Fossil

Check-in [45341a28]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Reverted [5abc0f6e7] because testing has shown the referrer to simply be too fragile and subject to browser-side whims (which also includes the option to send only the scheme and host, without the path, as the referrer, which breaks what that commit did). Now style.css supports both style.css/pagename and style.css?page=name, preferring the former, pending a decision on which one of those syntaxes the other devs prefer.
Downloads: Tarball | ZIP archive
Timelines: family | ancestors | descendants | both | style-css-revamp
Files: files | file ages | folders
SHA3-256: 45341a2869324d1c57d3f5ca8ef5d98768d021dd5c28ce58ed200fc4268a57bb
User & Date: stephan 2020-05-18 12:32:47.256
Context
2020-05-26
06:47
merged in trunk. ... (Closed-Leaf check-in: fe018289 user: stephan tags: style-css-revamp)
2020-05-18
12:32
Reverted [5abc0f6e7] because testing has shown the referrer to simply be too fragile and subject to browser-side whims (which also includes the option to send only the scheme and host, without the path, as the referrer, which breaks what that commit did). Now style.css supports both style.css/pagename and style.css?page=name, preferring the former, pending a decision on which one of those syntaxes the other devs prefer. ... (check-in: 45341a28 user: stephan tags: style-css-revamp)
03:38
Removed doc/help references to "overriding" CSS rules, as that no longer applies in this branch. ... (check-in: a21e2668 user: stephan tags: style-css-revamp)
Changes
Unified Diff Ignore Whitespace Patch
Changes to src/cgi.c. 
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494

  const char *zRef = P("referer");
  if( zRef==0 ){
    zRef = P("HTTP_REFERER");
    if( zRef==0 ) zRef = zDefault;
  }
  return zRef;
}

/*
** If cgi_referer(0) returns a non-0 AND the referrer is from the same
** fossil app path (i.e. the referrer's path starts with g.zTop), this
** function returns the first path element of the referring page, up
** to, but not including, the first slash. Thus if he refer[r]er is
** https://foo.com/fossil.cgi/foo/bar, this returns "foo". The
** returned memory is malloc'd and needs to be freed by the caller.
*/
char * cgi_referer_fossil_page_name(){
  UrlData url;
  char * zPage = 0;
  const char * zRef = cgi_referer(0);

  if(zRef==0) return 0;
  memset(&url, 0, sizeof(url));
  url_parse_local(zRef, 0, &url);
  if(url.path==strstr(url.path, g.zTop)){
    /* g.zTop is, e.g., /cgi-bin/fossil.cgi,
       url.path is, e.g., /cgi-bin/fossil.cgi/page/... */
    char * zSlash = 0;
    zPage = url.path + strlen(g.zTop);
    if('/' == zPage[0]){
      *zPage++ = 0;
      if((zSlash = strstr(zPage,"/"))!=0){
        *zSlash = 0;
      }
      zPage = mprintf("%s", zPage);
    }else{ /*unexpected result*/
      zPage = 0;
    }
  }
  url_cleanup(&url);
  return zPage;
}


/*
** Return true if the current request appears to be safe from a
** Cross-Site Request Forgery (CSRF) attack.  Conditions that must
** be met:
**
**    *   The HTTP_REFERER must have the same origin








<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<








445
446
447
448
449
450
451




































452
453
454
455
456
457
458

  const char *zRef = P("referer");
  if( zRef==0 ){
    zRef = P("HTTP_REFERER");
    if( zRef==0 ) zRef = zDefault;
  }
  return zRef;
}





































/*
** Return true if the current request appears to be safe from a
** Cross-Site Request Forgery (CSRF) attack.  Conditions that must
** be met:
**
**    *   The HTTP_REFERER must have the same origin
Changes to src/style.c. 
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091

** WEBPAGE: style.css
**
** Return the style sheet.
*/
void page_style_css(void){
  Blob css = empty_blob;
  int i;
  char *zPage = cgi_referer_fossil_page_name();

  cgi_set_content_type("text/css");
  /* Emit all default rules... */
  for(i=1; cssDefaultList[i].elementClass; i++){
    char *z = blob_str(&css);
    if( !containsSelector(z, cssDefaultList[i].elementClass) ){
      blob_appendf(&css, "%s {\n%s}\n",








|








1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091

** WEBPAGE: style.css
**
** Return the style sheet.
*/
void page_style_css(void){
  Blob css = empty_blob;
  int i;
  const char *zPage = PD("name",P("page"));

  cgi_set_content_type("text/css");
  /* Emit all default rules... */
  for(i=1; cssDefaultList[i].elementClass; i++){
    char *z = blob_str(&css);
    if( !containsSelector(z, cssDefaultList[i].elementClass) ){
      blob_appendf(&css, "%s {\n%s}\n",

1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129

        "\n/***********************************************************\n"
        "** End of page-specific CSS for page %s.\n"
        "***********************************************************/\n",
        zPage);
    }
    fossil_free(zFile);
  }
  fossil_free(zPage);
  blob_append(&css,
     "\n/***********************************************************\n"
     "** All CSS which follows is supplied by the repository \"skin\".\n"
     "***********************************************************/\n",
     -1);
  blob_append(&css,skin_get("css"),-1);









<








1115
1116
1117
1118
1119
1120
1121

1122
1123
1124
1125
1126
1127
1128

        "\n/***********************************************************\n"
        "** End of page-specific CSS for page %s.\n"
        "***********************************************************/\n",
        zPage);
    }
    fossil_free(zFile);
  }

  blob_append(&css,
     "\n/***********************************************************\n"
     "** All CSS which follows is supplied by the repository \"skin\".\n"
     "***********************************************************/\n",
     -1);
  blob_append(&css,skin_get("css"),-1);
Changes to src/url.c. 
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95

  unsigned flags;  /* Boolean flags controlling URL processing */
  int useProxy;    /* Used to remember that a proxy is in use */
  char *proxyUrlPath;
  int proxyOrigPort; /* Tunneled port number for https through proxy */
};
#endif /* INTERFACE */

/*
** Frees (almost) all (char*) members of pUrlData and zeroes out
** pUrlData. Results are undefined if pUrlData passed an uninitialized
** object.
*/
void url_cleanup(UrlData *pUrlData){
  fossil_free(pUrlData->user);
  fossil_free(pUrlData->passwd);
  if(pUrlData->hostname != pUrlData->name){
    fossil_free(pUrlData->name);
  }
  fossil_free(pUrlData->hostname);
  fossil_free(pUrlData->path);
  fossil_free(pUrlData->canonical);
  /* ??? fossil_free(pUrlData->proxyAuth); */
  /* ??? fossil_free(pUrlData->fossil); */
  /* ??? fossil_free(pUrlData->proxyUrlPath); */
  memset(pUrlData, 0, sizeof(*pUrlData));
}

/*
** Parse the given URL.  Populate members of the provided UrlData structure
** as follows:
**
**      isFile      True if FILE:
**      isHttps     True if HTTPS:








<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<








63
64
65
66
67
68
69



















70
71
72
73
74
75
76

  unsigned flags;  /* Boolean flags controlling URL processing */
  int useProxy;    /* Used to remember that a proxy is in use */
  char *proxyUrlPath;
  int proxyOrigPort; /* Tunneled port number for https through proxy */
};
#endif /* INTERFACE */





















/*
** Parse the given URL.  Populate members of the provided UrlData structure
** as follows:
**
**      isFile      True if FILE:
**      isHttps     True if HTTPS: