Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
Comment: | An HTTPS upgrade redirect loop now is broken and gives a warning. The "-nossl" is no longer the default on "fossil server". Warning messages are provided when trying to log in via an insecure connection. |
---|---|
Downloads: | Tarball | ZIP archive | SQL archive |
Timelines: | family | ancestors | descendants | both | trunk |
Files: | files | file ages | folders |
SHA3-256: |
61733824bbf5414725fb445f07733089 |
User & Date: | drh 2018-02-16 16:16:38 |
Context
2018-02-16
| ||
16:28 | Fix segfault when accessing the initial checkin directory on a fusefs mounted repository. ... (check-in: 55f6c765 user: drh tags: trunk) | |
16:16 | An HTTPS upgrade redirect loop now is broken and gives a warning. The "-nossl" is no longer the default on "fossil server". Warning messages are provided when trying to log in via an insecure connection. ... (check-in: 61733824 user: drh tags: trunk) | |
2018-02-13
| ||
22:26 | On the Fossil repository screen list that comes up with commands like "fossil all ui", show the last modification time of each repo, and allow sorting by mtime. ... (check-in: f2231ba6 user: drh tags: trunk) | |
Changes
Changes to src/login.c.
︙ | ︙ | |||
500 501 502 503 504 505 506 507 | char *zSha1Pw; const char *zIpAddr; /* IP address of requestor */ const char *zReferer; login_check_credentials(); if( login_wants_https_redirect() ){ const char *zQS = P("QUERY_STRING"); if( zQS==0 ){ | > > > > > > > > > > > > > > | | | 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 | char *zSha1Pw; const char *zIpAddr; /* IP address of requestor */ const char *zReferer; login_check_credentials(); if( login_wants_https_redirect() ){ const char *zQS = P("QUERY_STRING"); if( P("redir")!=0 || g.sslNotAvailable ){ style_header("Insecure Connection"); @ <h1>Unable To Establish An Encrypted Connection</h1> @ <p>This website requires that login credentials be sent over @ an encrypted connection. The current connection, however, is @ is not encrypted all the way from your browser to the server. @ A prior attempt was made to redirect to %h(g.zHttpsURL) but @ the connection is still insecure even after the redirect.</p> @ <p>This is probably some kind of configuration problem. Please @ contact your sysadmin.</p> @ <p>Sorry it didn't work out.</p> style_footer(); return; } if( zQS==0 ){ zQS = "?redir=1"; }else if( zQS[0]!=0 ){ zQS = mprintf("?%s&redir=1", zQS); } cgi_redirectf("%s%s%s", g.zHttpsURL, P("PATH_INFO"), zQS); return; } sqlite3_create_function(g.db, "constant_time_cmp", 2, SQLITE_UTF8, 0, constant_time_cmp_function, 0, 0); zUsername = P("u"); |
︙ | ︙ | |||
659 660 661 662 663 664 665 666 667 668 669 670 671 672 | @ <table class="login_out"> @ <tr> @ <td class="login_out_label">User ID:</td> if( anonFlag ){ @ <td><input type="text" id="u" name="u" value="anonymous" size="30" /></td> }else{ @ <td><input type="text" id="u" name="u" value="" size="30" /></td> } @ </tr> @ <tr> @ <td class="login_out_label">Password:</td> @ <td><input type="password" id="p" name="p" value="" size="30" /></td> @ </tr> if( g.zLogin==0 && (anonFlag || zGoto==0) ){ | > > > > > > > > > > > > > | 673 674 675 676 677 678 679 680 681 682 683 684 685 686 687 688 689 690 691 692 693 694 695 696 697 698 699 | @ <table class="login_out"> @ <tr> @ <td class="login_out_label">User ID:</td> if( anonFlag ){ @ <td><input type="text" id="u" name="u" value="anonymous" size="30" /></td> }else{ @ <td><input type="text" id="u" name="u" value="" size="30" /></td> } if( P("HTTPS")==0 ){ @ <td width="15"><td rowspan="3"> @ <p class='securityWarning'> @ Warning: Your password will be sent in the clear over an @ unencrypted connection. if( g.sslNotAvailable ){ @ No encrypted connection is available on this server. }else{ @ Consider logging in at @ <a href='%s(g.zHttpsURL)'>%h(g.zHttpsURL)</a> instead. } @ </p> } @ </tr> @ <tr> @ <td class="login_out_label">Password:</td> @ <td><input type="password" id="p" name="p" value="" size="30" /></td> @ </tr> if( g.zLogin==0 && (anonFlag || zGoto==0) ){ |
︙ | ︙ | |||
1335 1336 1337 1338 1339 1340 1341 | }else #endif /* FOSSIL_ENABLE_JSON */ { const char *zUrl = PD("REQUEST_URI", "index"); const char *zQS = P("QUERY_STRING"); Blob redir; blob_init(&redir, 0, 0); | | | 1362 1363 1364 1365 1366 1367 1368 1369 1370 1371 1372 1373 1374 1375 1376 | }else #endif /* FOSSIL_ENABLE_JSON */ { const char *zUrl = PD("REQUEST_URI", "index"); const char *zQS = P("QUERY_STRING"); Blob redir; blob_init(&redir, 0, 0); if( login_wants_https_redirect() && !g.sslNotAvailable ){ blob_appendf(&redir, "%s/login?g=%T", g.zHttpsURL, zUrl); }else{ blob_appendf(&redir, "%R/login?g=%T", zUrl); } if( anonOk ) blob_append(&redir, "&anon", 5); if( zQS && zQS[0] ){ blob_appendf(&redir, "&%s", zQS); |
︙ | ︙ |
Changes to src/main.c.
︙ | ︙ | |||
2498 2499 2500 2501 2502 2503 2504 | if( find_option("scgi", 0, 0)!=0 ) flags |= HTTP_SERVER_SCGI; if( zAltBase ){ set_base_url(zAltBase); } g.sslNotAvailable = find_option("nossl", 0, 0)!=0; if( find_option("https",0,0)!=0 ){ cgi_replace_parameter("HTTPS","on"); | < < < | 2498 2499 2500 2501 2502 2503 2504 2505 2506 2507 2508 2509 2510 2511 | if( find_option("scgi", 0, 0)!=0 ) flags |= HTTP_SERVER_SCGI; if( zAltBase ){ set_base_url(zAltBase); } g.sslNotAvailable = find_option("nossl", 0, 0)!=0; if( find_option("https",0,0)!=0 ){ cgi_replace_parameter("HTTPS","on"); } if( find_option("localhost", 0, 0)!=0 ){ flags |= HTTP_SERVER_LOCALHOST; } #if defined(_WIN32) && USE_SEE zPidKey = find_option("usepidkey", 0, 1); |
︙ | ︙ |