Fossil

Check-in [8839378f]
Login

Check-in [8839378f]

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Add robustness to decoding of query parameters on the /wdiff page.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: 8839378fb000f16d8b29ff941799144c3307ac6d52cf78361d9f83a218a04a13
User & Date: drh 2024-05-27 09:56:59
Context
2024-05-27
10:33
Add the "Hacks" and "Non-hacks" log filters. Accessible by admins only. ... (check-in: d700ebff user: drh tags: trunk)
09:56
Add robustness to decoding of query parameters on the /wdiff page. ... (check-in: 8839378f user: drh tags: trunk)
2024-05-26
20:18
Add image/jp2 to the mime types, per forum request. ... (check-in: 2669f492 user: stephan tags: trunk)
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to src/wiki.c. 

1843
1844
1845
1846
1847
1848
1849

1850
1851
1852
1853
1854
1855
1856
1857
1858
1859
1860
1861
1862
1863
1864









1865
1866
1867
1868
1869
1870
1871

**      pid=HASH          Hash prefix for the parent.
**
** The "id" query parameter is required.  "pid" is optional.  If "pid"
** is omitted, then the diff is against the first parent of the child.
*/
void wdiff_page(void){
  const char *zId;

  const char *zPid;
  Manifest *pW1, *pW2 = 0;
  int rid1, rid2, nextRid;
  Blob w1, w2, d;
  DiffConfig DCfg;

  login_check_credentials();
  if( !g.perm.RdWiki ){ login_needed(g.anon.RdWiki); return; }
  zId = P("id");
  if( zId==0 ){
    rid1 = atoi(PD("rid","0"));
  }else{
    rid1 = name_to_typed_rid(zId, "w");
  }
  zId = db_text(0, "SELECT uuid FROM blob WHERE rid=%d", rid1);









  pW1 = manifest_get(rid1, CFTYPE_WIKI, 0);
  if( pW1==0 ) fossil_redirect_home();
  blob_init(&w1, pW1->zWiki, -1);
  zPid = P("pid");
  if( ( zPid==0 || zPid[0] == 0 ) && pW1->nParent ){
    zPid = pW1->azParent[0];
  }








>














|
>
>
>
>
>
>
>
>
>








1843
1844
1845
1846
1847
1848
1849
1850
1851
1852
1853
1854
1855
1856
1857
1858
1859
1860
1861
1862
1863
1864
1865
1866
1867
1868
1869
1870
1871
1872
1873
1874
1875
1876
1877
1878
1879
1880
1881

**      pid=HASH          Hash prefix for the parent.
**
** The "id" query parameter is required.  "pid" is optional.  If "pid"
** is omitted, then the diff is against the first parent of the child.
*/
void wdiff_page(void){
  const char *zId;
  const char *zIdFull;
  const char *zPid;
  Manifest *pW1, *pW2 = 0;
  int rid1, rid2, nextRid;
  Blob w1, w2, d;
  DiffConfig DCfg;

  login_check_credentials();
  if( !g.perm.RdWiki ){ login_needed(g.anon.RdWiki); return; }
  zId = P("id");
  if( zId==0 ){
    rid1 = atoi(PD("rid","0"));
  }else{
    rid1 = name_to_typed_rid(zId, "w");
  }
  zIdFull = db_text(0, "SELECT uuid FROM blob WHERE rid=%d", rid1);
  if( zIdFull==0 ){
    if( zId ){
      webpage_notfound_error("No such wiki page: \"%s\"", zId);
    }else{
      webpage_notfound_error("No such wiki page: %d", rid1);
    }
    return;
  }
  zId = zIdFull;
  pW1 = manifest_get(rid1, CFTYPE_WIKI, 0);
  if( pW1==0 ) fossil_redirect_home();
  blob_init(&w1, pW1->zWiki, -1);
  zPid = P("pid");
  if( ( zPid==0 || zPid[0] == 0 ) && pW1->nParent ){
    zPid = pW1->azParent[0];
  }