Fossil

Check-in [d28cb283]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:On the /test_env page, show the AUTH_CONTENT and AUTH_TYPE environment variables in "cookie" mode. - On second thought, better to not show these, since they can expose passwords on screen.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | security-risk
Files: files | file ages | folders
SHA3-256:d28cb283f3d753886f33d60417cb07ffef093feba870d664f2be4ef557a080d0
User & Date: drh 2017-07-03 11:26:11
Original Comment: On the /test_env page, show the AUTH_CONTENT and AUTH_TYPE environment variables in "cookie" mode.
Context
2017-07-03
13:48
On the server.wiki page, point to the source code comments that describe the various CGI options. Closed-Leaf check-in: d407e22f user: drh tags: security-risk
11:26
On the /test_env page, show the AUTH_CONTENT and AUTH_TYPE environment variables in "cookie" mode. - On second thought, better to not show these, since they can expose passwords on screen. check-in: d28cb283 user: drh tags: security-risk
09:31
Update changes.wiki. Some eol-spacing check-in: 86d4754a user: jan.nijtmans tags: trunk
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to src/style.c.

1620
1621
1622
1623
1624
1625
1626




1627
1628
1629
1630
1631
1632
1633
  if( i>0 ){
    @ anonymous-adds = %s(zCap)<br />
  }
  @ g.zRepositoryName = %h(g.zRepositoryName)<br />
  @ load_average() = %f(load_average())<br />
  @ <hr />
  P("HTTP_USER_AGENT");




  cgi_print_all(showAll);
  if( showAll && blob_size(&g.httpHeader)>0 ){
    @ <hr />
    @ <pre>
    @ %h(blob_str(&g.httpHeader))
    @ </pre>
  }







>
>
>
>







1620
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
1632
1633
1634
1635
1636
1637
  if( i>0 ){
    @ anonymous-adds = %s(zCap)<br />
  }
  @ g.zRepositoryName = %h(g.zRepositoryName)<br />
  @ load_average() = %f(load_average())<br />
  @ <hr />
  P("HTTP_USER_AGENT");
  if( showAll ){
    P("AUTH_CONTENT");
    P("AUTH_TYPE");
  }
  cgi_print_all(showAll);
  if( showAll && blob_size(&g.httpHeader)>0 ){
    @ <hr />
    @ <pre>
    @ %h(blob_str(&g.httpHeader))
    @ </pre>
  }