Collection of themes/skins for the Fossil SCM

⌈⌋ ⎇ branch:  Fossil Skins Extra


Hex Artifact Content

Download

Artifact 0fc418fe1e823633436a63f6eff90879559bd11e:

  • File features/sql.th1 — part of check-in [82270c3d74] at 2015-02-09 01:52:44 on branch trunk — Split up th1x into individual sections (basic control structures, str, sql functions, and github-specific ui:: functions). Rename changelog to hooks. (user: mario size: 1153) 
0000: 0a 23 2d 2d 20 57 68 69 74 65 6c 69 73 74 20 66  .#-- Whitelist f
0010: 6f 72 20 53 51 4c 20 70 61 72 61 6d 73 0a 23 20  or SQL params.# 
0020: 4a 75 73 74 20 72 65 61 6c 69 7a 65 64 20 74 68  Just realized th
0030: 69 73 20 69 73 20 72 65 64 75 6e 64 61 6e 74 3b  is is redundant;
0040: 20 62 65 63 61 75 73 65 20 71 75 65 72 79 20 7b   because query {
0050: 7d 20 61 63 63 65 70 74 73 0a 23 20 75 6e 69 6e  } accepts.# unin
0060: 74 65 72 70 6f 6c 61 74 65 64 20 5c 24 76 61 72  terpolated \$var
0070: 6e 61 6d 65 73 20 61 73 20 70 61 72 61 6d 65 74  names as paramet
0080: 65 72 20 70 6c 61 63 65 68 6f 6c 64 65 72 73 2e  er placeholders.
0090: 0a 70 72 6f 63 20 73 71 6c 3a 3a 61 6c 6c 6f 77  .proc sql::allow
00a0: 65 64 20 7b 73 74 72 7d 20 7b 0a 20 20 20 72 65  ed {str} {.   re
00b0: 74 75 72 6e 20 5b 72 65 67 65 78 70 20 7b 5e 5b  turn [regexp {^[
00c0: 2d 61 2d 7a 41 2d 5a 30 2d 39 20 21 24 26 2f 28  -a-zA-Z0-9 !$&/(
00d0: 29 7b 7d 3d 3c 3e 2c 2e 3b 3a 5f 2b 23 2a 40 5d  ){}=<>,.;:_+#*@]
00e0: 2b 24 7d 20 24 73 74 72 5d 0a 7d 0a 23 2d 2d 20  +$} $str].}.#-- 
00f0: 41 6c 73 6f 20 70 72 6f 68 69 62 69 74 20 72 65  Also prohibit re
0100: 67 65 78 20 73 70 65 63 69 61 6c 20 63 68 61 72  gex special char
0110: 73 0a 70 72 6f 63 20 73 71 6c 3a 3a 61 6c 6c 6f  s.proc sql::allo
0120: 77 65 64 5f 72 65 67 65 78 70 20 7b 73 74 72 7d  wed_regexp {str}
0130: 20 7b 0a 20 20 20 72 65 74 75 72 6e 20 5b 72 65   {.   return [re
0140: 67 65 78 70 20 7b 5e 5b 2d 61 2d 7a 41 2d 5a 30  gexp {^[-a-zA-Z0
0150: 2d 39 20 21 24 26 2f 20 20 20 20 3d 3c 3e 2c 2e  -9 !$&/    =<>,.
0160: 3b 3a 5f 20 23 20 40 5d 2b 24 7d 20 24 73 74 72  ;:_ # @]+$} $str
0170: 5d 0a 7d 0a 0a 0a 23 2d 2d 20 43 68 65 63 6b 20  ].}...#-- Check 
0180: 66 6f 72 20 65 78 69 73 74 65 6e 63 65 20 6f 66  for existence of
0190: 20 77 69 6b 69 20 70 61 67 65 0a 70 72 6f 63 20   wiki page.proc 
01a0: 73 71 6c 3a 3a 70 61 67 65 5f 65 78 69 73 74 73  sql::page_exists
01b0: 20 7b 6e 61 6d 65 7d 20 7b 0a 20 20 20 71 75 65   {name} {.   que
01c0: 72 79 20 7b 53 45 4c 45 43 54 20 31 20 46 52 4f  ry {SELECT 1 FRO
01d0: 4d 20 74 61 67 20 57 48 45 52 45 20 74 61 67 6e  M tag WHERE tagn
01e0: 61 6d 65 20 3d 20 28 27 77 69 6b 69 2d 27 20 7c  ame = ('wiki-' |
01f0: 7c 20 24 6e 61 6d 65 29 7d 20 7b 20 72 65 74 75  | $name)} { retu
0200: 72 6e 20 31 20 7d 0a 20 20 20 72 65 74 75 72 6e  rn 1 }.   return
0210: 20 30 0a 7d 0a 0a 0a 23 2d 2d 20 43 68 65 63 6b   0.}...#-- Check
0220: 20 69 66 20 65 78 61 63 74 20 66 69 6c 65 20 6e   if exact file n
0230: 61 6d 65 20 28 69 6e 63 6c 75 64 69 6e 67 20 70  ame (including p
0240: 61 74 68 29 20 65 78 69 73 74 73 20 69 6e 20 72  ath) exists in r
0250: 65 70 6f 73 69 74 6f 72 79 0a 70 72 6f 63 20 73  epository.proc s
0260: 71 6c 3a 3a 66 69 6c 65 5f 65 78 69 73 74 73 20  ql::file_exists 
0270: 7b 6e 61 6d 65 7d 20 7b 0a 20 20 20 71 75 65 72  {name} {.   quer
0280: 79 20 7b 53 45 4c 45 43 54 20 31 20 46 52 4f 4d  y {SELECT 1 FROM
0290: 20 66 69 6c 65 6e 61 6d 65 20 57 48 45 52 45 20   filename WHERE 
02a0: 6e 61 6d 65 20 3d 20 24 6e 61 6d 65 7d 20 7b 20  name = $name} { 
02b0: 72 65 74 75 72 6e 20 31 20 7d 0a 20 20 20 72 65  return 1 }.   re
02c0: 74 75 72 6e 20 30 0a 7d 0a 0a 0a 23 2d 2d 20 46  turn 0.}...#-- F
02d0: 69 6e 64 20 66 69 6c 65 20 62 79 20 62 61 73 65  ind file by base
02e0: 6e 61 6d 65 0a 70 72 6f 63 20 73 71 6c 3a 3a 66  name.proc sql::f
02f0: 69 6e 64 5f 66 69 6c 65 20 7b 70 61 74 68 7d 20  ind_file {path} 
0300: 7b 0a 20 20 20 69 66 20 7b 21 5b 73 71 6c 3a 3a  {.   if {![sql::
0310: 61 6c 6c 6f 77 65 64 5f 72 65 67 65 78 70 20 24  allowed_regexp $
0320: 70 61 74 68 5d 7d 20 7b 20 72 65 74 75 72 6e 20  path]} { return 
0330: 30 20 7d 0a 20 20 20 71 75 65 72 79 20 7b 53 45  0 }.   query {SE
0340: 4c 45 43 54 20 6e 61 6d 65 20 46 52 4f 4d 20 66  LECT name FROM f
0350: 69 6c 65 6e 61 6d 65 20 57 48 45 52 45 20 6e 61  ilename WHERE na
0360: 6d 65 20 52 45 47 45 58 50 20 28 27 28 5e 7c 2f  me REGEXP ('(^|/
0370: 29 27 20 7c 7c 20 24 70 61 74 68 20 7c 7c 20 27  )' || $path || '
0380: 5c 24 27 29 7d 20 7b 20 72 65 74 75 72 6e 20 24  \$')} { return $
0390: 6e 61 6d 65 20 7d 0a 20 20 20 72 65 74 75 72 6e  name }.   return
03a0: 20 22 22 0a 7d 0a 0a 0a 23 2d 2d 20 43 68 65 63   "".}...#-- Chec
03b0: 6b 20 69 66 20 64 69 72 65 63 74 6f 72 79 20 65  k if directory e
03c0: 78 69 73 74 73 0a 70 72 6f 63 20 73 71 6c 3a 3a  xists.proc sql::
03d0: 64 69 72 5f 65 78 69 73 74 73 20 7b 70 61 74 68  dir_exists {path
03e0: 7d 20 7b 0a 20 20 20 69 66 20 7b 21 5b 73 71 6c  } {.   if {![sql
03f0: 3a 3a 61 6c 6c 6f 77 65 64 5f 72 65 67 65 78 70  ::allowed_regexp
0400: 20 24 70 61 74 68 5d 7d 20 7b 20 72 65 74 75 72   $path]} { retur
0410: 6e 20 30 20 7d 0a 20 20 20 71 75 65 72 79 20 7b  n 0 }.   query {
0420: 53 45 4c 45 43 54 20 6e 61 6d 65 20 46 52 4f 4d  SELECT name FROM
0430: 20 66 69 6c 65 6e 61 6d 65 20 57 48 45 52 45 20   filename WHERE 
0440: 6e 61 6d 65 20 52 45 47 45 58 50 20 28 27 5e 27  name REGEXP ('^'
0450: 20 7c 7c 20 24 70 61 74 68 20 7c 7c 20 27 2f 2e   || $path || '/.
0460: 2b 27 29 7d 20 7b 20 72 65 74 75 72 6e 20 31 20  +')} { return 1 
0470: 7d 0a 20 20 20 72 65 74 75 72 6e 20 30 0a 7d 0a  }.   return 0.}.
0480: 0a                                               .