CVSTrac Legacy Code

Check-in [e1b44eb962]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:(#764) _setup_ permissions should also imply wiki permissions. Simplify the Windows condition slightly.
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: e1b44eb962baff46e3c4b676652b8ed46691e4af
User & Date: cpb 2008-10-11 01:02:57
Context
2008-10-21
02:05
add some CSRF (http://en.wikipedia.org/wiki/Cross-site_request_forgery) prevention. It's a little over-engineered in places, but the patch itself is non-intrusive enough that this isn't a huge problem. check-in: 8a6641cd16 user: cpb tags: trunk
2008-10-11
01:02
(#764) _setup_ permissions should also imply wiki permissions. Simplify the Windows condition slightly. check-in: e1b44eb962 user: cpb tags: trunk
2008-10-09
22:59
(#764) merge [1010]: don't use CGI output stuff when we don't have a URL. This may not be needed in HEAD, but it certainly won't hurt. check-in: d0137d8b19 user: cpb tags: trunk
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to login.c.

331
332
333
334
335
336
337

338
339
340
341
342
343
344
345
346

347
348
349
350
351
352
353
  g.zHumanName = azResult[0];
  g.zUser = zUser;
  cgi_logfile(0, g.zUser);
  for(i=0; azResult[1][i]; i++){
    switch( azResult[1][i] ){
      case 's':   g.okSetup = g.okDelete = 1;
      case 'a':   g.okAdmin = g.okRead = g.okWrite = g.okQuery =

#ifdef CVSTRAC_WINDOWS
                              /* On Windows we may have admins that have
                              ** passwords synchronized to domain account,
                              ** so we don't want them to change the passwords.
                              */
                              g.okNewTkt = 1;
#else
                              g.okNewTkt = g.okPassword = 1;
#endif

      case 'i':   g.okCheckin = g.okCheckout = 1;  break;
      case 'd':   g.okDelete = 1;                  break;
      case 'j':   g.okRdWiki = 1;                  break;
      case 'k':   g.okWiki = g.okRdWiki = 1;       break;
      case 'n':   g.okNewTkt = 1;                  break;
      case 'o':   g.okCheckout = 1;                break;
      case 'p':   g.okPassword = 1;                break;







>
|




<
<
|

>







331
332
333
334
335
336
337
338
339
340
341
342
343


344
345
346
347
348
349
350
351
352
353
  g.zHumanName = azResult[0];
  g.zUser = zUser;
  cgi_logfile(0, g.zUser);
  for(i=0; azResult[1][i]; i++){
    switch( azResult[1][i] ){
      case 's':   g.okSetup = g.okDelete = 1;
      case 'a':   g.okAdmin = g.okRead = g.okWrite = g.okQuery =
                  g.okWiki = g.okRdWiki =
#ifndef CVSTRAC_WINDOWS
                              /* On Windows we may have admins that have
                              ** passwords synchronized to domain account,
                              ** so we don't want them to change the passwords.
                              */


                  g.okPassword =
#endif
                  g.okNewTkt = 1;
      case 'i':   g.okCheckin = g.okCheckout = 1;  break;
      case 'd':   g.okDelete = 1;                  break;
      case 'j':   g.okRdWiki = 1;                  break;
      case 'k':   g.okWiki = g.okRdWiki = 1;       break;
      case 'n':   g.okNewTkt = 1;                  break;
      case 'o':   g.okCheckout = 1;                break;
      case 'p':   g.okPassword = 1;                break;