Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
Comment: | Update to make use of SAME_ORIGIN. |
---|---|
Downloads: | Tarball | ZIP archive |
Timelines: | family | ancestors | descendants | both | trunk |
Files: | files | file ages | folders |
SHA1: |
0280010860a25b02bd9d8c44b85c41b4 |
User & Date: | drh 2018-01-30 23:47:18.604 |
Context
2018-02-01
| ||
15:22 | Tweaks to the checklist.tcl script so that it passes --lint and to enable a timeout on the database connection. check-in: aae9b15e00 user: drh tags: trunk | |
2018-01-30
| ||
23:47 | Update to make use of SAME_ORIGIN. check-in: 0280010860 user: drh tags: trunk | |
20:39 | Add a warning to the login page if the client is not sending Referer headers. check-in: 1e0662e9e3 user: drh tags: trunk | |
Changes
Changes to checklist.tcl.
︙ | ︙ | |||
141 142 143 144 145 146 147 | if {[checklist-common-header]} return if {[string match https:* [wapp-param BASE_URL]]==0 && [wapp-param REMOTE_ADDR]!="127.0.0.1"} { wapp-subst {<p class="error">Login via HTTPS only</p>} checklist-common-footer return } | > > | > | 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 | if {[checklist-common-header]} return if {[string match https:* [wapp-param BASE_URL]]==0 && [wapp-param REMOTE_ADDR]!="127.0.0.1"} { wapp-subst {<p class="error">Login via HTTPS only</p>} checklist-common-footer return } if {[wapp-param SAME_ORIGIN] && [wapp-param-exists u] && [wapp-param-exists p] } { set u [wapp-param u] set p [wapp-param p] set px [db one {SELECT hex($p)}] set ok [db exists {SELECT 1 FROM config WHERE name=('user-'||$u) AND hex(value)=$px}] if {$ok} { |
︙ | ︙ | |||
333 334 335 336 337 338 339 340 341 342 343 344 345 346 | wapp-mimetype text/javascript wapp-cache-control max-age=86400 wapp { function cklistAjax(uri,data,callback){ var xhttp = new XMLHttpRequest(); xhttp.onreadystatechange = function(){ if(xhttp.readyState!=4) return var jx = JSON.parse(xhttp.responseText); callback(jx); } if(data){ xhttp.open("POST",uri,true); xhttp.setRequestHeader("Content-Type", "application/x-www-form-urlencoded"); | > | 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 | wapp-mimetype text/javascript wapp-cache-control max-age=86400 wapp { function cklistAjax(uri,data,callback){ var xhttp = new XMLHttpRequest(); xhttp.onreadystatechange = function(){ if(xhttp.readyState!=4) return if(!xhttp.responseText) return var jx = JSON.parse(xhttp.responseText); callback(jx); } if(data){ xhttp.open("POST",uri,true); xhttp.setRequestHeader("Content-Type", "application/x-www-form-urlencoded"); |
︙ | ︙ |