Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
Comment: | Rename variable g.zUrlSuffix to g.zRelReqURI (Relative Request URI). Provide it to TH1 interpreter as $relrequri. |
---|---|
Downloads: | Tarball | ZIP archive | SQL archive |
Timelines: | family | ancestors | descendants | both | base-href-fix |
Files: | files | file ages | folders |
SHA3-256: |
05e3fa76bee4003b8a10d90e6d3861f2 |
User & Date: | george 2022-02-13 17:54:07 |
Original Comment: | Rename variable g.zUrlSuffix to g.zRelReqURI (Relative Request URI). Provide it to TH1 interpreter as . |
Context
2022-02-14
| ||
22:43 |
Make style_set_base_href_suffix() safe for misuse:
if the resulting suffix contains unescaped quotes then escape them.
$base_href_suffix is intended for interpolation inside
of the quoted href attribute. This check-in should address the case
when a user of malfunctioning browser (which mishandles quoting)
is tricked by an adversary to visit a specially crafted hyperlink.
...
(check-in: d97752f3 user: george tags: base-href-fix)
| |
2022-02-13
| ||
17:54 | Rename variable g.zUrlSuffix to g.zRelReqURI (Relative Request URI). Provide it to TH1 interpreter as $relrequri. ... (check-in: 05e3fa76 user: george tags: base-href-fix) | |
16:00 |
Fix hyperlinks on the /winfo page. These were broken when a page was rendered through /info/HASH of /winfo/HASH aliases.
...
(check-in: 5ce372ce user: george tags: base-href-fix)
| |
Changes
Changes to src/main.c.
︙ | ︙ | |||
177 178 179 180 181 182 183 | char *zSshCmd; /* SSH command string */ const char *zHttpCmd; /* External program to do HTTP requests */ int fNoSync; /* Do not do an autosync ever. --nosync */ int fIPv4; /* Use only IPv4, not IPv6. --ipv4 */ char *zPath; /* Name of webpage being served */ char *zExtra; /* Extra path information past the webpage name */ char *zBaseURL; /* Full URL for the toplevel of the fossil tree */ | | | | 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 | char *zSshCmd; /* SSH command string */ const char *zHttpCmd; /* External program to do HTTP requests */ int fNoSync; /* Do not do an autosync ever. --nosync */ int fIPv4; /* Use only IPv4, not IPv6. --ipv4 */ char *zPath; /* Name of webpage being served */ char *zExtra; /* Extra path information past the webpage name */ char *zBaseURL; /* Full URL for the toplevel of the fossil tree */ const char *zRelReqURI; /* Relative Request URI (includes QUERY_STRING) zBaseUrl/zRelReqURI == Full text of the URL being served */ char *zHttpsURL; /* zBaseURL translated to https: */ char *zTop; /* Parent directory of zPath */ int nExtraURL; /* Extra bytes added to SCRIPT_NAME */ const char *zExtRoot; /* Document root for the /ext sub-website */ const char *zContentType; /* The content type of the input HTTP request */ int iErrPriority; /* Priority of current error message */ char *zErrMsg; /* Text of an error message */ |
︙ | ︙ | |||
1415 1416 1417 1418 1419 1420 1421 | g.zHttpsURL = mprintf("https://%s%.*s", z, i, zCur); } fossil_free(z); } zRU = PD("REQUEST_URI",""); nTop = strlen( g.zTop ); | | | | | 1415 1416 1417 1418 1419 1420 1421 1422 1423 1424 1425 1426 1427 1428 1429 1430 1431 | g.zHttpsURL = mprintf("https://%s%.*s", z, i, zCur); } fossil_free(z); } zRU = PD("REQUEST_URI",""); nTop = strlen( g.zTop ); g.zRelReqURI = strncmp(zRU,g.zTop,nTop) ? "" : zRU+nTop; if(g.zRelReqURI[0]=='/') g.zRelReqURI++; g.zRelReqURI = fossil_strdup( g.zRelReqURI ); /* Try to record the base URL as a CONFIG table entry with a name ** of the form: "baseurl:BASE". This keeps a record of how the ** the repository is used as a server, to help in answering questions ** like "where is the CGI script that references this repository?" ** ** This is just a logging hint. So don't worry if it cannot be done. |
︙ | ︙ |
Changes to src/style.c.
︙ | ︙ | |||
404 405 406 407 408 409 410 | va_start(ap, zFormat); local_zCurrentPage = vmprintf(zFormat, ap); va_end(ap); } } /* Use this for the $base_href_suffix variable if it is not NULL. | | | | 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 | va_start(ap, zFormat); local_zCurrentPage = vmprintf(zFormat, ap); va_end(ap); } } /* Use this for the $base_href_suffix variable if it is not NULL. ** If it is NULL then use g.zRelReqURI */ static char *local_zBaseHrefSuffix = 0; /* ** Set the desired $base_href_suffix to something other than g.zRelReqURI */ void style_set_base_href_suffix(const char *zFormat, ...){ fossil_free(local_zBaseHrefSuffix); if( zFormat==0 ){ local_zBaseHrefSuffix = 0; }else{ va_list ap; |
︙ | ︙ | |||
788 789 790 791 792 793 794 | Th_Store("baseurl", g.zBaseURL); Th_Store("secureurl", fossil_wants_https(1)? g.zHttpsURL: g.zBaseURL); Th_Store("home", g.zTop); Th_Store("index_page", db_get("index-page","/home")); if( local_zCurrentPage==0 ) style_set_current_page("%T", g.zPath); Th_Store("current_page", local_zCurrentPage); if( local_zBaseHrefSuffix==0 ){ | | | | | 788 789 790 791 792 793 794 795 796 797 798 799 800 801 802 803 804 805 806 | Th_Store("baseurl", g.zBaseURL); Th_Store("secureurl", fossil_wants_https(1)? g.zHttpsURL: g.zBaseURL); Th_Store("home", g.zTop); Th_Store("index_page", db_get("index-page","/home")); if( local_zCurrentPage==0 ) style_set_current_page("%T", g.zPath); Th_Store("current_page", local_zCurrentPage); if( local_zBaseHrefSuffix==0 ){ style_set_base_href_suffix("%s",g.zRelReqURI); /* %s because g.zRelReqURI is already encoded (FIXME: really so?) */ } Th_Store("base_href_suffix", local_zBaseHrefSuffix); Th_Store("relrequri", g.zRelReqURI); Th_Store("csrf_token", g.zCsrfToken); Th_Store("release_version", RELEASE_VERSION); Th_Store("manifest_version", MANIFEST_VERSION); Th_Store("manifest_date", MANIFEST_DATE); Th_Store("compiler_name", COMPILER_NAME); Th_Store("mainmenu", style_get_mainmenu()); stylesheet_url_var(); |
︙ | ︙ | |||
1407 1408 1409 1410 1411 1412 1413 | if( isAuth ){ #if !defined(_WIN32) @ uid=%d(getuid()), gid=%d(getgid())<br /> #endif @ g.zBaseURL = %h(g.zBaseURL)<br /> @ g.zHttpsURL = %h(g.zHttpsURL)<br /> | | | 1407 1408 1409 1410 1411 1412 1413 1414 1415 1416 1417 1418 1419 1420 1421 | if( isAuth ){ #if !defined(_WIN32) @ uid=%d(getuid()), gid=%d(getgid())<br /> #endif @ g.zBaseURL = %h(g.zBaseURL)<br /> @ g.zHttpsURL = %h(g.zHttpsURL)<br /> @ g.zRelReqURI = %h(g.zRelReqURI)<br /> @ g.zTop = %h(g.zTop)<br /> @ g.zPath = %h(g.zPath)<br /> @ g.userUid = %d(g.userUid)<br /> @ g.zLogin = %h(g.zLogin)<br /> @ g.isHuman = %d(g.isHuman)<br /> @ g.javascriptHyperlink = %d(g.javascriptHyperlink)<br /> if( g.nRequest ){ |
︙ | ︙ |