On Sun, Jul 28, 2013 at 9:47 PM, Marc Simpson <m...@0branch.com> wrote:
> It seems that unshunning is currently broken. To reproduce:
>
> (1) Create a test repository,
>
> $ fsl version
> This is fossil version 1.26 [a60b008f1a] 2013-07-26 15:46:01 UTC
> $ fsl new tmp.fsl
> $ mkdir tmp; cd tmp
> $ fsl open ../tmp.fsl
> $ touch a
> $ fsl add a; fsl commit -m a a
> $ fsl ui
>
> (2) Shun commit 'a' via [Admin > Shunned] in the UI.
>
> (3) Click on the newly shunned artifact and attempt to [Unshun].
>
> Output: "Cross-site request forgery attempt".
A bug indeed. Here's a possible fix:
Index: src/info.c
==================================================================
--- src/info.c
+++ src/info.c
@@ -1427,11 +1427,11 @@
if( !g.perm.Read ){ login_needed(); return; }
if( rid==0 ) fossil_redirect_home();
if( g.perm.Admin ){
const char *zUuid = db_text("", "SELECT uuid FROM blob WHERE rid=%d", rid);
if( db_exists("SELECT 1 FROM shun WHERE uuid='%s'", zUuid) ){
- style_submenu_element("Unshun","Unshun", "%s/shun?uuid=%s&sub=1",
+ style_submenu_element("Unshun","Unshun",
"%s/shun?accept=%s&sub=1#accshun",
g.zTop, zUuid);
}else{
style_submenu_element("Shun","Shun", "%s/shun?shun=%s#addshun",
g.zTop, zUuid);
}
@@ -1577,11 +1577,11 @@
if( !g.perm.Read ){ login_needed(); return; }
if( rid==0 ) fossil_redirect_home();
if( g.perm.Admin ){
const char *zUuid = db_text("", "SELECT uuid FROM blob WHERE rid=%d", rid);
if( db_exists("SELECT 1 FROM shun WHERE uuid='%s'", zUuid) ){
- style_submenu_element("Unshun","Unshun", "%s/shun?uuid=%s&sub=1",
+ style_submenu_element("Unshun","Unshun",
"%s/shun?accept=%s&sub=1#accshun",
g.zTop, zUuid);
}else{
style_submenu_element("Shun","Shun", "%s/shun?shun=%s#addshun",
g.zTop, zUuid);
}
@@ -1685,11 +1685,11 @@
rid = name_to_rid_www("name");
if( rid==0 ){ fossil_redirect_home(); }
zUuid = db_text("", "SELECT uuid FROM blob WHERE rid=%d", rid);
if( g.perm.Admin ){
if( db_exists("SELECT 1 FROM shun WHERE uuid='%s'", zUuid) ){
- style_submenu_element("Unshun","Unshun", "%s/shun?uuid=%s&sub=1",
+ style_submenu_element("Unshun","Unshun",
"%s/shun?accept=%s&sub=1#accshun",
g.zTop, zUuid);
}else{
style_submenu_element("Shun","Shun", "%s/shun?shun=%s#addshun",
g.zTop, zUuid);
}
Index: src/shun.c
==================================================================
--- src/shun.c
+++ src/shun.c
@@ -133,20 +133,21 @@
@ <input type="text" name="uuid" value="%h(PD("shun",""))" size="50" />
@ <input type="submit" name="add" value="Shun" />
@ </div></form>
@ </blockquote>
@
+ @ <a name="accshun"></a>
@ <p>Enter the UUID of a previous shunned artifact to cause it to be
@ accepted again in the repository. The artifact content is not
@ restored because the content is unknown. The only change is that
@ the formerly shunned artifact will be accepted on subsequent sync
@ operations.</p>
@
@ <blockquote>
@ <form method="post" action="%s(g.zTop)/%s(g.zPath)"><div>
login_insert_csrf_secret();
- @ <input type="text" name="uuid" size="50" />
+ @ <input type="text" name="uuid" value="%h(PD("accept", ""))" size="50" />
@ <input type="submit" name="sub" value="Accept" />
@ </div></form>
@ </blockquote>
@
@ <p>Press the Rebuild button below to rebuild the repository. The
Regards.
--
Isaac Jurado
"The noblest pleasure is the joy of understanding"
Leonardo da Vinci
_______________________________________________
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
