Re: [fossil-users] user(), cgi(), wiki() report functions
On Wed, Dec 9, 2009 at 2:45 PM, Stephan Beal wrote: > Were you perhaps logged in to your repo when you made it read-only? Perhaps > fossil now cannot erase your login credentials? Try making it read/write, > logging out, then making it read-only??? Thanks for the guess, but that wasn't the issue. The output of this url: http://tkoutline.sourceforge.net/cgi-bin/fossil/test_env shows the REMOTE_ADDR env variable is being passed into fossil as 127.0.0.1. So it thought every connection was coming from localhost. I fixed it by enabling the setting that forces authentication even for localhost. Brian ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] user(), cgi(), wiki() report functions
On Wed, Dec 9, 2009 at 11:55 AM, Brian Theado wrote: > Will,Hmm. I noticed that shortly after I sent the email. I couldn't even > logout. i noticed a similar problem a couple days ago - it is impossible to log out when connecting to a local fossil server over the localhost IP. i wanted to test the anonymous captcha filler and had to log in over the IP my NIC gets from my WLAN router in order to be able to log in and out. Any connections over localhost were automatically my admin account, and i couldn't log out. Were you perhaps logged in to your repo when you made it read-only? Perhaps fossil now cannot erase your login credentials? Try making it read/write, logging out, then making it read-only??? :-? -- - stephan beal http://wanderinghorse.net/home/stephan/ ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] user(), cgi(), wiki() report functions
Will, On Wed, Dec 9, 2009 at 12:11 AM, Will Duquette wrote: > I click on one of your links, and found myself at your fossil repo, > logged in as > "btheado" with full access to the Admin settings. Eeek! Hmm. I noticed that shortly after I sent the email. I couldn't even logout. All I did was upload my fossil database and create the two line cgi script. I seem to remember some emails in this list about creating a repo in one place and getting it installed somewhere else. Later I can read those and see if it helps me figure out my mistake. If anyone else knows what is going on, please let me know. In the meantime, the database file is and has been readonly (to the cgi script user), so any modification attempts sa me will fail. I don't think it is possible to securely run fossil in read/write mode on sourceforge. I would need to make the repo file writable by the webuser and anyone who is a member of any sourceforge project can run a script as the webuser. Plus, it seems that fossil stores all passwords in plain text, so anyone with sourceforge access can read those. Thanks for pointing it out. Brian ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] user(), cgi(), wiki() report functions
Brian, I click on one of your links, and found myself at your fossil repo, logged in as "btheado" with full access to the Admin settings. Eeek! Will On Dec 8, 2009, at 8:51 PM, Brian Theado wrote: > I have ported the user() and cgi() sql functions from cvstrac to > fossil. > > Also, I implemented functionality similar to cvstrac's wiki() > function. > > I described what I did in a comment on this ticket: > http://fossil-scm.org/index.html/info/66de526498. > > I have deployed a clone of the fossil repo containing my changes. See > the branch with my changes at > http://tkoutline.sourceforge.net/cgi-bin/fossil/timeline?t=sql-func. > > I am running my modified version of fossil and created sample reports > illustrating the cgi() and wiki functionality. > > Report 6 shows a count of tickets grouped by ticket type. The count > column in this report are wiki formatted hyperlinks to report 5. The > hyperlinks contain an extra url parameter named 'type'. The value of > this url parameter is dynamically built from the sql results. > Clicking the link launches report 5 which uses the cgi() function to > grab the 'type' parameter and filter the report results based on the > value. Essentially this is "drill-down" functionality. Difficult for > me to describe, but see the reports in action: > >http://tkoutline.sourceforge.net/cgi-bin/fossil/rptview?rn=6 > > The sql for report 6 is: > > SELECT >type, >'[/rptview?rn=5&type=' || type || '|' || count(type) || ']' as > _wiki_count > FROM ticket > WHERE status IN ('Open', 'Verified') > GROUP BY type > ORDER BY count(type) DESC > > The wiki formatting is triggered by the special '_wiki_' prefix on the > column name. > > The sql for report 5 has "type=cgi('type', 'Feature_Request')" in the > where clause. > > Brian > ___ > fossil-users mailing list > fossil-users@lists.fossil-scm.org > http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users -- will -at- wjduquette.com | Catch our weblog, http://foothills.wjduquette.com/blog | The View from the Foothills ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
[fossil-users] user(), cgi(), wiki() report functions
I have ported the user() and cgi() sql functions from cvstrac to fossil. Also, I implemented functionality similar to cvstrac's wiki() function. I described what I did in a comment on this ticket: http://fossil-scm.org/index.html/info/66de526498. I have deployed a clone of the fossil repo containing my changes. See the branch with my changes at http://tkoutline.sourceforge.net/cgi-bin/fossil/timeline?t=sql-func. I am running my modified version of fossil and created sample reports illustrating the cgi() and wiki functionality. Report 6 shows a count of tickets grouped by ticket type. The count column in this report are wiki formatted hyperlinks to report 5. The hyperlinks contain an extra url parameter named 'type'. The value of this url parameter is dynamically built from the sql results. Clicking the link launches report 5 which uses the cgi() function to grab the 'type' parameter and filter the report results based on the value. Essentially this is "drill-down" functionality. Difficult for me to describe, but see the reports in action: http://tkoutline.sourceforge.net/cgi-bin/fossil/rptview?rn=6 The sql for report 6 is: SELECT type, '[/rptview?rn=5&type=' || type || '|' || count(type) || ']' as _wiki_count FROM ticket WHERE status IN ('Open', 'Verified') GROUP BY type ORDER BY count(type) DESC The wiki formatting is triggered by the special '_wiki_' prefix on the column name. The sql for report 5 has "type=cgi('type', 'Feature_Request')" in the where clause. Brian ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users