Checklist

Check-in [1e0662e9e3]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Add a warning to the login page if the client is not sending Referer headers.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: 1e0662e9e382308ac852da768d269904b8c27011
User & Date: drh 2018-01-30 20:39:28
Context
2018-01-30
23:47
Update to make use of SAME_ORIGIN. check-in: 0280010860 user: drh tags: trunk
20:39
Add a warning to the login page if the client is not sending Referer headers. check-in: 1e0662e9e3 user: drh tags: trunk
19:09
Omit all use of the global ::wapp dict check-in: 7b0c5b9f45 user: drh tags: trunk
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to checklist.tcl.

154
155
156
157
158
159
160










161
162
163
164
165
166
167
...
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
...
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
                          AND hex(value)=$px}]
    if {$ok} {
      wapp-set-cookie checklist-login $u,$px
      wapp-redirect index
      return
    }
    wapp-subst {<p class='error'>Invalid username or password</p>\n}










  }
  wapp-trim {
    <form method='POST' action='login'>
    <table border="0">
    <tr><td align='right'>Login:&nbsp;</td>
        <td><input type='text' name='u' width='20'></td></tr>
    <tr><td align='right'>Password:&nbsp;</td>
................................................................................
    }
  }
  while {$level>0} {
    wapp-subst {</ol>\n}
    incr level -1
  }

  # Render the edit dialog box.  CSS sets display: none on this so that
  # it does not appear.  Javascript will turn it on and position it on
  # the correct element following any click on the checklist.
  #
  if {![wapp-param WRITE 0]} {
    wapp-trim {
      <div id="editBox">
      <form id="editForm" method="POST">
................................................................................
      </table>
      </form>
      </div>
    }
  }
    
  # The cklistUser object is JSON that contains information about the
  # login user and the capabilities of the login user, which is the
  # javascript code needs to know in order to activate various features.
  #
  wapp-subst {<script id='cklistUser' type='application/json'>}
  if {![wapp-param CKLIST_WRITE]} {
    wapp-subst {{"user":"","canWrite":0,"isAdmin":0}}
  } else {
    set u [wapp-param CKLIST_USER]







>
>
>
>
>
>
>
>
>
>







 







|







 







|







154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
...
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
...
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
                          AND hex(value)=$px}]
    if {$ok} {
      wapp-set-cookie checklist-login $u,$px
      wapp-redirect index
      return
    }
    wapp-subst {<p class='error'>Invalid username or password</p>\n}
  }
  if {![wapp-param-exists HTTP_REFERER]} {
    wapp-trim {
       <h2>Warning: No "Referer" header</h2>
       <p> As a defense against cross-site request forgeries, this website
       ignores all POST requests that omit the "Referer:" from the header.
       The request that resulted in this page has no "Referer:" entry 
       in the header.
       So, unless something changes, you won't be able to log in.</p>
    }
  }
  wapp-trim {
    <form method='POST' action='login'>
    <table border="0">
    <tr><td align='right'>Login:&nbsp;</td>
        <td><input type='text' name='u' width='20'></td></tr>
    <tr><td align='right'>Password:&nbsp;</td>
................................................................................
    }
  }
  while {$level>0} {
    wapp-subst {</ol>\n}
    incr level -1
  }

  # Render the edit dialog box. CSS sets "display: none;" on this so that
  # it does not appear.  Javascript will turn it on and position it on
  # the correct element following any click on the checklist.
  #
  if {![wapp-param WRITE 0]} {
    wapp-trim {
      <div id="editBox">
      <form id="editForm" method="POST">
................................................................................
      </table>
      </form>
      </div>
    }
  }
    
  # The cklistUser object is JSON that contains information about the
  # login user and the capabilities of the login user, which the
  # javascript code needs to know in order to activate various features.
  #
  wapp-subst {<script id='cklistUser' type='application/json'>}
  if {![wapp-param CKLIST_WRITE]} {
    wapp-subst {{"user":"","canWrite":0,"isAdmin":0}}
  } else {
    set u [wapp-param CKLIST_USER]