Fossil

Check-in [5c0bb964]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Provide a scary warning about the use of TH1 docs on the Security Audit page.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: 5c0bb964cdf0e1a34d41b4b06d1abe1ea795eedc0d41f5dc19b1254ed5ae267d
User & Date: drh 2020-02-12 17:03:20
Context
2020-02-12
18:38
Improvements to the "embedded documentation" documentation. (check-in: c5d9ca67 user: drh tags: trunk)
17:03
Provide a scary warning about the use of TH1 docs on the Security Audit page. (check-in: 5c0bb964 user: drh tags: trunk)
16:35
Change the special $SELF substitution used by Markdown and HTML embedded documentation into $CURRENT. See the forum discussion for details. (check-in: 45427ae1 user: drh tags: trunk)
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to src/security_audit.c.

216
217
218
219
220
221
222





























223
224
225
226
227
228
229
    @ Sensitive material such as login passwords can be sent over an
    @ unencrypted connection.
    @ <p>Fix this by changing the "Redirect to HTTPS" setting on the
    @ <a href="setup_access">Access Control</a> page. If you were using
    @ the old "Redirect to HTTPS on Login Page" setting, switch to the
    @ new setting: it has a more secure implementation.
  }






























  /* Anonymous users should not be able to harvest email addresses
  ** from tickets.
  */
  if( hasAnyCap(zAnonCap, "e") ){
    @ <li><p><b>WARNING:</b>
    @ Anonymous users can view email addresses and other personally







>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>







216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
    @ Sensitive material such as login passwords can be sent over an
    @ unencrypted connection.
    @ <p>Fix this by changing the "Redirect to HTTPS" setting on the
    @ <a href="setup_access">Access Control</a> page. If you were using
    @ the old "Redirect to HTTPS on Login Page" setting, switch to the
    @ new setting: it has a more secure implementation.
  }

#ifdef FOSSIL_ENABLE_TH1_DOCS
  /* The use of embedded TH1 is dangerous.  Warn if it is possible.
  */
  if( !Th_AreDocsEnabled() ){
    @ <li><p>
    @ This server is compiled with -DFOSSIL_ENABLE_TH1_DOCS. TH1 docs
    @ are disabled for this particular repository, so you are safe for
    @ now.  However, to prevent future problems caused by accidentally
    @ enabling TH1 docs in the future, it is recommended that you
    @ recompile Fossil without the -DFOSSIL_ENABLE_TH1_DOCS flag.</p>
  }else{
    @ <li><p><b>DANGER:</b>
    @ This server is compiled with -DFOSSIL_ENABLE_TH1_DOCS and TH1 docs
    @ are enabled for this repository.  Anyone who can check-in or push
    @ to this repository can create a malicious TH1 script and then cause
    @ that script to be run on the server. This is a serious security concern.
    @ TH1 docs should only be enabled for repositories with a very limited
    @ number of trusted committers, and the repository should be monitored
    @ closely to ensure no hostile content sneaks in.  If a bad TH1 script
    @ does make it into the repository, the only want to prevent it from
    @ being run is to shun it.</p>
    @
    @ <p>Disable TH1 docs by recompiling Fossil without the
    @ -DFOSSIL_ENABLE_TH1_DOCS flag, and/or clear the th1-docs setting
    @ and ensure that the TH1_ENABLE_DOCS environment variable does not
    @ exist in the environment.</p>
  }
#endif

  /* Anonymous users should not be able to harvest email addresses
  ** from tickets.
  */
  if( hasAnyCap(zAnonCap, "e") ){
    @ <li><p><b>WARNING:</b>
    @ Anonymous users can view email addresses and other personally