subject:"\[fossil\-users\] user\(\), cgi\(\), wiki\(\) report functions"

Re: [fossil-users] user(), cgi(), wiki() report functions

2009-12-10 Thread Brian Theado

On Wed, Dec 9, 2009 at 2:45 PM, Stephan Beal  wrote:
> Were you perhaps logged in to your repo when you made it read-only? Perhaps
> fossil now cannot erase your login credentials? Try making it read/write,
> logging out, then making it read-only???

Thanks for the guess, but that wasn't the issue.

The output of this url:
http://tkoutline.sourceforge.net/cgi-bin/fossil/test_env shows the
REMOTE_ADDR env variable is being passed into fossil as 127.0.0.1.  So
it thought every connection was coming from localhost.

I fixed it by enabling the setting that forces authentication even for
localhost.

Brian
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] user(), cgi(), wiki() report functions

2009-12-09 Thread Stephan Beal

On Wed, Dec 9, 2009 at 11:55 AM, Brian Theado wrote:

> Will,Hmm.  I noticed that shortly after I sent the email.  I couldn't even
> logout.

i noticed a similar problem a couple days ago - it is impossible to log out
when connecting to a local fossil server over the localhost IP. i wanted to
test the anonymous captcha filler and had to log in over the IP my NIC gets
from my WLAN router in order to be able to log in and out. Any connections
over localhost were automatically my admin account, and i couldn't log out.

Were you perhaps logged in to your repo when you made it read-only? Perhaps
fossil now cannot erase your login credentials? Try making it read/write,
logging out, then making it read-only???

:-?

-- 
- stephan beal
http://wanderinghorse.net/home/stephan/
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] user(), cgi(), wiki() report functions

2009-12-09 Thread Brian Theado

Will,

On Wed, Dec 9, 2009 at 12:11 AM, Will Duquette  wrote:
> I click on one of your links, and found myself at your fossil repo,
> logged in as
> "btheado" with full access to the Admin settings.  Eeek!

Hmm.  I noticed that shortly after I sent the email.  I couldn't even
logout.  All I did was upload my fossil database and create the two
line cgi script.  I seem to remember some emails in this list about
creating a repo in one place and getting it installed somewhere else.
Later I can read those and see if it helps me figure out my mistake.
If anyone else knows what is going on, please let me know.

In the meantime, the database file is and has been readonly (to the
cgi script user), so any modification attempts sa me will fail.

I don't think it is possible to securely run fossil in read/write mode
on sourceforge.  I would need to make the repo file writable by the
webuser and anyone who is a member of any sourceforge project can run
a script as the webuser.  Plus, it seems that fossil stores all
passwords in plain text, so anyone with sourceforge access can read
those.

Thanks for pointing it out.

Brian
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] user(), cgi(), wiki() report functions

2009-12-08 Thread Will Duquette

Brian,

I click on one of your links, and found myself at your fossil repo,  
logged in as
"btheado" with full access to the Admin settings.  Eeek!

Will

On Dec 8, 2009, at 8:51 PM, Brian Theado wrote:

> I have ported the user() and cgi() sql functions from cvstrac to  
> fossil.
>
> Also, I implemented functionality similar to cvstrac's wiki()  
> function.
>
> I described what I did in a comment on this ticket:
> http://fossil-scm.org/index.html/info/66de526498.
>
> I have deployed a clone of the fossil repo containing my changes.  See
> the branch with my changes at
> http://tkoutline.sourceforge.net/cgi-bin/fossil/timeline?t=sql-func.
>
> I am running my modified version of fossil and created sample reports
> illustrating the cgi() and wiki functionality.
>
> Report 6 shows a count of tickets grouped by ticket type.  The count
> column in this report are wiki formatted hyperlinks to report 5.  The
> hyperlinks contain an extra url parameter named 'type'.  The value of
> this url parameter is dynamically built from the sql results.
> Clicking the link launches report 5 which uses the cgi() function to
> grab the 'type' parameter and filter the report results based on the
> value.  Essentially this is "drill-down" functionality.  Difficult for
> me to describe, but see the reports in action:
>
>http://tkoutline.sourceforge.net/cgi-bin/fossil/rptview?rn=6
>
> The sql for report 6 is:
>   
>  SELECT
>type,
>'[/rptview?rn=5&type=' || type || '|' || count(type) || ']' as  
> _wiki_count
>  FROM ticket
>  WHERE status IN ('Open', 'Verified')
>  GROUP BY type
>  ORDER BY count(type) DESC
>
> The wiki formatting is triggered by the special '_wiki_' prefix on the
> column name.
>
> The sql for report 5 has "type=cgi('type', 'Feature_Request')" in the
> where clause.
>
> Brian
> ___
> fossil-users mailing list
> fossil-users@lists.fossil-scm.org
> http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

--
will -at- wjduquette.com  | Catch our weblog,
http://foothills.wjduquette.com/blog | The View from the Foothills


___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

[fossil-users] user(), cgi(), wiki() report functions

2009-12-08 Thread Brian Theado

I have ported the user() and cgi() sql functions from cvstrac to fossil.

Also, I implemented functionality similar to cvstrac's wiki() function.

I described what I did in a comment on this ticket:
http://fossil-scm.org/index.html/info/66de526498.

I have deployed a clone of the fossil repo containing my changes.  See
the branch with my changes at
http://tkoutline.sourceforge.net/cgi-bin/fossil/timeline?t=sql-func.

I am running my modified version of fossil and created sample reports
illustrating the cgi() and wiki functionality.

Report 6 shows a count of tickets grouped by ticket type.  The count
column in this report are wiki formatted hyperlinks to report 5.  The
hyperlinks contain an extra url parameter named 'type'.  The value of
this url parameter is dynamically built from the sql results.
Clicking the link launches report 5 which uses the cgi() function to
grab the 'type' parameter and filter the report results based on the
value.  Essentially this is "drill-down" functionality.  Difficult for
me to describe, but see the reports in action:

http://tkoutline.sourceforge.net/cgi-bin/fossil/rptview?rn=6

The sql for report 6 is:

  SELECT
type,
'[/rptview?rn=5&type=' || type || '|' || count(type) || ']' as _wiki_count
  FROM ticket
  WHERE status IN ('Open', 'Verified')
  GROUP BY type
  ORDER BY count(type) DESC

The wiki formatting is triggered by the special '_wiki_' prefix on the
column name.

The sql for report 5 has "type=cgi('type', 'Feature_Request')" in the
where clause.

Brian
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] user(), cgi(), wiki() report functions

Re: [fossil-users] user(), cgi(), wiki() report functions

Re: [fossil-users] user(), cgi(), wiki() report functions

Re: [fossil-users] user(), cgi(), wiki() report functions

[fossil-users] user(), cgi(), wiki() report functions

5 matches

Site Navigation

Mail list logo

Footer information