Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | Fix an XSS issue with the /help webpage. |
|---|---|
| Downloads: | Tarball | ZIP archive | SQL archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA3-256: |
db482f1675d5d084ab7f637582256ab7 |
| User & Date: | drh 2017-05-12 16:22:54 |
Context
|
2017-05-12
| ||
| 18:22 | (cherry-pick): Fix an XSS issue with the /help webpage. Change a few %s format letters into %h ... (check-in: f1a7360e user: jan.nijtmans tags: branch-2.2) | |
| 17:22 | Change a few %s format letters into %h. ... (check-in: 8e27a5a0 user: drh tags: trunk) | |
| 16:22 | Fix an XSS issue with the /help webpage. ... (check-in: db482f16 user: drh tags: trunk) | |
| 15:11 | In the "fossil info -v" command, sort the access-url and check-out fields by date, not by name. ... (check-in: 12ab581f user: drh tags: trunk) | |
Changes
Changes to src/dispatch.c.
| ︙ | ︙ | |||
241 242 243 244 245 246 247 |
style_header("Help: %s", zCmd);
style_submenu_element("Command-List", "%s/help", g.zTop);
if( *zCmd=='/' ){
/* Some of the webpages require query parameters in order to work.
** @ <h1>The "<a href='%R%s(zCmd)'>%s(zCmd)</a>" page:</h1> */
| | | | | | | 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 |
style_header("Help: %s", zCmd);
style_submenu_element("Command-List", "%s/help", g.zTop);
if( *zCmd=='/' ){
/* Some of the webpages require query parameters in order to work.
** @ <h1>The "<a href='%R%s(zCmd)'>%s(zCmd)</a>" page:</h1> */
@ <h1>The "%h(zCmd)" page:</h1>
}else{
@ <h1>The "%h(zCmd)" command:</h1>
}
rc = dispatch_name_search(zCmd, CMDFLAG_ANY, &pCmd);
if( rc==1 ){
@ unknown command: %h(zCmd)
}else if( rc==2 ){
@ ambiguous command prefix: %h(zCmd)
}else{
if( pCmd->zHelp[0]==0 ){
@ no help available for the %h(pCmd->zName) command
}else{
@ <blockquote>
help_to_html(pCmd->zHelp, cgi_output_blob());
@ </blockquote>
}
}
}else{
|
| ︙ | ︙ |