On Sun, Jul 28, 2013 at 9:47 PM, Marc Simpson <m...@0branch.com> wrote: > It seems that unshunning is currently broken. To reproduce: > > (1) Create a test repository, > > $ fsl version > This is fossil version 1.26 [a60b008f1a] 2013-07-26 15:46:01 UTC > $ fsl new tmp.fsl > $ mkdir tmp; cd tmp > $ fsl open ../tmp.fsl > $ touch a > $ fsl add a; fsl commit -m a a > $ fsl ui > > (2) Shun commit 'a' via [Admin > Shunned] in the UI. > > (3) Click on the newly shunned artifact and attempt to [Unshun]. > > Output: "Cross-site request forgery attempt".
A bug indeed. Here's a possible fix: Index: src/info.c ================================================================== --- src/info.c +++ src/info.c @@ -1427,11 +1427,11 @@ if( !g.perm.Read ){ login_needed(); return; } if( rid==0 ) fossil_redirect_home(); if( g.perm.Admin ){ const char *zUuid = db_text("", "SELECT uuid FROM blob WHERE rid=%d", rid); if( db_exists("SELECT 1 FROM shun WHERE uuid='%s'", zUuid) ){ - style_submenu_element("Unshun","Unshun", "%s/shun?uuid=%s&sub=1", + style_submenu_element("Unshun","Unshun", "%s/shun?accept=%s&sub=1#accshun", g.zTop, zUuid); }else{ style_submenu_element("Shun","Shun", "%s/shun?shun=%s#addshun", g.zTop, zUuid); } @@ -1577,11 +1577,11 @@ if( !g.perm.Read ){ login_needed(); return; } if( rid==0 ) fossil_redirect_home(); if( g.perm.Admin ){ const char *zUuid = db_text("", "SELECT uuid FROM blob WHERE rid=%d", rid); if( db_exists("SELECT 1 FROM shun WHERE uuid='%s'", zUuid) ){ - style_submenu_element("Unshun","Unshun", "%s/shun?uuid=%s&sub=1", + style_submenu_element("Unshun","Unshun", "%s/shun?accept=%s&sub=1#accshun", g.zTop, zUuid); }else{ style_submenu_element("Shun","Shun", "%s/shun?shun=%s#addshun", g.zTop, zUuid); } @@ -1685,11 +1685,11 @@ rid = name_to_rid_www("name"); if( rid==0 ){ fossil_redirect_home(); } zUuid = db_text("", "SELECT uuid FROM blob WHERE rid=%d", rid); if( g.perm.Admin ){ if( db_exists("SELECT 1 FROM shun WHERE uuid='%s'", zUuid) ){ - style_submenu_element("Unshun","Unshun", "%s/shun?uuid=%s&sub=1", + style_submenu_element("Unshun","Unshun", "%s/shun?accept=%s&sub=1#accshun", g.zTop, zUuid); }else{ style_submenu_element("Shun","Shun", "%s/shun?shun=%s#addshun", g.zTop, zUuid); } Index: src/shun.c ================================================================== --- src/shun.c +++ src/shun.c @@ -133,20 +133,21 @@ @ <input type="text" name="uuid" value="%h(PD("shun",""))" size="50" /> @ <input type="submit" name="add" value="Shun" /> @ </div></form> @ </blockquote> @ + @ <a name="accshun"></a> @ <p>Enter the UUID of a previous shunned artifact to cause it to be @ accepted again in the repository. The artifact content is not @ restored because the content is unknown. The only change is that @ the formerly shunned artifact will be accepted on subsequent sync @ operations.</p> @ @ <blockquote> @ <form method="post" action="%s(g.zTop)/%s(g.zPath)"><div> login_insert_csrf_secret(); - @ <input type="text" name="uuid" size="50" /> + @ <input type="text" name="uuid" value="%h(PD("accept", ""))" size="50" /> @ <input type="submit" name="sub" value="Accept" /> @ </div></form> @ </blockquote> @ @ <p>Press the Rebuild button below to rebuild the repository. The Regards. -- Isaac Jurado "The noblest pleasure is the joy of understanding" Leonardo da Vinci _______________________________________________ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users