Fossil

Artifact [2ea53191]
Login

Artifact [2ea53191]

Artifact 2ea5319196adffe9fa548169098571a3cecfa1eb:

Attachment "patch" to ticket [7e32f0c1] added by anonymous 2010-08-17 02:10:54.
Index: src/add.c
===================================================================
--- src/add.c
+++ src/add.c
@@ -163,10 +163,12 @@
   for(i=2; i<g.argc; i++){
     char *zName;
     int isDir;
 
     zName = mprintf("%/", g.argv[i]);
+    file_simplify_name(zName, -1);
+
     isDir = file_isdir(zName);
     if( isDir==1 ){
       add_directory(zName, vid, &repo);
     }else if( isDir==0 ){
       fossil_fatal("not found: %s", zName);
@@ -252,10 +254,12 @@
   db_begin_transaction();
   for(i=2; i<g.argc; i++){
     char *zName;
 
     zName = mprintf("%/", g.argv[i]);
+    file_simplify_name(zName, -1);
+
     if( file_isdir(zName) == 1 ){
       del_directory_content(zName);
     } else {
       char *zPath;
       Blob pathname;

Index: src/captcha.c
===================================================================
--- src/captcha.c
+++ src/captcha.c
@@ -429,12 +429,12 @@
     );
     zSecret = db_get("captcha-secret", 0);
     assert( zSecret!=0 );
   }
   blob_init(&b, 0, 0);
-  blob_appendf(&b, "%s-%x", zSecret, seed);
+  blob_appendf(&b, "%z-%x", zSecret, seed);
   sha1sum_blob(&b, &b);
   z = blob_buffer(&b);
   memcpy(zRes, z, 8);
   zRes[8] = 0;
   return zRes;
 }

Index: src/cgi.c
===================================================================
--- src/cgi.c
+++ src/cgi.c
@@ -139,20 +139,20 @@
 }
 
 /*
 ** Additional information used to form the HTTP reply
 */
-static char *zContentType = "text/html";     /* Content type of the reply */
-static char *zReplyStatus = "OK";            /* Reply status description */
+static char zContentType[100] = "text/html";     /* Content type of the reply */
+static char zReplyStatus[100] = "OK";            /* Reply status description */
 static int iReplyStatus = 200;               /* Reply status code */
 static Blob extraHeader = BLOB_INITIALIZER;  /* Extra header text */
 
 /*
 ** Set the reply content type
 */
 void cgi_set_content_type(const char *zType){
-  zContentType = mprintf("%s", zType);
+  strncpy(zContentType, zType, sizeof(zContentType) -1);
 }
 
 /*
 ** Set the reply content to the specified BLOB.
 */
@@ -165,11 +165,11 @@
 
 /*
 ** Set the reply status code
 */
 void cgi_set_status(int iStat, const char *zStat){
-  zReplyStatus = mprintf("%s", zStat);
+  strncpy(zReplyStatus, zStat, sizeof(zReplyStatus) -1);
   iReplyStatus = iStat;
 }
 
 /*
 ** Append text to the header of an HTTP reply
@@ -260,11 +260,11 @@
 */
 void cgi_reply(void){
   int total_size;
   if( iReplyStatus<=0 ){
     iReplyStatus = 200;
-    zReplyStatus = "OK";
+    strncpy(zReplyStatus, "OK", sizeof(zReplyStatus) -1);
   }
 
 #if 0
   if( iReplyStatus==200 && check_cache_control() ) {
     /* change the status to "unchanged" and we can skip sending the
@@ -1236,17 +1236,14 @@
         child = fork();
         if( child!=0 ){
           if( child>0 ) nchildren++;
           close(connection);
         }else{
-          close(0);
-          dup(connection);
-          close(1);
-          dup(connection);
+          dup2(connection, 0);
+          dup2(connection, 1);
           if( !g.fHttpTrace && !g.fSqlTrace ){
-            close(2);
-            dup(connection);
+            dup2(connection, 2);
           }
           close(connection);
           return 0;
         }
       }

Index: src/checkin.c
===================================================================
--- src/checkin.c
+++ src/checkin.c
@@ -112,10 +112,11 @@
   blob_zero(&report);
   vid = db_lget_int("checkout", 0);
   vfile_check_signature(vid, 0);
   status_report(&report, "", 0);
   blob_write_to_file(&report, "-");
+  blob_reset(&report);
 }
 
 /*
 ** COMMAND: status
 **
@@ -123,15 +124,20 @@
 **
 ** Report on the status of the current checkout.
 */
 void status_cmd(void){
   int vid;
+  Blob out;
+
+  blob_zero(&out);
   db_must_be_within_tree();
        /* 012345678901234 */
-  printf("repository:   %s\n", db_lget("repository",""));
-  printf("local-root:   %s\n", g.zLocalRoot);
-  printf("server-code:  %s\n", db_get("server-code", ""));
+  blob_appendf(&out, "repository:   %z\n", db_lget("repository",""));
+  blob_appendf(&out, "local-root:   %s\n", g.zLocalRoot);
+  blob_appendf(&out, "server-code:  %z\n", db_get("server-code", ""));
+  blob_write_to_file(&out, "-");
+  blob_reset(&out);
   vid = db_lget_int("checkout", 0);
   if( vid ){
     show_common_info(vid, "checkout:", 0);
   }
   changes_cmd();
@@ -369,10 +375,11 @@
   int parent_rid
 ){
   const char *zEditor;
   char *zCmd;
   char *zFile;
+  char *zEditorFromDB = 0;
   Blob text, line;
   char *zComment;
   int i;
   blob_init(&text, zInit, -1);
   blob_append(&text,
@@ -393,11 +400,11 @@
       "# repositories.\n"
       "#\n", -1
     );
   }
   status_report(&text, "# ", 1);
-  zEditor = db_get("editor", 0);
+  zEditor = zEditorFromDB = db_get("editor", 0);
   if( zEditor==0 ){
     zEditor = getenv("VISUAL");
   }
   if( zEditor==0 ){
     zEditor = getenv("EDITOR");
@@ -418,10 +425,11 @@
   zCmd = mprintf("%s \"%s\"", zEditor, zFile);
   printf("%s\n", zCmd);
   if( portable_system(zCmd) ){
     fossil_panic("editor aborted");
   }
+  free(zCmd); zCmd = 0;
   blob_reset(&text);
   blob_read_from_file(&text, zFile);
   blob_remove_cr(&text);
   unlink(zFile);
   free(zFile);
@@ -440,10 +448,12 @@
   blob_reset(&text);
   zComment = blob_str(pComment);
   i = strlen(zComment);
   while( i>0 && isspace(zComment[i-1]) ){ i--; }
   blob_resize(pComment, i);
+
+  if( zEditorFromDB ) free(zEditorFromDB);
 }
 
 /*
 ** Populate the Global.aCommitFile[] based on the command line arguments
 ** to a [commit] command. Global.aCommitFile is an array of integers

Index: src/clearsign.c
===================================================================
--- src/clearsign.c
+++ src/clearsign.c
@@ -32,17 +32,18 @@
   char *zOut;
   char *zBase = db_get("pgp-command", "gpg --clearsign -o ");
   char *zCmd;
   int rc;
   if( is_false(zBase) ){
+    free(zBase);
     return 0;
   }
   zRand = db_text(0, "SELECT hex(randomblob(10))");
   zOut = mprintf("out-%s", zRand);
   zIn = mprintf("in-%z", zRand);
   blob_write_to_file(pIn, zOut);
-  zCmd = mprintf("%s %s %s", zBase, zIn, zOut);
+  zCmd = mprintf("%z %s %s", zBase, zIn, zOut);
   rc = portable_system(zCmd);
   free(zCmd);
   if( rc==0 ){
     if( pOut==pIn ){
       blob_reset(pIn);

Index: src/clone.c
===================================================================
--- src/clone.c
+++ src/clone.c
@@ -39,13 +39,15 @@
 **
 **    --admin-user|-A USERNAME
 **
 */
 void clone_cmd(void){
+  Blob out;
   char *zPassword;
   const char *zDefaultUser;   /* Optional name of the default user */
 
+  blob_zero(&out);
   url_proxy_options();
   if( g.argc < 4 ){
     usage("?OPTIONS? FILE-OR-URL NEW-REPOSITORY");
   }
   db_open_config(0);
@@ -76,11 +78,11 @@
     shun_artifacts();
     g.zLogin = db_text(0, "SELECT login FROM user WHERE cap LIKE '%%s%%'");
     if( g.zLogin==0 ){
       db_create_default_users(1,zDefaultUser);
     }
-    printf("Repository cloned into %s\n", g.argv[3]);
+    blob_appendf(&out, "Repository cloned into %s\n", g.argv[3]);
   }else{
     db_create_repository(g.argv[3]);
     db_open_repository(g.argv[3]);
     db_begin_transaction();
     db_record_repository_filename(g.argv[3]);
@@ -101,13 +103,16 @@
     db_end_transaction(0);
     db_close();
     db_open_repository(g.argv[3]);
   }
   db_begin_transaction();
-  printf("Rebuilding repository meta-data...\n");
+  blob_appendf(&out, "Rebuilding repository meta-data...\n");
   rebuild_db(0, 1);
-  printf("project-id: %s\n", db_get("project-code", 0));
-  printf("server-id:  %s\n", db_get("server-code", 0));
+  blob_appendf(&out, "project-id: %z\n", db_get("project-code", 0));
+  blob_appendf(&out, "server-id:  %z\n", db_get("server-code", 0));
   zPassword = db_text(0, "SELECT pw FROM user WHERE login=%Q", g.zLogin);
-  printf("admin-user: %s (password is \"%s\")\n", g.zLogin, zPassword);
+  blob_appendf(&out, "admin-user: %s (password is \"%z\")\n", g.zLogin, zPassword);
   db_end_transaction(0);
+
+  blob_write_to_file(&out, "-");
+  blob_reset(&out);
 }

Index: src/configure.c
===================================================================
--- src/configure.c
+++ src/configure.c
@@ -438,19 +438,19 @@
     configure_finalize_receive();
     db_end_transaction(0);
   }else
   if( strncmp(zMethod, "pull", n)==0 || strncmp(zMethod, "push", n)==0 ){
     int mask;
-    const char *zServer;
-    const char *zPw;
+    char *zServer =0;
+    char *zPw =0;
     url_proxy_options();
     if( g.argc!=4 && g.argc!=5 ){
       usage("pull AREA ?URL?");
     }
     mask = find_area(g.argv[3]);
     if( g.argc==5 ){
-      zServer = g.argv[4];
+      zServer = STRDUP(g.argv[4]);
       zPw = 0;
       g.dontKeepUrl = 1;
     }else{
       zServer = db_get("last-sync-url", 0);
       if( zServer==0 ){
@@ -458,10 +458,12 @@
       }
       zPw = db_get("last-sync-pw", 0);
     }
     url_parse(zServer);
     if( g.urlPasswd==0 && zPw ) g.urlPasswd = mprintf("%s", zPw);
+    free(zServer); zServer = 0;
+    free(zPw); zPw = 0;
     user_select();
     if( strncmp(zMethod, "push", n)==0 ){
       client_sync(0,0,0,0,mask);
     }else{
       client_sync(0,0,0,mask,0);

Index: src/db.c
===================================================================
--- src/db.c
+++ src/db.c
@@ -33,10 +33,11 @@
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <unistd.h>
 #include "db.h"
 
+
 #if INTERFACE
 /*
 ** An single SQL statement is represented as an instance of the following
 ** structure.
 */
@@ -44,10 +45,13 @@
   Blob sql;               /* The SQL for this statement */
   sqlite3_stmt *pStmt;    /* The results of sqlite3_prepare() */
   Stmt *pNext, *pPrev;    /* List of all unfinalized statements */
   int nStep;              /* Number of sqlite3_step() calls */
 };
+
+#define STRDUP(x) mprintf("%s", (x))
+
 #endif /* INTERFACE */
 
 /*
 ** Call this routine when a database error occurs.
 */
@@ -575,10 +579,13 @@
     }
   }
   va_end(ap);
   sqlite3_exec(db, "COMMIT", 0, 0, 0);
   sqlite3_close(db);
+#ifdef __MINGW32__
+  free(zFileName); /* free the memory for "sqlite3_win32_mbcs_to_utf8" */
+#endif
 }
 
 /*
 ** Open a database file.  Return a pointer to the new database
 ** connection.  An error results in process abort.
@@ -600,10 +607,13 @@
   if( rc!=SQLITE_OK ){
     db_err(sqlite3_errmsg(db));
   }
   sqlite3_busy_timeout(db, 5000);
   sqlite3_wal_autocheckpoint(db, 1);  /* Set to checkpoint frequently */
+#ifdef __MINGW32__
+  free(zDbName); /* free the memory for "sqlite3_win32_mbcs_to_utf8" */
+#endif
   return db;
 }
 
 
 /*
@@ -620,10 +630,13 @@
 #ifdef __MINGW32__
     zDbName = sqlite3_win32_mbcs_to_utf8(zDbName);
 #endif
     db_multi_exec("ATTACH DATABASE %Q AS %s", zDbName, zLabel);
     g.zRepoDb = mprintf("%s", zLabel);
+#ifdef __MINGW32__
+    free(zDbName); /* free the memory for "sqlite3_win32_mbcs_to_utf8" */
+#endif
   }
 }
 
 /*
 ** Open the user database in "~/.fossil".  Create the database anew if
@@ -684,10 +697,12 @@
     g.dbConfig = 0;
   }else{
     g.dbConfig = openDatabase(zDbName);
   }
   g.configOpen = 1;
+
+  free(zDbName);
 }
 
 /*
 ** If zDbName is a valid local database file, open it and return
 ** true.  If it is not a valid local database file, return 0.
@@ -798,17 +813,20 @@
 /*
 ** Open the repository database given by zDbName.  If zDbName==NULL then
 ** get the name from the already open local database.
 */
 void db_open_repository(const char *zDbName){
+  int needToFree = 0;   /* 1 means "zDbName" must be freed */
   if( g.repositoryOpen ) return;
   if( zDbName==0 ){
     if( g.localOpen ){
       zDbName = db_lget("repository", 0);
     }
     if( zDbName==0 ){
       db_err("unable to find the name of a repository database");
+    }else{
+        needToFree = 1;
     }
   }
   if( access(zDbName, R_OK) || file_size(zDbName)<1024 ){
     if( access(zDbName, 0) ){
       fossil_panic("repository does not exist or"
@@ -820,10 +838,12 @@
     }
   }
   db_open_or_attach(zDbName, "repository");
   g.repositoryOpen = 1;
   g.zRepositoryName = mprintf("%s", zDbName);
+
+  if( needToFree ) free(zDbName);
 }
 
 /*
 ** Try to find the repository and open it.  Use the -R or --repository
 ** option to locate the repository.  If no such option is available, then
@@ -928,29 +948,34 @@
 
 /*
 ** Create the default user accounts in the USER table.
 */
 void db_create_default_users(int setupUserOnly, const char *zDefaultUser){
-  const char *zUser;
-  zUser = db_get("default-user", 0);
-  if( zUser==0 ){
-    zUser = zDefaultUser;
-  }
+  int needToFree =0; /* 1 means that User need to be freed */
+  char *zUser;
+
+  zUser = db_get("default-user", zDefaultUser);
   if( zUser==0 ){
 #ifdef __MINGW32__
     zUser = getenv("USERNAME");
 #else
     zUser = getenv("USER");
 #endif
+  }else{
+    needToFree = 1;
   }
   if( zUser==0 ){
     zUser = "root";
   }
   db_multi_exec(
      "INSERT INTO user(login, pw, cap, info)"
      "VALUES(%Q,lower(hex(randomblob(3))),'s','')", zUser
   );
+  if( needToFree ){
+    free(zUser);
+    zUser = 0;
+  }
   if( !setupUserOnly ){
     db_multi_exec(
        "INSERT INTO user(login,pw,cap,info)"
        "   VALUES('anonymous',hex(randomblob(8)),'ghmncz','Anon');"
        "INSERT INTO user(login,pw,cap,info)"
@@ -1037,14 +1062,16 @@
 **    --admin-user|-A USERNAME
 **    --date-override DATETIME
 **
 */
 void create_repository_cmd(void){
+  Blob out;
   char *zPassword;
   const char *zDate;          /* Date of the initial check-in */
   const char *zDefaultUser;   /* Optional name of the default user */
 
+  blob_zero(&out);
   zDate = find_option("date-override",0,1);
   zDefaultUser = find_option("admin-user","A",1);
   if( zDate==0 ) zDate = "now";
   if( g.argc!=3 ){
     usage("REPOSITORY-NAME");
@@ -1053,14 +1080,18 @@
   db_open_repository(g.argv[2]);
   db_open_config(0);
   db_begin_transaction();
   db_initial_setup(zDate, zDefaultUser, 1);
   db_end_transaction(0);
-  printf("project-id: %s\n", db_get("project-code", 0));
-  printf("server-id:  %s\n", db_get("server-code", 0));
+  blob_appendf(&out, "project-id: %z\n", db_get("project-code", 0));
+  blob_appendf(&out, "server-id:  %z\n", db_get("server-code", 0));
   zPassword = db_text(0, "SELECT pw FROM user WHERE login=%Q", g.zLogin);
-  printf("admin-user: %s (initial password is \"%s\")\n", g.zLogin, zPassword);
+  blob_appendf(&out, "admin-user: %s (initial password is \"%z\")\n", g.zLogin, zPassword);
+  zPassword = 0;
+
+  blob_write_to_file(&out, "-");
+  blob_reset(&out);
 }
 
 /*
 ** SQL functions for debugging.
 **
@@ -1272,12 +1303,12 @@
   if( z==0 && g.configOpen ){
     db_swap_connections();
     z = db_text(0, "SELECT value FROM global_config WHERE name=%Q", zName);
     db_swap_connections();
   }
-  if( z==0 ){
-    z = zDefault;
+  if( z==0 && zDefault){
+    z = STRDUP(zDefault);
   }
   return z;
 }
 void db_set(const char *zName, const char *zValue, int globalFlag){
   db_begin_transaction();
@@ -1352,14 +1383,22 @@
   if( globalFlag && g.repositoryOpen ){
     db_multi_exec("DELETE FROM config WHERE name=%Q", zName);
   }
 }
 int db_get_boolean(const char *zName, int dflt){
+  int val = -1;
   char *zVal = db_get(zName, dflt ? "on" : "off");
-  if( is_truth(zVal) ) return 1;
-  if( is_false(zVal) ) return 0;
-  return dflt;
+  if( is_truth(zVal) ){
+    val = 1;
+  }else
+  if( is_false(zVal) ){
+    val = 0;
+  }else{
+    val = dflt;
+  }
+  free(zVal);
+  return val;
 }
 char *db_lget(const char *zName, char *zDefault){
   return db_text((char*)zDefault,
                  "SELECT value FROM vvar WHERE name=%Q", zName);
 }

Index: src/diff.c
===================================================================
--- src/diff.c
+++ src/diff.c
@@ -526,13 +526,14 @@
     blob_read_from_file(&b, g.argv[i]);
     R = text_diff(&a, &b, 0, 0);
     for(r=0; R[r] || R[r+1] || R[r+2]; r += 3){
       printf(" copy %4d  delete %4d  insert %4d\n", R[r], R[r+1], R[r+2]);
     }
-    /* free(R); */
+    free(R);
     blob_reset(&b);
   }
+  blob_reset(&a);
 }
 
 /*
 ** COMMAND: test-udiff
 */
@@ -542,10 +543,13 @@
   blob_read_from_file(&a, g.argv[2]);
   blob_read_from_file(&b, g.argv[3]);
   blob_zero(&out);
   text_diff(&a, &b, &out, 3);
   blob_write_to_file(&out, "-");
+  blob_reset(&a);
+  blob_reset(&b);
+  blob_reset(&out);
 }
 
 /**************************************************************************
 ** The basic difference engine is above.  What follows is the annotation
 ** engine.  Both are in the same file since they share many components.

Index: src/doc.c
===================================================================
--- src/doc.c
+++ src/doc.c
@@ -546,17 +546,19 @@
 ** the login page.  It is designed for use in the upper left-hand corner
 ** of the header.
 */
 void logo_page(void){
   Blob logo;
-  char *zMime;
+  char *zMime = 0;
 
   zMime = db_get("logo-mimetype", "image/gif");
   blob_zero(&logo);
   db_blob(&logo, "SELECT value FROM config WHERE name='logo-image'");
   if( blob_size(&logo)==0 ){
     blob_init(&logo, (char*)aLogo, sizeof(aLogo));
   }
   cgi_set_content_type(zMime);
+  free(zMime);
+  zMime = 0;
   cgi_set_content(&logo);
   g.isConst = 1;
 }

Index: src/file.c
===================================================================
--- src/file.c
+++ src/file.c
@@ -16,14 +16,17 @@
 *******************************************************************************
 **
 ** File utilities
 */
 #include "config.h"
+#include "file.h"
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <unistd.h>
-#include "file.h"
+#ifdef __MINGW32__           /* This code is for win32 only */
+#include <windows.h>
+#endif
 
 /*
 ** The file status information from the most recent stat() call.
 */
 static struct stat fileStat;
@@ -127,10 +130,15 @@
 
 /*
 ** Copy the content of a file from one place to another.
 */
 void file_copy(const char *zFrom, const char *zTo){
+#if defined(__MINGW32__) && WINVER>=0x0500
+  if(0==CopyFile(zFrom, zTo, 1) ){
+      fossil_fatal("cannot copy file from \"%s\" to \"%s\"", zFrom, zTo);
+  }
+#else
   FILE *in, *out;
   int got;
   char zBuf[8192];
   in = fopen(zFrom, "rb");
   if( in==0 ) fossil_fatal("cannot open \"%s\" for reading", zFrom);
@@ -139,10 +147,11 @@
   while( (got=fread(zBuf, 1, sizeof(zBuf), in))>0 ){
     fwrite(zBuf, 1, got, out);
   }
   fclose(in);
   fclose(out);
+#endif
 }
 
 /*
 ** Set or clear the execute bit on a file.
 */

Index: src/main.c
===================================================================
--- src/main.c
+++ src/main.c
@@ -615,11 +615,11 @@
 
 /*
 ** Send an HTTP redirect back to the designated Index Page.
 */
 void fossil_redirect_home(void){
-  cgi_redirectf("%s%s", g.zBaseURL, db_get("index-page", "/index"));
+  cgi_redirectf("%s%z", g.zBaseURL, db_get("index-page", "/index"));
 }
 
 /*
 ** If running as root, chroot to the directory containing the
 ** repository zRepo and then drop root privileges.  Return the
@@ -992,11 +992,11 @@
 ** various repositories.
 */
 void cmd_webserver(void){
   int iPort, mxPort;        /* Range of TCP ports allowed */
   const char *zPort;        /* Value of the --port option */
-  char *zBrowser;           /* Name of web browser program */
+  char *zBrowser = 0;           /* Name of web browser program */
   char *zBrowserCmd = 0;    /* Command to launch the web browser */
   int isUiCmd;              /* True if command is "ui", not "server' */
   const char *zNotFound;    /* The --notfound option or NULL */
 
 #ifdef __MINGW32__
@@ -1032,10 +1032,11 @@
         if( binaryOnPath(azBrowserProg[i]) ){
           zBrowser = azBrowserProg[i];
           break;
         }
       }
+      zBrowser = mprintf("%s", zBrowser); /* ensure zBrowser always point to dynamic string */
     }
 #else
     zBrowser = db_get("web-browser", "open");
 #endif
     zBrowserCmd = mprintf("%s http://localhost:%%d/ &", zBrowser);
@@ -1061,6 +1062,10 @@
     zBrowserCmd = mprintf("%s http://127.0.0.1:%%d/", zBrowser);
   }
   db_close();
   win32_http_server(iPort, mxPort, zBrowserCmd, zStopperFile, zNotFound);
 #endif
+  if( isUiCmd ){
+    free(zBrowserCmd); zBrowserCmd = 0;
+    free(zBrowser); zBrowser = 0;
+  }
 }

Index: src/style.c
===================================================================
--- src/style.c
+++ src/style.c
@@ -112,11 +112,11 @@
 
 /*
 ** Draw the footer at the bottom of the page.
 */
 void style_footer(void){
-  const char *zFooter;
+  char *zFooter = 0;
 
   if( !headerHasBeenGenerated ) return;
 
   /* Go back and put the submenu at the top of the page.  We delay the
   ** creation of the submenu until the end so that we can add elements
@@ -152,10 +152,12 @@
   if( g.thTrace ){
     cgi_append_content("<font color=\"red\"><hr>\n", -1);
     cgi_append_content(blob_str(&g.thLog), blob_size(&g.thLog));
     cgi_append_content("</font>\n", -1);
   }
+
+  free(zFooter); zFooter = 0;
 }
 
 /*
 ** Begin a side-box on the right-hand side of a page.  The title and
 ** the width of the box are given as arguments.  The width is usually

Index: src/user.c
===================================================================
--- src/user.c
+++ src/user.c
@@ -272,24 +272,32 @@
   }
 }
 
 /*
 ** Attempt to set the user to zLogin
+** Notice: argument "zLogin" must be dynamically allocated strings.
 */
-static int attempt_user(const char *zLogin){
+static int attempt_user_nocopy(const char *zLogin){
   int uid;
 
   if( zLogin==0 ){
     return 0;
   }
   uid = db_int(0, "SELECT uid FROM user WHERE login=%Q", zLogin);
   if( uid ){
     g.userUid = uid;
-    g.zLogin = mprintf("%s", zLogin);
+    g.zLogin = zLogin;
     return 1;
   }
   return 0;
+}
+
+/*
+** Attempt to set the user to zLogin
+*/
+static int attempt_user(const char *zLogin){
+    attempt_user_nocopy(STRDUP(zLogin));
 }
 
 /*
 ** Figure out what user is at the controls.
 **
@@ -309,13 +317,13 @@
   Stmt s;
 
   if( g.userUid ) return;
   if( attempt_user(g.zLogin) ) return;
 
-  if( g.localOpen && attempt_user(db_lget("default-user",0)) ) return;
+  if( g.localOpen && attempt_user_nocopy(db_lget("default-user",0)) ) return;
 
-  if( attempt_user(db_get("default-user", 0)) ) return;
+  if( attempt_user_nocopy(db_get("default-user", 0)) ) return;
 
   if( attempt_user(getenv("USER")) ) return;
 
   db_prepare(&s,
     "SELECT uid, login FROM user"

Index: src/wiki.c
===================================================================
--- src/wiki.c
+++ src/wiki.c
@@ -366,10 +366,12 @@
   @ </form>
   if( !isSandbox ){
     manifest_clear(&m);
   }
   style_footer();
+
+  free(zBody);
 }
 
 /*
 ** WEBPAGE: wikinew
 ** URL /wikinew
@@ -469,11 +471,11 @@
     Blob wiki;
     Manifest m;
 
     blob_zero(&body);
     if( isSandbox ){
-      blob_appendf(&body, db_get("sandbox",""));
+      blob_appendf(&body, "%z", db_get("sandbox",""));
       appendRemark(&body);
       db_set("sandbox", blob_str(&body), 0);
     }else{
       login_verify_csrf_secret();
       content_get(rid, &content);

Index: src/wikiformat.c
===================================================================
--- src/wikiformat.c
+++ src/wikiformat.c
@@ -937,11 +937,11 @@
   memcpy(zUpper, zLower, n+1);
   zUpper[n-1]++;
   if( once ){
     const char *zClosedExpr = db_get("ticket-closed-expr", "status='Closed'");
     db_static_prepare(&q,
-      "SELECT %s FROM ticket "
+      "SELECT %z FROM ticket "
       " WHERE tkt_uuid>=:lwr AND tkt_uuid<:upr",
       zClosedExpr
     );
     once = 0;
   }

Index: src/xfer.c
===================================================================
--- src/xfer.c
+++ src/xfer.c
@@ -678,11 +678,11 @@
     if( xfer.nToken==3
      && (blob_eq(&xfer.aToken[0], "pull") || blob_eq(&xfer.aToken[0], "push"))
      && blob_is_uuid(&xfer.aToken[1])
      && blob_is_uuid(&xfer.aToken[2])
     ){
-      const char *zPCode;
+      char *zPCode = 0;
       zPCode = db_get("project-code", 0);
       if( zPCode==0 ){
         fossil_panic("missing project code");
       }
       if( !blob_eq_str(&xfer.aToken[2], zPCode, -1) ){
@@ -689,10 +689,13 @@
         cgi_reset_content();
         @ error wrong\sproject
         nErr++;
         break;
       }
+      free(zPCode);
+      zPCode = 0;
+
       login_check_credentials();
       if( blob_eq(&xfer.aToken[0], "pull") ){
         if( !g.okRead ){
           cgi_reset_content();
           @ error not\sauthorized\sto\sread
@@ -721,19 +724,19 @@
     */
     if( blob_eq(&xfer.aToken[0], "clone") ){
       login_check_credentials();
       if( !g.okClone ){
         cgi_reset_content();
-        @ push %s(db_get("server-code", "x")) %s(db_get("project-code", "x"))
+        @ push %z(db_get("server-code", "x")) %z(db_get("project-code", "x"))
         @ error not\sauthorized\sto\sclone
         nErr++;
         break;
       }
       isClone = 1;
       isPull = 1;
       deltaFlag = 1;
-      @ push %s(db_get("server-code", "x")) %s(db_get("project-code", "x"))
+      @ push %z(db_get("server-code", "x")) %z(db_get("project-code", "x"))
     }else
 
     /*    login  USER  NONCE  SIGNATURE
     **
     ** Check for a valid login.  This has to happen before anything else.
@@ -936,17 +939,17 @@
   int size;               /* Size of a config value */
   int nFileSend = 0;
   int origConfigRcvMask;  /* Original value of configRcvMask */
   int nFileRecv;          /* Number of files received */
   int mxPhantomReq = 200; /* Max number of phantoms to request per comm */
-  const char *zCookie;    /* Server cookie */
+  char *zCookie = 0;    /* Server cookie */
   int nSent, nRcvd;       /* Bytes sent and received (after compression) */
   Blob send;              /* Text we are sending to the server */
   Blob recv;              /* Reply we got back from the server */
   Xfer xfer;              /* Transfer data */
-  const char *zSCode = db_get("server-code", "x");
-  const char *zPCode = db_get("project-code", 0);
+  char *zSCode = db_get("server-code", "x");
+  char *zPCode = db_get("project-code", 0);
 
   if( db_get_boolean("dont-push", 0) ) pushFlag = 0;
   if( pushFlag + pullFlag + cloneFlag == 0
      && configRcvMask==0 && configSendMask==0 ) return;
 
@@ -997,11 +1000,13 @@
     /* Send make the most recently received cookie.  Let the server
     ** figure out if this is a cookie that it cares about.
     */
     zCookie = db_get("cookie", 0);
     if( zCookie ){
-      blob_appendf(&send, "cookie %s\n", zCookie);
+      blob_appendf(&send, "cookie %z\n", zCookie);
+
+      zCookie = 0;
     }
 
     /* Generate gimme cards for phantoms and leaf cards
     ** for all leaves.
     */
@@ -1317,6 +1322,9 @@
   transport_close();
   transport_global_shutdown();
   db_multi_exec("DROP TABLE onremote");
   manifest_crosslink_end();
   db_end_transaction(0);
+
+  free(zSCode); zSCode = 0;
+  free(zPCode); zPCode = 0;
 }