Diff
Not logged in
HomeFilesLeavesTimelineBranchesTagsTicketsWikiLogin

Differences From:

File src/report.c part of check-in [d3e711fd2f] - Work toward getting bug-tracking working well. by drh on 2008-07-15 16:42:48. [view]

To:

File src/report.c part of check-in [21326fb6f7] - Fix enforcement of access restrictions on reports. Do not allow reports to show the content of fields whose names begin with "private_" unless the "e" permission is enabled. by drh on 2008-07-19 15:12:34. [view] 
@@ -155,10 +155,10 @@
   const char *zArg2,
   const char *zArg3,
   const char *zArg4
 ){
-  char *zError = *(char**)pError;
-  if( zError ){
+  int rc = SQLITE_OK;
+  if( *(char**)pError ){
     /* We've already seen an error.  No need to continue. */
     return SQLITE_OK;
   }
   switch( code ){
@@ -181,18 +181,22 @@
       for(i=0; i<sizeof(azAllowed)/sizeof(azAllowed[0]); i++){
         if( strcasecmp(zArg1, azAllowed[i])==0 ) break;
       }
       if( i>=sizeof(azAllowed)/sizeof(azAllowed[0]) ){
-        zError = mprintf("cannot access table %s", zArg1);
+        *(char**)pError = mprintf("access to table \"%s\" is restricted",zArg1);
+        rc = SQLITE_DENY;
+      }else if( !g.okRdAddr && strncmp(zArg2, "private_", 8)==0 ){
+        rc = SQLITE_IGNORE;
       }
       break;
     }
     default: {
-      zError = mprintf("only SELECT statements are allowed");
+      *(char**)pError = mprintf("only SELECT statements are allowed");
+      rc = SQLITE_DENY;
       break;
     }
   }
-  return SQLITE_OK;
+  return rc;
 }
 
 
 /*
@@ -876,8 +880,10 @@
   char *zOwner;
   char *zClrKey;
   int tabs;
   Stmt q;
+  char *zErr1 = 0;
+  char *zErr2 = 0;
 
   login_check_credentials();
   if( !g.okRead ){ login_needed(); return; }
   rn = atoi(PD("rn","0"));
@@ -933,12 +939,21 @@
         "border=0 cellpadding=3 cellspacing=0 class=\"report\"");
     @ <table border=1 cellpadding=2 cellspacing=0 class="report">
     sState.rn = rn;
     sState.nCount = 0;
-    sqlite3_exec(g.db, zSql, generate_html, &sState, 0);
+    sqlite3_set_authorizer(g.db, report_query_authorizer, (void*)&zErr1);
+    sqlite3_exec(g.db, zSql, generate_html, &sState, &zErr2);
+    sqlite3_set_authorizer(g.db, 0, 0);
     @ </table>
+    if( zErr1 ){
+      @ <p><font color="red"><b>Error: %h(zErr1)</b></font></p>
+    }else if( zErr2 ){
+      @ <p><font color="red"><b>Error: %h(zErr2)</b></font></p>
+    }
     style_footer();
   }else{
-    sqlite3_exec(g.db, zSql, output_tab_separated, &count, 0);
+    sqlite3_set_authorizer(g.db, report_query_authorizer, (void*)&zErr1);
+    sqlite3_exec(g.db, zSql, output_tab_separated, &count, &zErr2);
+    sqlite3_set_authorizer(g.db, 0, 0);
     cgi_set_content_type("text/plain");
   }
 }

Fossil version [c0211010a1] 2009-12-13 01:31:36