Replying Isaac Jurado: > > Index: src/info.c > ================================================================== > --- src/info.c > +++ src/info.c > @@ -1427,11 +1427,11 @@ > if( !g.perm.Read ){ login_needed(); return; } > if( rid==0 ) fossil_redirect_home(); > if( g.perm.Admin ){ > const char *zUuid = db_text("", "SELECT uuid FROM blob WHERE rid=%d", > rid); > if( db_exists("SELECT 1 FROM shun WHERE uuid='%s'", zUuid) ){ > - style_submenu_element("Unshun","Unshun", "%s/shun?uuid=%s&sub=1", > + style_submenu_element("Unshun","Unshun", > "%s/shun?accept=%s&sub=1#accshun", > g.zTop, zUuid); > }else{ > style_submenu_element("Shun","Shun", "%s/shun?shun=%s#addshun", > g.zTop, zUuid); > } > @@ -1577,11 +1577,11 @@ > if( !g.perm.Read ){ login_needed(); return; } > if( rid==0 ) fossil_redirect_home(); > if( g.perm.Admin ){ > const char *zUuid = db_text("", "SELECT uuid FROM blob WHERE rid=%d", > rid); > if( db_exists("SELECT 1 FROM shun WHERE uuid='%s'", zUuid) ){ > - style_submenu_element("Unshun","Unshun", "%s/shun?uuid=%s&sub=1", > + style_submenu_element("Unshun","Unshun", > "%s/shun?accept=%s&sub=1#accshun", > g.zTop, zUuid); > }else{ > style_submenu_element("Shun","Shun", "%s/shun?shun=%s#addshun", > g.zTop, zUuid); > } > @@ -1685,11 +1685,11 @@ > rid = name_to_rid_www("name"); > if( rid==0 ){ fossil_redirect_home(); } > zUuid = db_text("", "SELECT uuid FROM blob WHERE rid=%d", rid); > if( g.perm.Admin ){ > if( db_exists("SELECT 1 FROM shun WHERE uuid='%s'", zUuid) ){ > - style_submenu_element("Unshun","Unshun", "%s/shun?uuid=%s&sub=1", > + style_submenu_element("Unshun","Unshun", > "%s/shun?accept=%s&sub=1#accshun", > g.zTop, zUuid); > }else{ > style_submenu_element("Shun","Shun", "%s/shun?shun=%s#addshun", > g.zTop, zUuid); > } > > Index: src/shun.c > ================================================================== > --- src/shun.c > +++ src/shun.c > @@ -133,20 +133,21 @@ > @ <input type="text" name="uuid" value="%h(PD("shun",""))" size="50" /> > @ <input type="submit" name="add" value="Shun" /> > @ </div></form> > @ </blockquote> > @ > + @ <a name="accshun"></a> > @ <p>Enter the UUID of a previous shunned artifact to cause it to be > @ accepted again in the repository. The artifact content is not > @ restored because the content is unknown. The only change is that > @ the formerly shunned artifact will be accepted on subsequent sync > @ operations.</p> > @ > @ <blockquote> > @ <form method="post" action="%s(g.zTop)/%s(g.zPath)"><div> > login_insert_csrf_secret(); > - @ <input type="text" name="uuid" size="50" /> > + @ <input type="text" name="uuid" value="%h(PD("accept", ""))" size="50" /> > @ <input type="submit" name="sub" value="Accept" /> > @ </div></form> > @ </blockquote> > @ > @ <p>Press the Rebuild button below to rebuild the repository. The
I've seen this has been addressed: http://www.fossil-scm.org/index.html/info/0b51238612 However, I'm not sure if just removing CSRF validation is a good idea, specially when repository operations are involved. The patch I proposed basically replicates the current behaviour of the "Shun" link in the artifact view to the "Unshun" link. Cheers. -- Isaac Jurado "The noblest pleasure is the joy of understanding." Leonardo da Vinci _______________________________________________ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users