Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | Defend against undefined values in query parameters in the cgi_check_for_malice() routine. |
|---|---|
| Downloads: | Tarball | ZIP archive | SQL archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA3-256: |
08df33aa4cae9f3a476ae50a6b6dc2fc |
| User & Date: | drh 2024-04-09 17:38:01 |
Context
|
2024-04-10
| ||
| 11:31 | When preparing a pattern for FTS search, if the pattern is empty convert it into a double-quoted empty string, to avoid FTS5 errors. ... (check-in: 5bb323ff user: drh tags: trunk) | |
|
2024-04-09
| ||
| 17:38 | Defend against undefined values in query parameters in the cgi_check_for_malice() routine. ... (check-in: 08df33aa user: drh tags: trunk) | |
|
2024-04-08
| ||
| 12:40 | Update the built-in SQLite to the latest version from trunk, for SQLite testing. ... (check-in: e9d8c04c user: drh tags: trunk) | |
Changes
Changes to src/cgi.c.
| ︙ | ︙ | |||
2772 2773 2774 2775 2776 2777 2778 |
** implementation as possible, ideally just before it begins doing
** potentially CPU-intensive computations and after all query parameters
** have been consulted.
*/
void cgi_check_for_malice(void){
struct QParam * pParam;
int i;
| | | > > | > | 2772 2773 2774 2775 2776 2777 2778 2779 2780 2781 2782 2783 2784 2785 2786 2787 2788 2789 |
** implementation as possible, ideally just before it begins doing
** potentially CPU-intensive computations and after all query parameters
** have been consulted.
*/
void cgi_check_for_malice(void){
struct QParam * pParam;
int i;
for(i=0; i<nUsedQP; ++i){
pParam = &aParamQP[i];
if( 0==pParam->isFetched
&& pParam->zValue!=0
&& pParam->zName!=0
&& fossil_islower(pParam->zName[0])
){
cgi_value_spider_check(pParam->zValue, pParam->zName);
}
}
}
|