Fossil

Check-in [de320cc3]
Login

Check-in [de320cc3]

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Return a 404-Not Found error on any attempt to access a "draft" skin that is not defined.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: de320cc33e97a7043b31bcf1b8517ee7531207d22fc0dce54ecd7332fc2b78cd
User & Date: drh 2022-02-15 21:46:21
Context
2022-02-15
23:34
Update the built-in SQLite to the latest 3.38.0 beta. ... (check-in: abd90eb5 user: drh tags: trunk)
21:46
Return a 404-Not Found error on any attempt to access a "draft" skin that is not defined. ... (check-in: de320cc3 user: drh tags: trunk)
2022-02-13
19:16
Back out check-in [5bb921dd0893a548] which was wrong - the REQUEST_URI CGI parameter should include the query string. Improve the CGI variable documentation in comments. Improve robustness to malformed CGI variables. ... (check-in: e514eeea user: drh tags: trunk)
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to src/main.c. 

1594
1595
1596
1597
1598
1599
1600




















1601
1602
1603
1604
1605
1606
1607

      zURL = mprintf("%s%T?%s", g.zHttpsURL, P("PATH_INFO"), zQS);
    }
    cgi_redirect_with_status(zURL, 301, "Moved Permanently");
    return 1;
  }
  return 0;
}





















/*
** Preconditions:
**
**  * Environment variables are set up according to the CGI standard.
**
** If the repository is known, it has already been opened.  If unknown,








>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>








1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627

      zURL = mprintf("%s%T?%s", g.zHttpsURL, P("PATH_INFO"), zQS);
    }
    cgi_redirect_with_status(zURL, 301, "Moved Permanently");
    return 1;
  }
  return 0;
}

/*
** Send a 404 Not Found reply
*/
void fossil_not_found_page(void){
#ifdef FOSSIL_ENABLE_JSON
  if(g.json.isJsonMode){
    json_err(FSL_JSON_E_RESOURCE_NOT_FOUND,NULL,1);
    return;
  }
#endif
  @ <html><head>
  @ <meta name="viewport" \
  @ content="width=device-width, initial-scale=1.0">
  @ </head><body>
  @ <h1>Not Found</h1>
  @ </body>
  cgi_set_status(404, "Not Found");
  cgi_reply();
}

/*
** Preconditions:
**
**  * Environment variables are set up according to the CGI standard.
**
** If the repository is known, it has already been opened.  If unknown,

1817
1818
1819
1820
1821
1822
1823
1824
1825
1826
1827
1828
1829
1830
1831
1832
1833
1834
1835
1836
1837
1838
1839
1840
1841
1842
1843
1844

        if( (zPathInfo[0]==0 || strcmp(zPathInfo,"/")==0)
                  && allowRepoList
                  && repo_list_page() ){
          /* Will return a list of repositories */
        }else if( zNotFound ){
          cgi_redirect(zNotFound);
        }else{
#ifdef FOSSIL_ENABLE_JSON
          if(g.json.isJsonMode){
            json_err(FSL_JSON_E_RESOURCE_NOT_FOUND,NULL,1);
            return;
          }
#endif
          @ <html><head>
          @ <meta name="viewport" \
          @ content="width=device-width, initial-scale=1.0">
          @ </head><body>
          @ <h1>Not Found</h1>
          @ </body>
          cgi_set_status(404, "Not Found");
          cgi_reply();
        }
        return;
      }
      break;
    }

    /* Add the repository name (without the ".fossil" suffix) to the end








<
<
<
<
<
<
<
<
<
<
<
<
<
|








1837
1838
1839
1840
1841
1842
1843













1844
1845
1846
1847
1848
1849
1850
1851

        if( (zPathInfo[0]==0 || strcmp(zPathInfo,"/")==0)
                  && allowRepoList
                  && repo_list_page() ){
          /* Will return a list of repositories */
        }else if( zNotFound ){
          cgi_redirect(zNotFound);
        }else{













          fossil_not_found_page();
        }
        return;
      }
      break;
    }

    /* Add the repository name (without the ".fossil" suffix) to the end

1885
1886
1887
1888
1889
1890
1891





1892
1893
1894
1895
1896
1897
1898

  */
  if( zPathInfo && strncmp(zPathInfo,"/draft",6)==0
   && zPathInfo[6]>='1' && zPathInfo[6]<='9'
   && (zPathInfo[7]=='/' || zPathInfo[7]==0)
  ){
    int iSkin = zPathInfo[6] - '0';
    char *zNewScript;





    skin_use_draft(iSkin);
    zNewScript = mprintf("%T/draft%d", P("SCRIPT_NAME"), iSkin);
    if( g.zTop ) g.zTop = mprintf("%R/draft%d", iSkin);
    if( g.zBaseURL ) g.zBaseURL = mprintf("%s/draft%d", g.zBaseURL, iSkin);
    zPathInfo += 7;
    g.nExtraURL += 7;
    cgi_replace_parameter("PATH_INFO", zPathInfo);








>
>
>
>
>








1892
1893
1894
1895
1896
1897
1898
1899
1900
1901
1902
1903
1904
1905
1906
1907
1908
1909
1910

  */
  if( zPathInfo && strncmp(zPathInfo,"/draft",6)==0
   && zPathInfo[6]>='1' && zPathInfo[6]<='9'
   && (zPathInfo[7]=='/' || zPathInfo[7]==0)
  ){
    int iSkin = zPathInfo[6] - '0';
    char *zNewScript;
    if( db_int(0,"SELECT count(*) FROM config WHERE name GLOB 'draft%d-*'",
                iSkin)<5 ){
      fossil_not_found_page();
      fossil_exit(0);
    }
    skin_use_draft(iSkin);
    zNewScript = mprintf("%T/draft%d", P("SCRIPT_NAME"), iSkin);
    if( g.zTop ) g.zTop = mprintf("%R/draft%d", iSkin);
    if( g.zBaseURL ) g.zBaseURL = mprintf("%s/draft%d", g.zBaseURL, iSkin);
    zPathInfo += 7;
    g.nExtraURL += 7;
    cgi_replace_parameter("PATH_INFO", zPathInfo);