Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | Reverted [5abc0f6e7] because testing has shown the referrer to simply be too fragile and subject to browser-side whims (which also includes the option to send only the scheme and host, without the path, as the referrer, which breaks what that commit did). Now style.css supports both style.css/pagename and style.css?page=name, preferring the former, pending a decision on which one of those syntaxes the other devs prefer. |
|---|---|
| Downloads: | Tarball | ZIP archive | SQL archive |
| Timelines: | family | ancestors | descendants | both | style-css-revamp |
| Files: | files | file ages | folders |
| SHA3-256: |
45341a2869324d1c57d3f5ca8ef5d987 |
| User & Date: | stephan 2020-05-18 12:32:47 |
Context
|
2020-05-26
| ||
| 06:47 | merged in trunk. (Closed-Leaf check-in: fe018289 user: stephan tags: style-css-revamp) | |
|
2020-05-18
| ||
| 12:32 | Reverted [5abc0f6e7] because testing has shown the referrer to simply be too fragile and subject to browser-side whims (which also includes the option to send only the scheme and host, without the path, as the referrer, which breaks what that commit did). Now style.css supports both style.css/pagename and style.css?page=name, preferring the former, pending a decision on which one of those syntaxes the other devs prefer. (check-in: 45341a28 user: stephan tags: style-css-revamp) | |
| 03:38 | Removed doc/help references to "overriding" CSS rules, as that no longer applies in this branch. (check-in: a21e2668 user: stephan tags: style-css-revamp) | |
Changes
Changes to src/cgi.c.
445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 |
const char *zRef = P("referer");
if( zRef==0 ){
zRef = P("HTTP_REFERER");
if( zRef==0 ) zRef = zDefault;
}
return zRef;
}
/*
** If cgi_referer(0) returns a non-0 AND the referrer is from the same
** fossil app path (i.e. the referrer's path starts with g.zTop), this
** function returns the first path element of the referring page, up
** to, but not including, the first slash. Thus if he refer[r]er is
** https://foo.com/fossil.cgi/foo/bar, this returns "foo". The
** returned memory is malloc'd and needs to be freed by the caller.
*/
char * cgi_referer_fossil_page_name(){
UrlData url;
char * zPage = 0;
const char * zRef = cgi_referer(0);
if(zRef==0) return 0;
memset(&url, 0, sizeof(url));
url_parse_local(zRef, 0, &url);
if(url.path==strstr(url.path, g.zTop)){
/* g.zTop is, e.g., /cgi-bin/fossil.cgi,
url.path is, e.g., /cgi-bin/fossil.cgi/page/... */
char * zSlash = 0;
zPage = url.path + strlen(g.zTop);
if('/' == zPage[0]){
*zPage++ = 0;
if((zSlash = strstr(zPage,"/"))!=0){
*zSlash = 0;
}
zPage = mprintf("%s", zPage);
}else{ /*unexpected result*/
zPage = 0;
}
}
url_cleanup(&url);
return zPage;
}
/*
** Return true if the current request appears to be safe from a
** Cross-Site Request Forgery (CSRF) attack. Conditions that must
** be met:
**
** * The HTTP_REFERER must have the same origin
|
< < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < |
445 446 447 448 449 450 451 452 453 454 455 456 457 458 |
const char *zRef = P("referer");
if( zRef==0 ){
zRef = P("HTTP_REFERER");
if( zRef==0 ) zRef = zDefault;
}
return zRef;
}
/*
** Return true if the current request appears to be safe from a
** Cross-Site Request Forgery (CSRF) attack. Conditions that must
** be met:
**
** * The HTTP_REFERER must have the same origin
|
Changes to src/style.c.
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
....
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
|
** WEBPAGE: style.css
**
** Return the style sheet.
*/
void page_style_css(void){
Blob css = empty_blob;
int i;
char *zPage = cgi_referer_fossil_page_name();
cgi_set_content_type("text/css");
/* Emit all default rules... */
for(i=1; cssDefaultList[i].elementClass; i++){
char *z = blob_str(&css);
if( !containsSelector(z, cssDefaultList[i].elementClass) ){
blob_appendf(&css, "%s {\n%s}\n",
................................................................................
"\n/***********************************************************\n"
"** End of page-specific CSS for page %s.\n"
"***********************************************************/\n",
zPage);
}
fossil_free(zFile);
}
fossil_free(zPage);
blob_append(&css,
"\n/***********************************************************\n"
"** All CSS which follows is supplied by the repository \"skin\".\n"
"***********************************************************/\n",
-1);
blob_append(&css,skin_get("css"),-1);
|
|
<
|
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
....
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
|
** WEBPAGE: style.css
**
** Return the style sheet.
*/
void page_style_css(void){
Blob css = empty_blob;
int i;
const char *zPage = PD("name",P("page"));
cgi_set_content_type("text/css");
/* Emit all default rules... */
for(i=1; cssDefaultList[i].elementClass; i++){
char *z = blob_str(&css);
if( !containsSelector(z, cssDefaultList[i].elementClass) ){
blob_appendf(&css, "%s {\n%s}\n",
................................................................................
"\n/***********************************************************\n"
"** End of page-specific CSS for page %s.\n"
"***********************************************************/\n",
zPage);
}
fossil_free(zFile);
}
blob_append(&css,
"\n/***********************************************************\n"
"** All CSS which follows is supplied by the repository \"skin\".\n"
"***********************************************************/\n",
-1);
blob_append(&css,skin_get("css"),-1);
|
Changes to src/url.c.
63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 |
unsigned flags; /* Boolean flags controlling URL processing */ int useProxy; /* Used to remember that a proxy is in use */ char *proxyUrlPath; int proxyOrigPort; /* Tunneled port number for https through proxy */ }; #endif /* INTERFACE */ /* ** Frees (almost) all (char*) members of pUrlData and zeroes out ** pUrlData. Results are undefined if pUrlData passed an uninitialized ** object. */ void url_cleanup(UrlData *pUrlData){ fossil_free(pUrlData->user); fossil_free(pUrlData->passwd); if(pUrlData->hostname != pUrlData->name){ fossil_free(pUrlData->name); } fossil_free(pUrlData->hostname); fossil_free(pUrlData->path); fossil_free(pUrlData->canonical); /* ??? fossil_free(pUrlData->proxyAuth); */ /* ??? fossil_free(pUrlData->fossil); */ /* ??? fossil_free(pUrlData->proxyUrlPath); */ memset(pUrlData, 0, sizeof(*pUrlData)); } /* ** Parse the given URL. Populate members of the provided UrlData structure ** as follows: ** ** isFile True if FILE: ** isHttps True if HTTPS: |
< < < < < < < < < < < < < < < < < < < |
63 64 65 66 67 68 69 70 71 72 73 74 75 76 |
unsigned flags; /* Boolean flags controlling URL processing */ int useProxy; /* Used to remember that a proxy is in use */ char *proxyUrlPath; int proxyOrigPort; /* Tunneled port number for https through proxy */ }; #endif /* INTERFACE */ /* ** Parse the given URL. Populate members of the provided UrlData structure ** as follows: ** ** isFile True if FILE: ** isHttps True if HTTPS: |