Replying Isaac Jurado:
>
> Index: src/info.c
> ==================================================================
> --- src/info.c
> +++ src/info.c
> @@ -1427,11 +1427,11 @@
> if( !g.perm.Read ){ login_needed(); return; }
> if( rid==0 ) fossil_redirect_home();
> if( g.perm.Admin ){
> const char *zUuid = db_text("", "SELECT uuid FROM blob WHERE rid=%d",
> rid);
> if( db_exists("SELECT 1 FROM shun WHERE uuid='%s'", zUuid) ){
> - style_submenu_element("Unshun","Unshun", "%s/shun?uuid=%s&sub=1",
> + style_submenu_element("Unshun","Unshun",
> "%s/shun?accept=%s&sub=1#accshun",
> g.zTop, zUuid);
> }else{
> style_submenu_element("Shun","Shun", "%s/shun?shun=%s#addshun",
> g.zTop, zUuid);
> }
> @@ -1577,11 +1577,11 @@
> if( !g.perm.Read ){ login_needed(); return; }
> if( rid==0 ) fossil_redirect_home();
> if( g.perm.Admin ){
> const char *zUuid = db_text("", "SELECT uuid FROM blob WHERE rid=%d",
> rid);
> if( db_exists("SELECT 1 FROM shun WHERE uuid='%s'", zUuid) ){
> - style_submenu_element("Unshun","Unshun", "%s/shun?uuid=%s&sub=1",
> + style_submenu_element("Unshun","Unshun",
> "%s/shun?accept=%s&sub=1#accshun",
> g.zTop, zUuid);
> }else{
> style_submenu_element("Shun","Shun", "%s/shun?shun=%s#addshun",
> g.zTop, zUuid);
> }
> @@ -1685,11 +1685,11 @@
> rid = name_to_rid_www("name");
> if( rid==0 ){ fossil_redirect_home(); }
> zUuid = db_text("", "SELECT uuid FROM blob WHERE rid=%d", rid);
> if( g.perm.Admin ){
> if( db_exists("SELECT 1 FROM shun WHERE uuid='%s'", zUuid) ){
> - style_submenu_element("Unshun","Unshun", "%s/shun?uuid=%s&sub=1",
> + style_submenu_element("Unshun","Unshun",
> "%s/shun?accept=%s&sub=1#accshun",
> g.zTop, zUuid);
> }else{
> style_submenu_element("Shun","Shun", "%s/shun?shun=%s#addshun",
> g.zTop, zUuid);
> }
>
> Index: src/shun.c
> ==================================================================
> --- src/shun.c
> +++ src/shun.c
> @@ -133,20 +133,21 @@
> @ <input type="text" name="uuid" value="%h(PD("shun",""))" size="50" />
> @ <input type="submit" name="add" value="Shun" />
> @ </div></form>
> @ </blockquote>
> @
> + @ <a name="accshun"></a>
> @ <p>Enter the UUID of a previous shunned artifact to cause it to be
> @ accepted again in the repository. The artifact content is not
> @ restored because the content is unknown. The only change is that
> @ the formerly shunned artifact will be accepted on subsequent sync
> @ operations.</p>
> @
> @ <blockquote>
> @ <form method="post" action="%s(g.zTop)/%s(g.zPath)"><div>
> login_insert_csrf_secret();
> - @ <input type="text" name="uuid" size="50" />
> + @ <input type="text" name="uuid" value="%h(PD("accept", ""))" size="50" />
> @ <input type="submit" name="sub" value="Accept" />
> @ </div></form>
> @ </blockquote>
> @
> @ <p>Press the Rebuild button below to rebuild the repository. The
I've seen this has been addressed:
http://www.fossil-scm.org/index.html/info/0b51238612
However, I'm not sure if just removing CSRF validation is a good idea,
specially when repository operations are involved. The patch I proposed
basically replicates the current behaviour of the "Shun" link in the
artifact view to the "Unshun" link.
Cheers.
--
Isaac Jurado
"The noblest pleasure is the joy of understanding."
Leonardo da Vinci
_______________________________________________
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
