Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
Comment: | Add a warning to the login page if the client is not sending Referer headers. |
---|---|
Downloads: | Tarball | ZIP archive |
Timelines: | family | ancestors | descendants | both | trunk |
Files: | files | file ages | folders |
SHA1: |
1e0662e9e382308ac852da768d269904 |
User & Date: | drh 2018-01-30 20:39:28.849 |
Context
2018-01-30
| ||
23:47 | Update to make use of SAME_ORIGIN. check-in: 0280010860 user: drh tags: trunk | |
20:39 | Add a warning to the login page if the client is not sending Referer headers. check-in: 1e0662e9e3 user: drh tags: trunk | |
19:09 | Omit all use of the global ::wapp dict check-in: 7b0c5b9f45 user: drh tags: trunk | |
Changes
Changes to checklist.tcl.
︙ | ︙ | |||
154 155 156 157 158 159 160 161 162 163 164 165 166 167 | AND hex(value)=$px}] if {$ok} { wapp-set-cookie checklist-login $u,$px wapp-redirect index return } wapp-subst {<p class='error'>Invalid username or password</p>\n} } wapp-trim { <form method='POST' action='login'> <table border="0"> <tr><td align='right'>Login: </td> <td><input type='text' name='u' width='20'></td></tr> <tr><td align='right'>Password: </td> | > > > > > > > > > > | 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 | AND hex(value)=$px}] if {$ok} { wapp-set-cookie checklist-login $u,$px wapp-redirect index return } wapp-subst {<p class='error'>Invalid username or password</p>\n} } if {![wapp-param-exists HTTP_REFERER]} { wapp-trim { <h2>Warning: No "Referer" header</h2> <p> As a defense against cross-site request forgeries, this website ignores all POST requests that omit the "Referer:" from the header. The request that resulted in this page has no "Referer:" entry in the header. So, unless something changes, you won't be able to log in.</p> } } wapp-trim { <form method='POST' action='login'> <table border="0"> <tr><td align='right'>Login: </td> <td><input type='text' name='u' width='20'></td></tr> <tr><td align='right'>Password: </td> |
︙ | ︙ | |||
227 228 229 230 231 232 233 | } } while {$level>0} { wapp-subst {</ol>\n} incr level -1 } | | | 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 | } } while {$level>0} { wapp-subst {</ol>\n} incr level -1 } # Render the edit dialog box. CSS sets "display: none;" on this so that # it does not appear. Javascript will turn it on and position it on # the correct element following any click on the checklist. # if {![wapp-param WRITE 0]} { wapp-trim { <div id="editBox"> <form id="editForm" method="POST"> |
︙ | ︙ | |||
261 262 263 264 265 266 267 | </table> </form> </div> } } # The cklistUser object is JSON that contains information about the | | | 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 | </table> </form> </div> } } # The cklistUser object is JSON that contains information about the # login user and the capabilities of the login user, which the # javascript code needs to know in order to activate various features. # wapp-subst {<script id='cklistUser' type='application/json'>} if {![wapp-param CKLIST_WRITE]} { wapp-subst {{"user":"","canWrite":0,"isAdmin":0}} } else { set u [wapp-param CKLIST_USER] |
︙ | ︙ |