Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
Comment: | Fix an XSS issue with the /help webpage. |
---|---|
Downloads: | Tarball | ZIP archive | SQL archive |
Timelines: | family | ancestors | descendants | both | trunk |
Files: | files | file ages | folders |
SHA3-256: |
db482f1675d5d084ab7f637582256ab7 |
User & Date: | drh 2017-05-12 16:22:54 |
Context
2017-05-12
| ||
18:22 | (cherry-pick): Fix an XSS issue with the /help webpage. Change a few %s format letters into %h ... (check-in: f1a7360e user: jan.nijtmans tags: branch-2.2) | |
17:22 | Change a few %s format letters into %h. ... (check-in: 8e27a5a0 user: drh tags: trunk) | |
16:22 | Fix an XSS issue with the /help webpage. ... (check-in: db482f16 user: drh tags: trunk) | |
15:11 | In the "fossil info -v" command, sort the access-url and check-out fields by date, not by name. ... (check-in: 12ab581f user: drh tags: trunk) | |
Changes
Changes to src/dispatch.c.
︙ | ︙ | |||
241 242 243 244 245 246 247 | style_header("Help: %s", zCmd); style_submenu_element("Command-List", "%s/help", g.zTop); if( *zCmd=='/' ){ /* Some of the webpages require query parameters in order to work. ** @ <h1>The "<a href='%R%s(zCmd)'>%s(zCmd)</a>" page:</h1> */ | | | | | | | 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 | style_header("Help: %s", zCmd); style_submenu_element("Command-List", "%s/help", g.zTop); if( *zCmd=='/' ){ /* Some of the webpages require query parameters in order to work. ** @ <h1>The "<a href='%R%s(zCmd)'>%s(zCmd)</a>" page:</h1> */ @ <h1>The "%h(zCmd)" page:</h1> }else{ @ <h1>The "%h(zCmd)" command:</h1> } rc = dispatch_name_search(zCmd, CMDFLAG_ANY, &pCmd); if( rc==1 ){ @ unknown command: %h(zCmd) }else if( rc==2 ){ @ ambiguous command prefix: %h(zCmd) }else{ if( pCmd->zHelp[0]==0 ){ @ no help available for the %h(pCmd->zName) command }else{ @ <blockquote> help_to_html(pCmd->zHelp, cgi_output_blob()); @ </blockquote> } } }else{ |
︙ | ︙ |