Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | Add a warning to the login page if the client is not sending Referer headers. |
|---|---|
| Downloads: | Tarball | ZIP archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA1: |
1e0662e9e382308ac852da768d269904 |
| User & Date: | drh 2018-01-30 20:39:28.849 |
Context
|
2018-01-30
| ||
| 23:47 | Update to make use of SAME_ORIGIN. check-in: 0280010860 user: drh tags: trunk | |
| 20:39 | Add a warning to the login page if the client is not sending Referer headers. check-in: 1e0662e9e3 user: drh tags: trunk | |
| 19:09 | Omit all use of the global ::wapp dict check-in: 7b0c5b9f45 user: drh tags: trunk | |
Changes
Changes to checklist.tcl.
| ︙ | ︙ | |||
154 155 156 157 158 159 160 161 162 163 164 165 166 167 |
AND hex(value)=$px}]
if {$ok} {
wapp-set-cookie checklist-login $u,$px
wapp-redirect index
return
}
wapp-subst {<p class='error'>Invalid username or password</p>\n}
}
wapp-trim {
<form method='POST' action='login'>
<table border="0">
<tr><td align='right'>Login: </td>
<td><input type='text' name='u' width='20'></td></tr>
<tr><td align='right'>Password: </td>
| > > > > > > > > > > | 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 |
AND hex(value)=$px}]
if {$ok} {
wapp-set-cookie checklist-login $u,$px
wapp-redirect index
return
}
wapp-subst {<p class='error'>Invalid username or password</p>\n}
}
if {![wapp-param-exists HTTP_REFERER]} {
wapp-trim {
<h2>Warning: No "Referer" header</h2>
<p> As a defense against cross-site request forgeries, this website
ignores all POST requests that omit the "Referer:" from the header.
The request that resulted in this page has no "Referer:" entry
in the header.
So, unless something changes, you won't be able to log in.</p>
}
}
wapp-trim {
<form method='POST' action='login'>
<table border="0">
<tr><td align='right'>Login: </td>
<td><input type='text' name='u' width='20'></td></tr>
<tr><td align='right'>Password: </td>
|
| ︙ | ︙ | |||
227 228 229 230 231 232 233 |
}
}
while {$level>0} {
wapp-subst {</ol>\n}
incr level -1
}
| | | 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 |
}
}
while {$level>0} {
wapp-subst {</ol>\n}
incr level -1
}
# Render the edit dialog box. CSS sets "display: none;" on this so that
# it does not appear. Javascript will turn it on and position it on
# the correct element following any click on the checklist.
#
if {![wapp-param WRITE 0]} {
wapp-trim {
<div id="editBox">
<form id="editForm" method="POST">
|
| ︙ | ︙ | |||
261 262 263 264 265 266 267 |
</table>
</form>
</div>
}
}
# The cklistUser object is JSON that contains information about the
| | | 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 |
</table>
</form>
</div>
}
}
# The cklistUser object is JSON that contains information about the
# login user and the capabilities of the login user, which the
# javascript code needs to know in order to activate various features.
#
wapp-subst {<script id='cklistUser' type='application/json'>}
if {![wapp-param CKLIST_WRITE]} {
wapp-subst {{"user":"","canWrite":0,"isAdmin":0}}
} else {
set u [wapp-param CKLIST_USER]
|
| ︙ | ︙ |