "SELECT pw FROM user WHERE uid=%d", uid); |
| @@ -323,10 +326,11 @@ | |
| 326 | if( strchr(zCap, 'r') ) oar = " checked"; |
| 327 | if( strchr(zCap, 's') ) oas = " checked"; |
| 328 | if( strchr(zCap, 't') ) oat = " checked"; |
| 329 | if( strchr(zCap, 'v') ) oav = " checked"; |
| 330 | if( strchr(zCap, 'w') ) oaw = " checked"; |
| 331 | if( strchr(zCap, 'z') ) oaz = " checked"; |
| 332 | } |
| 333 | |
| 334 | /* Begin generating the page |
| 335 | */ |
| 336 | style_submenu_element("Cancel", "Cancel", "setup_ulist"); |
| @@ -375,11 +379,12 @@ | |
| 379 | @ <input type="checkbox" name="ak"%s(oak)>Write Wiki</input><br> |
| 380 | @ <input type="checkbox" name="ar"%s(oar)>Read Tkt</input><br> |
| 381 | @ <input type="checkbox" name="an"%s(oan)>New Tkt</input><br> |
| 382 | @ <input type="checkbox" name="ac"%s(oac)>Append Tkt</input><br> |
| 383 | @ <input type="checkbox" name="aw"%s(oaw)>Write Tkt</input><br> |
| 384 | @ <input type="checkbox" name="at"%s(oat)>Tkt Report</input><br> |
| 385 | @ <input type="checkbox" name="az"%s(oaz)>Download Zip</input> |
| 386 | @ </td> |
| 387 | @ </tr> |
| 388 | @ <tr> |
| 389 | @ <td align="right">Password:</td> |
| 390 | if( strcmp(zLogin, "anonymous")==0 ){ |
| @@ -430,10 +435,19 @@ | |
| 435 | @ This is recommended ON for most logged-in users but OFF for |
| 436 | @ user "nobody" to avoid problems with spiders trying to walk every |
| 437 | @ historical version of every baseline and file. |
| 438 | @ </p></li> |
| 439 | @ |
| 440 | @ <li><p> |
| 441 | @ The <b>Zip</b> privilege allows a user to see the download as zip hyperlink |
| 442 | @ as well as permit access to the <tt>/zip</tt> page. It can be allowed for |
| 443 | @ user "nobody" to grant him access to download artifacts he know from the |
| 444 | @ server without giving him other rights like <b>Read</b> or <b>History</b>. |
| 445 | @ So automatic package dowloaders could be able to obtain the sources without |
| 446 | @ going thru the login procedure. |
| 447 | @ </p></li> |
| 448 | @ |
| 449 | @ <li><p> |
| 450 | @ The <b>Developer</b> privilege causes all privileges of the user |
| 451 | @ named "developer" to be inherited by this user. |
| 452 | @ </p></li> |
| 453 | @ |
| 454 |
+1
-1
| --- src/zip.c | ||
| +++ src/zip.c | ||
| @@ -356,11 +356,11 @@ | ||
| 356 | 356 | char *zName; |
| 357 | 357 | int nName; |
| 358 | 358 | Blob zip; |
| 359 | 359 | |
| 360 | 360 | login_check_credentials(); |
| 361 | - if( !g.okRead || !g.okHistory ){ login_needed(); return; } | |
| 361 | + if( !g.okZip && (!g.okRead || !g.okHistory) ){ login_needed(); return; } | |
| 362 | 362 | zName = mprintf("%s", PD("name","")); |
| 363 | 363 | nName = strlen(zName); |
| 364 | 364 | for(nName=strlen(zName)-1; nName>5; nName--){ |
| 365 | 365 | if( zName[nName]=='.' ){ |
| 366 | 366 | zName[nName] = 0; |
| 367 | 367 |
| --- src/zip.c | |
| +++ src/zip.c | |
| @@ -356,11 +356,11 @@ | |
| 356 | char *zName; |
| 357 | int nName; |
| 358 | Blob zip; |
| 359 | |
| 360 | login_check_credentials(); |
| 361 | if( !g.okRead || !g.okHistory ){ login_needed(); return; } |
| 362 | zName = mprintf("%s", PD("name","")); |
| 363 | nName = strlen(zName); |
| 364 | for(nName=strlen(zName)-1; nName>5; nName--){ |
| 365 | if( zName[nName]=='.' ){ |
| 366 | zName[nName] = 0; |
| 367 |
| --- src/zip.c | |
| +++ src/zip.c | |
| @@ -356,11 +356,11 @@ | |
| 356 | char *zName; |
| 357 | int nName; |
| 358 | Blob zip; |
| 359 | |
| 360 | login_check_credentials(); |
| 361 | if( !g.okZip && (!g.okRead || !g.okHistory) ){ login_needed(); return; } |
| 362 | zName = mprintf("%s", PD("name","")); |
| 363 | nName = strlen(zName); |
| 364 | for(nName=strlen(zName)-1; nName>5; nName--){ |
| 365 | if( zName[nName]=='.' ){ |
| 366 | zName[nName] = 0; |
| 367 |