Differences From:

File src/zip.c part of check-in [fa6e993017] - New Zip permission. This permission allow someone to download a zipped artifact via the wiki's /zip URL. It can given the user nobody to allow automatic package builder to download the sources they know from fossil-scm.org or other servers without any intervening login necessary.

As the /zip page do not expose anything, a spider should have a hard time to crawl thru the project using this URL. So IMO it does not open a break-in hole for spiders.

by cle on 2008-08-12 03:27:54. [view]

To:

File src/zip.c part of check-in [417dd898ab] - Allow an alternative URL syntax for downloading artifacts via the /zip page. The original way is:

  http://localhost:8080/zip/fa6e9930177e84ce089b30ad768c454a012364f7.zip

which will store the artifact in the file a6e9930177e84ce089b30ad768c454a012364f7.zip. Alternatively it is now possible to download the artifact in e.g. the file fossil.zip via the URL:

  http://localhost:8080/zip/fossil.zip?rid=fa6e9930177e84ce089b30ad768c454a012364f7

by hintze on 2008-08-13 11:57:17. [view]

@@ -352,30 +352,33 @@
 ** Return that ZIP archive as the HTTP reply content.
 */
 void baseline_zip_page(void){
   int rid;
-  char *zName;
-  int nName;
+  char *zName, *zRid;
+  int nName, nRid;
   Blob zip;
 
   login_check_credentials();
   if( !g.okZip && (!g.okRead || !g.okHistory) ){ login_needed(); return; }
   zName = mprintf("%s", PD("name",""));
   nName = strlen(zName);
+  zRid = mprintf("%s", PD("rid",""));
+  nRid = strlen(zRid);
   for(nName=strlen(zName)-1; nName>5; nName--){
     if( zName[nName]=='.' ){
       zName[nName] = 0;
       break;
     }
   }
-  rid = name_to_rid(zName);
+  rid = name_to_rid(nRid?zRid:zName);
   if( rid==0 ){
     @ Not found
     return;
   }
-  if( nName>10 ) zName[10] = 0;
+  if( nRid==0 && nName>10 ) zName[10] = 0;
   zip_of_baseline(rid, &zip, zName);
   free( zName );
+  free( zRid );
   cgi_set_content(&zip);
   cgi_set_content_type("application/zip");
   cgi_reply();
 }