/* ** Copyright (c) 2006,2007 D. Richard Hipp ** ** This program is free software; you can redistribute it and/or ** modify it under the terms of the Simplified BSD License (also ** known as the "2-Clause License" or "FreeBSD License".) ** This program is distributed in the hope that it will be useful, ** but without any warranty; without even the implied warranty of ** merchantability or fitness for a particular purpose. ** ** Author contact information: ** drh@hwaci.com ** http://www.hwaci.com/drh/ ** ******************************************************************************* ** ** This file contains code to implement the basic web page look and feel. ** */ #include "VERSION.h" #include "config.h" #include "style.h" /* ** Elements of the submenu are collected into the following ** structure and displayed below the main menu. ** ** Populate these structure with calls to ** ** style_submenu_element() ** style_submenu_entry() ** style_submenu_checkbox() ** style_submenu_binary() ** style_submenu_multichoice() ** style_submenu_sql() ** ** prior to calling style_footer(). The style_footer() routine ** will generate the appropriate HTML text just below the main ** menu. */ static struct Submenu { const char *zLabel; /* Button label */ const char *zLink; /* Jump to this link when button is pressed */ } aSubmenu[30]; static int nSubmenu = 0; /* Number of buttons */ static struct SubmenuCtrl { const char *zName; /* Form query parameter */ const char *zLabel; /* Label. Might be NULL for FF_MULTI */ unsigned char eType; /* FF_ENTRY, FF_MULTI, FF_CHECKBOX */ unsigned char eVisible; /* STYLE_NORMAL or STYLE_DISABLED */ short int iSize; /* Width for FF_ENTRY. Count for FF_MULTI */ const char *const *azChoice; /* value/display pairs for FF_MULTI */ const char *zFalse; /* FF_BINARY label when false */ const char *zJS; /* Javascript to run on toggle */ } aSubmenuCtrl[20]; static int nSubmenuCtrl = 0; #define FF_ENTRY 1 /* Text entry box */ #define FF_MULTI 2 /* Combobox. Multiple choices. */ #define FF_BINARY 3 /* Control for binary query parameter */ #define FF_CHECKBOX 4 /* Check-box */ #if INTERFACE #define STYLE_NORMAL 0 /* Normal display of control */ #define STYLE_DISABLED 1 /* Control is disabled */ #endif /* INTERFACE */ /* ** Remember that the header has been generated. The footer is omitted ** if an error occurs before the header. */ static int headerHasBeenGenerated = 0; /* ** remember, if a sidebox was used */ static int sideboxUsed = 0; /* ** Ad-unit styles. */ static unsigned adUnitFlags = 0; /* ** Flags for various javascript files needed prior to </body> */ static int needHrefJs = 0; /* href.js */ static int needSortJs = 0; /* sorttable.js */ static int needGraphJs = 0; /* graph.js */ /* ** Extra JS added to the end of the file. */ static Blob blobOnLoad = BLOB_INITIALIZER; /* ** Generate and return a anchor tag like this: ** ** <a href="URL"> ** or <a id="ID"> ** ** The form of the anchor tag is determined by the g.javascriptHyperlink ** variable. The href="URL" form is used if g.javascriptHyperlink is false. ** If g.javascriptHyperlink is true then the ** id="ID" form is used and javascript is generated in the footer to cause ** href values to be inserted after the page has loaded. If ** g.perm.History is false, then the <a id="ID"> form is still ** generated but the javascript is not generated so the links never ** activate. ** ** If the user lacks the Hyperlink (h) property and the "auto-hyperlink" ** setting is true, then g.perm.Hyperlink is changed from 0 to 1 and ** g.javascriptHyperlink is set to 1. The g.javascriptHyperlink defaults ** to 0 and only changes to one if the user lacks the Hyperlink (h) property ** and the "auto-hyperlink" setting is enabled. ** ** Filling in the href="URL" using javascript is a defense against bots. ** ** The name of this routine is deliberately kept short so that can be ** easily used within @-lines. Example: ** ** @ %z(href("%R/artifact/%s",zUuid))%h(zFN)</a> ** ** Note %z format. The string returned by this function is always ** obtained from fossil_malloc() so rendering it with %z will reclaim ** that memory space. ** ** There are three versions of this routine: ** ** (1) href() does a plain hyperlink ** (2) xhref() adds extra attribute text ** (3) chref() adds a class name ** ** g.perm.Hyperlink is true if the user has the Hyperlink (h) property. ** Most logged in users should have this property, since we can assume ** that a logged in user is not a bot. Only "nobody" lacks g.perm.Hyperlink, ** typically. */ char *xhref(const char *zExtra, const char *zFormat, ...){ char *zUrl; va_list ap; va_start(ap, zFormat); zUrl = vmprintf(zFormat, ap); va_end(ap); if( g.perm.Hyperlink && !g.javascriptHyperlink ){ char *zHUrl = mprintf("<a %s href=\"%h\">", zExtra, zUrl); fossil_free(zUrl); return zHUrl; } needHrefJs = 1; return mprintf("<a %s data-href='%z' href='%R/honeypot'>", zExtra, zUrl); } char *chref(const char *zExtra, const char *zFormat, ...){ char *zUrl; va_list ap; va_start(ap, zFormat); zUrl = vmprintf(zFormat, ap); va_end(ap); if( g.perm.Hyperlink && !g.javascriptHyperlink ){ char *zHUrl = mprintf("<a class=\"%s\" href=\"%h\">", zExtra, zUrl); fossil_free(zUrl); return zHUrl; } needHrefJs = 1; return mprintf("<a class='%s' data-href='%z' href='%R/honeypot'>", zExtra, zUrl); } char *href(const char *zFormat, ...){ char *zUrl; va_list ap; va_start(ap, zFormat); zUrl = vmprintf(zFormat, ap); va_end(ap); if( g.perm.Hyperlink && !g.javascriptHyperlink ){ char *zHUrl = mprintf("<a href=\"%h\">", zUrl); fossil_free(zUrl); return zHUrl; } needHrefJs = 1; return mprintf("<a data-href='%s' href='%R/honeypot'>", zUrl); } /* ** Generate <form method="post" action=ARG>. The ARG value is inserted ** by javascript. */ void form_begin(const char *zOtherArgs, const char *zAction, ...){ char *zLink; va_list ap; if( zOtherArgs==0 ) zOtherArgs = ""; va_start(ap, zAction); zLink = vmprintf(zAction, ap); va_end(ap); if( g.perm.Hyperlink && !g.javascriptHyperlink ){ @ <form method="POST" action="%z(zLink)" %s(zOtherArgs)> }else{ needHrefJs = 1; @ <form method="POST" data-action='%s(zLink)' action='%R/login' \ @ %s(zOtherArgs)> } } /* ** Add a new element to the submenu */ void style_submenu_element( const char *zLabel, const char *zLink, ... ){ va_list ap; assert( nSubmenu < count(aSubmenu) ); aSubmenu[nSubmenu].zLabel = zLabel; va_start(ap, zLink); aSubmenu[nSubmenu].zLink = vmprintf(zLink, ap); va_end(ap); nSubmenu++; } void style_submenu_entry( const char *zName, /* Query parameter name */ const char *zLabel, /* Label before the entry box */ int iSize, /* Size of the entry box */ int eVisible /* Visible or disabled */ ){ assert( nSubmenuCtrl < count(aSubmenuCtrl) ); aSubmenuCtrl[nSubmenuCtrl].zName = zName; aSubmenuCtrl[nSubmenuCtrl].zLabel = zLabel; aSubmenuCtrl[nSubmenuCtrl].iSize = iSize; aSubmenuCtrl[nSubmenuCtrl].eVisible = eVisible; aSubmenuCtrl[nSubmenuCtrl].eType = FF_ENTRY; nSubmenuCtrl++; } void style_submenu_checkbox( const char *zName, /* Query parameter name */ const char *zLabel, /* Label to display after the checkbox */ int eVisible, /* Visible or disabled */ const char *zJS /* Optional javascript to run on toggle */ ){ assert( nSubmenuCtrl < count(aSubmenuCtrl) ); aSubmenuCtrl[nSubmenuCtrl].zName = zName; aSubmenuCtrl[nSubmenuCtrl].zLabel = zLabel; aSubmenuCtrl[nSubmenuCtrl].eVisible = eVisible; aSubmenuCtrl[nSubmenuCtrl].zJS = zJS; aSubmenuCtrl[nSubmenuCtrl].eType = FF_CHECKBOX; nSubmenuCtrl++; } void style_submenu_binary( const char *zName, /* Query parameter name */ const char *zTrue, /* Label to show when parameter is true */ const char *zFalse, /* Label to show when the parameter is false */ int eVisible /* Visible or disabled */ ){ assert( nSubmenuCtrl < count(aSubmenuCtrl) ); aSubmenuCtrl[nSubmenuCtrl].zName = zName; aSubmenuCtrl[nSubmenuCtrl].zLabel = zTrue; aSubmenuCtrl[nSubmenuCtrl].zFalse = zFalse; aSubmenuCtrl[nSubmenuCtrl].eVisible = eVisible; aSubmenuCtrl[nSubmenuCtrl].eType = FF_BINARY; nSubmenuCtrl++; } void style_submenu_multichoice( const char *zName, /* Query parameter name */ int nChoice, /* Number of options */ const char *const *azChoice, /* value/display pairs. 2*nChoice entries */ int eVisible /* Visible or disabled */ ){ assert( nSubmenuCtrl < count(aSubmenuCtrl) ); aSubmenuCtrl[nSubmenuCtrl].zName = zName; aSubmenuCtrl[nSubmenuCtrl].iSize = nChoice; aSubmenuCtrl[nSubmenuCtrl].azChoice = azChoice; aSubmenuCtrl[nSubmenuCtrl].eVisible = eVisible; aSubmenuCtrl[nSubmenuCtrl].eType = FF_MULTI; nSubmenuCtrl++; } void style_submenu_sql( const char *zName, /* Query parameter name */ const char *zLabel, /* Label on the control */ const char *zFormat, /* Format string for SQL command for choices */ ... /* Arguments to the format string */ ){ Stmt q; int n = 0; int nAlloc = 0; char **az = 0; va_list ap; va_start(ap, zFormat); db_vprepare(&q, 0, zFormat, ap); va_end(ap); while( SQLITE_ROW==db_step(&q) ){ if( n+2>=nAlloc ){ nAlloc += nAlloc + 20; az = fossil_realloc(az, sizeof(char*)*nAlloc); } az[n++] = fossil_strdup(db_column_text(&q,0)); az[n++] = fossil_strdup(db_column_text(&q,1)); } db_finalize(&q); if( n>0 ){ aSubmenuCtrl[nSubmenuCtrl].zName = zName; aSubmenuCtrl[nSubmenuCtrl].zLabel = zLabel; aSubmenuCtrl[nSubmenuCtrl].iSize = n/2; aSubmenuCtrl[nSubmenuCtrl].azChoice = (const char *const *)az; aSubmenuCtrl[nSubmenuCtrl].eVisible = STYLE_NORMAL; aSubmenuCtrl[nSubmenuCtrl].eType = FF_MULTI; nSubmenuCtrl++; } } /* ** Compare two submenu items for sorting purposes */ static int submenuCompare(const void *a, const void *b){ const struct Submenu *A = (const struct Submenu*)a; const struct Submenu *B = (const struct Submenu*)b; return fossil_strcmp(A->zLabel, B->zLabel); } /* Use this for the $current_page variable if it is not NULL. If it is ** NULL then use g.zPath. */ static char *local_zCurrentPage = 0; /* ** Set the desired $current_page to something other than g.zPath */ void style_set_current_page(const char *zFormat, ...){ fossil_free(local_zCurrentPage); if( zFormat==0 ){ local_zCurrentPage = 0; }else{ va_list ap; va_start(ap, zFormat); local_zCurrentPage = vmprintf(zFormat, ap); va_end(ap); } } /* ** Create a TH1 variable containing the URL for the specified config resource. ** The resulting variable name will be of the form $[zVarPrefix]_url. */ static void url_var( const char *zVarPrefix, const char *zConfigName, const char *zPageName ){ char *zVarName = mprintf("%s_url", zVarPrefix); char *zUrl = mprintf("%R/%s?id=%x", zPageName, skin_id(zConfigName)); Th_Store(zVarName, zUrl); free(zUrl); free(zVarName); } /* ** Create a TH1 variable containing the URL for the specified config image. ** The resulting variable name will be of the form $[zImageName]_image_url. */ static void image_url_var(const char *zImageName){ char *zVarPrefix = mprintf("%s_image", zImageName); char *zConfigName = mprintf("%s-image", zImageName); url_var(zVarPrefix, zConfigName, zImageName); free(zVarPrefix); free(zConfigName); } /* ** Return a random nonce that is stored in static space. For a particular ** run, the same nonce is always returned. */ char *style_nonce(void){ static char zNonce[52]; if( zNonce[0]==0 ){ unsigned char zSeed[24]; sqlite3_randomness(24, zSeed); encode16(zSeed,(unsigned char*)zNonce,24); } return zNonce; } /* ** Default HTML page header text through <body>. If the repository-specific ** header template lacks a <body> tag, then all of the following is ** prepended. */ static char zDfltHeader[] = @ <html> @ <head> @ <base href="$baseurl/$current_page" /> @ <meta http-equiv="Content-Security-Policy" content="$default_csp" /> @ <meta name="viewport" content="width=device-width, initial-scale=1.0"> @ <title>$<project_name>: $<title></title> @ <link rel="alternate" type="application/rss+xml" title="RSS Feed" \ @ href="$home/timeline.rss" /> @ <link rel="stylesheet" href="$stylesheet_url" type="text/css" \ @ media="screen" /> @ </head> @ <body> ; /* ** Initialize all the default TH1 variables */ static void style_init_th1_vars(const char *zTitle){ const char *zNonce = style_nonce(); /* ** Do not overwrite the TH1 variable "default_csp" if it exists, as this ** allows it to be properly overridden via the TH1 setup script (i.e. it ** is evaluated before the header is rendered). */ char *zDfltCsp = sqlite3_mprintf("default-src 'self' data: ; " "script-src 'self' 'nonce-%s' ; " "style-src 'self' 'unsafe-inline'", zNonce); Th_MaybeStore("default_csp", zDfltCsp); sqlite3_free(zDfltCsp); Th_Store("nonce", zNonce); Th_Store("project_name", db_get("project-name","Unnamed Fossil Project")); Th_Store("project_description", db_get("project-description","")); if( zTitle ) Th_Store("title", zTitle); Th_Store("baseurl", g.zBaseURL); Th_Store("secureurl", fossil_wants_https(1)? g.zHttpsURL: g.zBaseURL); Th_Store("home", g.zTop); Th_Store("index_page", db_get("index-page","/home")); if( local_zCurrentPage==0 ) style_set_current_page("%T", g.zPath); Th_Store("current_page", local_zCurrentPage); Th_Store("csrf_token", g.zCsrfToken); Th_Store("release_version", RELEASE_VERSION); Th_Store("manifest_version", MANIFEST_VERSION); Th_Store("manifest_date", MANIFEST_DATE); Th_Store("compiler_name", COMPILER_NAME); url_var("stylesheet", "css", "style.css"); image_url_var("logo"); image_url_var("background"); if( !login_is_nobody() ){ Th_Store("login", g.zLogin); } } /* ** Draw the header. */ void style_header(const char *zTitleFormat, ...){ va_list ap; char *zTitle; const char *zHeader = skin_get("header"); login_check_credentials(); va_start(ap, zTitleFormat); zTitle = vmprintf(zTitleFormat, ap); va_end(ap); cgi_destination(CGI_HEADER); @ <!DOCTYPE html> if( g.thTrace ) Th_Trace("BEGIN_HEADER<br />\n", -1); /* Generate the header up through the main menu */ style_init_th1_vars(zTitle); if( sqlite3_strlike("%<body%", zHeader, 0)!=0 ){ Th_Render(zDfltHeader); } if( g.thTrace ) Th_Trace("BEGIN_HEADER_SCRIPT<br />\n", -1); Th_Render(zHeader); if( g.thTrace ) Th_Trace("END_HEADER<br />\n", -1); Th_Unstore("title"); /* Avoid collisions with ticket field names */ cgi_destination(CGI_BODY); g.cgiOutput = 1; headerHasBeenGenerated = 1; sideboxUsed = 0; if( g.perm.Debug && P("showqp") ){ @ <div class="debug"> cgi_print_all(0, 0); @ </div> } } #if INTERFACE /* Allowed parameters for style_adunit() */ #define ADUNIT_OFF 0x0001 /* Do not allow ads on this page */ #define ADUNIT_RIGHT_OK 0x0002 /* Right-side vertical ads ok here */ #endif /* ** Various page implementations can invoke this interface to let the ** style manager know what kinds of ads are appropriate for this page. */ void style_adunit_config(unsigned int mFlags){ adUnitFlags = mFlags; } /* ** Return the text of an ad-unit, if one should be rendered. Return ** NULL if no ad-unit is desired. ** ** The *pAdFlag value might be set to ADUNIT_RIGHT_OK if this is ** a right-hand vertical ad. */ static const char *style_adunit_text(unsigned int *pAdFlag){ const char *zAd = 0; *pAdFlag = 0; if( adUnitFlags & ADUNIT_OFF ) return 0; /* Disallow ads on this page */ if( db_get_boolean("adunit-disable",0) ) return 0; if( g.perm.Admin && db_get_boolean("adunit-omit-if-admin",0) ){ return 0; } if( !login_is_nobody() && fossil_strcmp(g.zLogin,"anonymous")!=0 && db_get_boolean("adunit-omit-if-user",0) ){ return 0; } if( (adUnitFlags & ADUNIT_RIGHT_OK)!=0 && !fossil_all_whitespace(zAd = db_get("adunit-right", 0)) && !cgi_body_contains("<table") ){ *pAdFlag = ADUNIT_RIGHT_OK; return zAd; }else if( !fossil_all_whitespace(zAd = db_get("adunit",0)) ){ return zAd; } return 0; } /* ** Indicate that the table-sorting javascript is needed. */ void style_table_sorter(void){ needSortJs = 1; } /* ** Indicate that the table-sorting javascript is needed. */ void style_graph_generator(void){ needGraphJs = 1; } /* ** Generate code to load a single javascript file */ void style_load_one_js_file(const char *zFile){ @ <script src='%R/builtin/%s(zFile)?id=%S(MANIFEST_UUID)'></script> } /* ** All extra JS files to load. */ static const char *azJsToLoad[4]; static int nJsToLoad = 0; /* ** Register a new JS file to load at the end of the document. */ void style_load_js(const char *zName){ int i; for(i=0; i<nJsToLoad; i++){ if( fossil_strcmp(zName, azJsToLoad[i])==0 ) return; } if( nJsToLoad>=sizeof(azJsToLoad)/sizeof(azJsToLoad[0]) ){ fossil_panic("too many JS files"); } azJsToLoad[nJsToLoad++] = zName; } /* ** Generate code to load all required javascript files. */ static void style_load_all_js_files(void){ int i; if( needHrefJs ){ int nDelay = db_get_int("auto-hyperlink-delay",0); int bMouseover; /* Load up the page data */ bMouseover = (!g.isHuman || db_get_boolean("auto-hyperlink-ishuman",0)) && db_get_boolean("auto-hyperlink-mouseover",0); @ <script id='href-data' type='application/json'>\ @ {"delay":%d(nDelay),"mouseover":%d(bMouseover)}</script> } @ <script nonce="%h(style_nonce())"> if( needHrefJs ){ cgi_append_content(builtin_text("href.js"),-1); } if( needSortJs ){ cgi_append_content(builtin_text("sorttable.js"),-1); } if( needGraphJs ){ cgi_append_content(builtin_text("graph.js"),-1); } for(i=0; i<nJsToLoad; i++){ cgi_append_content(builtin_text(azJsToLoad[i]),-1); } if( blob_size(&blobOnLoad)>0 ){ @ window.onload = function(){ cgi_append_content(blob_buffer(&blobOnLoad), blob_size(&blobOnLoad)); cgi_append_content("\n}\n", -1); } @ </script> } /* ** Extra JS to run after all content is loaded. */ void style_js_onload(const char *zFormat, ...){ va_list ap; va_start(ap, zFormat); blob_vappendf(&blobOnLoad, zFormat, ap); va_end(ap); } /* ** Draw the footer at the bottom of the page. */ void style_footer(void){ const char *zFooter; const char *zAd = 0; unsigned int mAdFlags = 0; if( !headerHasBeenGenerated ) return; /* Go back and put the submenu at the top of the page. We delay the ** creation of the submenu until the end so that we can add elements ** to the submenu while generating page text. */ cgi_destination(CGI_HEADER); if( nSubmenu+nSubmenuCtrl>0 ){ int i; if( nSubmenuCtrl ){ @ <form id='f01' method='GET' action='%R/%s(g.zPath)'> @ <input type='hidden' name='udc' value='1'> } @ <div class="submenu"> if( nSubmenu>0 ){ qsort(aSubmenu, nSubmenu, sizeof(aSubmenu[0]), submenuCompare); for(i=0; i<nSubmenu; i++){ struct Submenu *p = &aSubmenu[i]; if( p->zLink==0 ){ @ <span class="label">%h(p->zLabel)</span> }else{ @ <a class="label" href="%h(p->zLink)">%h(p->zLabel)</a> } } } for(i=0; i<nSubmenuCtrl; i++){ const char *zQPN = aSubmenuCtrl[i].zName; const char *zDisabled = ""; const char *zXtraClass = ""; if( aSubmenuCtrl[i].eVisible & STYLE_DISABLED ){ zDisabled = " disabled"; }else if( zQPN ){ cgi_tag_query_parameter(zQPN); } switch( aSubmenuCtrl[i].eType ){ case FF_ENTRY: @ <span class='submenuctrl%s(zXtraClass)'>\ @ %h(aSubmenuCtrl[i].zLabel)\ @ <input type='text' name='%s(zQPN)' value='%h(PD(zQPN, ""))' \ if( aSubmenuCtrl[i].iSize<0 ){ @ size='%d(-aSubmenuCtrl[i].iSize)' \ }else if( aSubmenuCtrl[i].iSize>0 ){ @ size='%d(aSubmenuCtrl[i].iSize)' \ @ maxlength='%d(aSubmenuCtrl[i].iSize)' \ } @ id='submenuctrl-%d(i)'%s(zDisabled)></span> break; case FF_MULTI: { int j; const char *zVal = P(zQPN); if( zXtraClass[0] ){ @ <span class='%s(zXtraClass+1)'> } if( aSubmenuCtrl[i].zLabel ){ @ %h(aSubmenuCtrl[i].zLabel)\ } @ <select class='submenuctrl' size='1' name='%s(zQPN)' \ @ id='submenuctrl-%d(i)'%s(zDisabled)> for(j=0; j<aSubmenuCtrl[i].iSize*2; j+=2){ const char *zQPV = aSubmenuCtrl[i].azChoice[j]; @ <option value='%h(zQPV)'\ if( fossil_strcmp(zVal, zQPV)==0 ){ @ selected\ } @ >%h(aSubmenuCtrl[i].azChoice[j+1])</option> } @ </select> if( zXtraClass[0] ){ @ </span> } break; } case FF_BINARY: { int isTrue = PB(zQPN); @ <select class='submenuctrl%s(zXtraClass)' size='1' \ @ name='%s(zQPN)' id='submenuctrl-%d(i)'%s(zDisabled)> @ <option value='1'\ if( isTrue ){ @ selected\ } @ >%h(aSubmenuCtrl[i].zLabel)</option> @ <option value='0'\ if( !isTrue ){ @ selected\ } @ >%h(aSubmenuCtrl[i].zFalse)</option> @ </select> break; } case FF_CHECKBOX: { @ <label class='submenuctrl submenuckbox%s(zXtraClass)'>\ @ <input type='checkbox' name='%s(zQPN)' id='submenuctrl-%d(i)' \ if( PB(zQPN) ){ @ checked \ } if( aSubmenuCtrl[i].zJS ){ @ data-ctrl='%s(aSubmenuCtrl[i].zJS)'%s(zDisabled)>\ }else{ @ %s(zDisabled)>\ } @ %h(aSubmenuCtrl[i].zLabel)</label> break; } } } @ </div> if( nSubmenuCtrl ){ cgi_query_parameters_to_hidden(); cgi_tag_query_parameter(0); @ </form> style_load_one_js_file("menu.js"); } } zAd = style_adunit_text(&mAdFlags); if( (mAdFlags & ADUNIT_RIGHT_OK)!=0 ){ @ <div class="content adunit_right_container"> @ <div class="adunit_right"> cgi_append_content(zAd, -1); @ </div> }else{ if( zAd ){ @ <div class="adunit_banner"> cgi_append_content(zAd, -1); @ </div> } @ <div class="content"> } cgi_destination(CGI_BODY); if( sideboxUsed ){ /* Put the footer at the bottom of the page. ** the additional clear/both is needed to extend the content ** part to the end of an optional sidebox. */ @ <div class="endContent"></div> } @ </div> zFooter = skin_get("footer"); if( sqlite3_strlike("%</body>%", zFooter, 0)==0 ){ style_load_all_js_files(); } if( g.thTrace ) Th_Trace("BEGIN_FOOTER<br />\n", -1); Th_Render(zFooter); if( g.thTrace ) Th_Trace("END_FOOTER<br />\n", -1); /* Render trace log if TH1 tracing is enabled. */ if( g.thTrace ){ cgi_append_content("<span class=\"thTrace\"><hr />\n", -1); cgi_append_content(blob_str(&g.thLog), blob_size(&g.thLog)); cgi_append_content("</span>\n", -1); } /* Add document end mark if it was not in the footer */ if( sqlite3_strlike("%</body>%", zFooter, 0)!=0 ){ style_load_all_js_files(); @ </body> @ </html> } } /* ** Begin a side-box on the right-hand side of a page. The title and ** the width of the box are given as arguments. The width is usually ** a percentage of total screen width. */ void style_sidebox_begin(const char *zTitle, const char *zWidth){ sideboxUsed = 1; @ <div class="sidebox" style="width:%s(zWidth)"> @ <div class="sideboxTitle">%h(zTitle)</div> } /* End the side-box */ void style_sidebox_end(void){ @ </div> } /* ** Insert the cssDefaultList[] table, generated from default_css.txt ** using the mkcss.c program. */ #include "default_css.h" /* ** Append all of the default CSS to the CGI output. */ void cgi_append_default_css(void) { int i; cgi_printf("%s", builtin_text("skins/default/css.txt")); for( i=0; cssDefaultList[i].elementClass; i++ ){ if( cssDefaultList[i].elementClass[0] ){ cgi_printf("%s {\n%s\n}\n\n", cssDefaultList[i].elementClass, cssDefaultList[i].value ); } } } /* ** Search string zCss for zSelector. ** ** Return true if found. Return false if not found */ static int containsSelector(const char *zCss, const char *zSelector){ const char *z; int n; int selectorLen = (int)strlen(zSelector); for(z=zCss; *z; z+=selectorLen){ z = strstr(z, zSelector); if( z==0 ) return 0; if( z!=zCss ){ for( n=-1; z+n!=zCss && fossil_isspace(z[n]); n--); if( z+n!=zCss && z[n]!=',' && z[n]!= '}' && z[n]!='/' ) continue; } for( n=selectorLen; z[n] && fossil_isspace(z[n]); n++ ); if( z[n]==',' || z[n]=='{' || z[n]=='/' ) return 1; } return 0; } /* ** COMMAND: test-contains-selector ** ** Usage: %fossil test-contains-selector FILENAME SELECTOR ** ** Determine if the CSS stylesheet FILENAME contains SELECTOR. */ void contains_selector_cmd(void){ int found; char *zSelector; Blob css; if( g.argc!=4 ) usage("FILENAME SELECTOR"); blob_read_from_file(&css, g.argv[2], ExtFILE); zSelector = g.argv[3]; found = containsSelector(blob_str(&css), zSelector); fossil_print("%s %s\n", zSelector, found ? "found" : "not found"); blob_reset(&css); } /* ** WEBPAGE: script.js ** ** Return the "Javascript" content for the current skin (if there is any) */ void page_script_js(void){ const char *zScript = skin_get("js"); if( P("test") ){ /* Render the script as plain-text for testing purposes, if the "test" ** query parameter is present */ cgi_set_content_type("text/plain"); }else{ /* Default behavior is to return javascript */ cgi_set_content_type("application/javascript"); } style_init_th1_vars(0); Th_Render(zScript?zScript:""); } /* ** WEBPAGE: style.css ** ** Return the style sheet. */ void page_style_css(void){ Blob css; int i; int isInit = 0; cgi_set_content_type("text/css"); blob_init(&css,skin_get("css"),-1); /* add special missing definitions */ for(i=1; cssDefaultList[i].elementClass; i++){ char *z = blob_str(&css); if( !containsSelector(z, cssDefaultList[i].elementClass) ){ if( !isInit ){ isInit = 1; blob_append(&css, "\n/***********************************************************\n" "** All CSS above is supplied by the repository \"skin\".\n" "** That which follows is generated automatically by Fossil\n" "** to fill in needed selectors that are missing from the\n" "** \"skin\" CSS.\n" "***********************************************************/\n", -1); } blob_appendf(&css, "%s {\n%s}\n", cssDefaultList[i].elementClass, cssDefaultList[i].value); } } /* Process through TH1 in order to give an opportunity to substitute ** variables such as $baseurl. */ Th_Store("baseurl", g.zBaseURL); Th_Store("secureurl", fossil_wants_https(1)? g.zHttpsURL: g.zBaseURL); Th_Store("home", g.zTop); image_url_var("logo"); image_url_var("background"); Th_Render(blob_str(&css)); /* Tell CGI that the content returned by this page is considered cacheable */ g.isConst = 1; } /* ** WEBPAGE: builtin ** URL: builtin/FILENAME ** ** Return the built-in text given by FILENAME. This is used internally ** by many Fossil web pages to load built-in javascript files. ** ** If the id= query parameter is present, then Fossil assumes that the ** result is immutable and sets a very large cache retention time (1 year). */ void page_builtin_text(void){ Blob out; const char *zName = P("name"); const char *zTxt = 0; const char *zId = P("id"); int nId; if( zName ) zTxt = builtin_text(zName); if( zTxt==0 ){ cgi_set_status(404, "Not Found"); @ File "%h(zName)" not found return; } if( sqlite3_strglob("*.js", zName)==0 ){ cgi_set_content_type("application/javascript"); }else{ cgi_set_content_type("text/plain"); } if( zId && (nId = (int)strlen(zId))>=8 && strncmp(zId,MANIFEST_UUID,nId)==0 ){ g.isConst = 1; }else{ etag_check(0,0); } blob_init(&out, zTxt, -1); cgi_set_content(&out); } /* ** All possible capabilities */ static const char allCap[] = "abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKL"; /* ** Compute the current login capabilities */ static char *find_capabilities(char *zCap){ int i, j; char c; for(i=j=0; (c = allCap[j])!=0; j++){ if( login_has_capability(&c, 1, 0) ) zCap[i++] = c; } zCap[i] = 0; return zCap; } /* ** Compute the current login capabilities that were ** contributed by Anonymous */ static char *find_anon_capabilities(char *zCap){ int i, j; char c; for(i=j=0; (c = allCap[j])!=0; j++){ if( login_has_capability(&c, 1, LOGIN_ANON) && !login_has_capability(&c, 1, 0) ) zCap[i++] = c; } zCap[i] = 0; return zCap; } /* ** WEBPAGE: test_env ** ** Display CGI-variables and other aspects of the run-time ** environment, for debugging and trouble-shooting purposes. */ void page_test_env(void){ webpage_error(""); } /* ** WEBPAGE: honeypot ** This page is a honeypot for spiders and bots. */ void honeypot_page(void){ cgi_set_status(403, "Forbidden"); @ <p>Please enable javascript or log in to see this content</p> } /* ** Webpages that encounter an error due to missing or incorrect ** query parameters can jump to this routine to render an error ** message screen. ** ** For administators, or if the test_env_enable setting is true, then ** details of the request environment are displayed. Otherwise, just ** the error message is shown. ** ** If zFormat is an empty string, then this is the /test_env page. */ void webpage_error(const char *zFormat, ...){ int i; int showAll; char *zErr = 0; int isAuth = 0; char zCap[100]; static const char *const azCgiVars[] = { "COMSPEC", "DOCUMENT_ROOT", "GATEWAY_INTERFACE", "SCGI", "HTTP_ACCEPT", "HTTP_ACCEPT_CHARSET", "HTTP_ACCEPT_ENCODING", "HTTP_ACCEPT_LANGUAGE", "HTTP_AUTHENICATION", "HTTP_CONNECTION", "HTTP_HOST", "HTTP_IF_NONE_MATCH", "HTTP_IF_MODIFIED_SINCE", "HTTP_USER_AGENT", "HTTP_REFERER", "PATH_INFO", "PATH_TRANSLATED", "QUERY_STRING", "REMOTE_ADDR", "REMOTE_PORT", "REMOTE_USER", "REQUEST_METHOD", "REQUEST_URI", "SCRIPT_FILENAME", "SCRIPT_NAME", "SERVER_PROTOCOL", "HOME", "FOSSIL_HOME", "USERNAME", "USER", "FOSSIL_USER", "SQLITE_TMPDIR", "TMPDIR", "TEMP", "TMP", "FOSSIL_VFS", "FOSSIL_FORCE_TICKET_MODERATION", "FOSSIL_FORCE_WIKI_MODERATION", "FOSSIL_TCL_PATH", "TH1_DELETE_INTERP", "TH1_ENABLE_DOCS", "TH1_ENABLE_HOOKS", "TH1_ENABLE_TCL", "REMOTE_HOST", }; login_check_credentials(); if( g.perm.Admin || g.perm.Setup || db_get_boolean("test_env_enable",0) ){ isAuth = 1; } for(i=0; i<count(azCgiVars); i++) (void)P(azCgiVars[i]); if( zFormat[0] ){ va_list ap; va_start(ap, zFormat); zErr = vmprintf(zFormat, ap); va_end(ap); style_header("Bad Request"); @ <h1>/%h(g.zPath): %h(zErr)</h1> showAll = 0; cgi_set_status(500, "Bad Request"); }else if( !isAuth ){ login_needed(0); return; }else{ style_header("Environment Test"); showAll = PB("showall"); style_submenu_checkbox("showall", "Cookies", 0, 0); style_submenu_element("Stats", "%R/stat"); } if( isAuth ){ #if !defined(_WIN32) @ uid=%d(getuid()), gid=%d(getgid())<br /> #endif @ g.zBaseURL = %h(g.zBaseURL)<br /> @ g.zHttpsURL = %h(g.zHttpsURL)<br /> @ g.zTop = %h(g.zTop)<br /> @ g.zPath = %h(g.zPath)<br /> @ g.userUid = %d(g.userUid)<br /> @ g.zLogin = %h(g.zLogin)<br /> @ g.isHuman = %d(g.isHuman)<br /> if( g.nRequest ){ @ g.nRequest = %d(g.nRequest)<br /> } if( g.nPendingRequest>1 ){ @ g.nPendingRequest = %d(g.nPendingRequest)<br /> } @ capabilities = %s(find_capabilities(zCap))<br /> if( zCap[0] ){ @ anonymous-adds = %s(find_anon_capabilities(zCap))<br /> } @ g.zRepositoryName = %h(g.zRepositoryName)<br /> @ load_average() = %f(load_average())<br /> @ cgi_csrf_safe(0) = %d(cgi_csrf_safe(0))<br /> @ <hr /> P("HTTP_USER_AGENT"); cgi_print_all(showAll, 0); if( showAll && blob_size(&g.httpHeader)>0 ){ @ <hr /> @ <pre> @ %h(blob_str(&g.httpHeader)) @ </pre> } } style_footer(); if( zErr ){ cgi_reply(); fossil_exit(1); } } /* ** Generate a Not Yet Implemented error page. */ void webpage_not_yet_implemented(void){ webpage_error("Not yet implemented"); } /* ** Generate a webpage for a webpage_assert(). */ void webpage_assert_page(const char *zFile, int iLine, const char *zExpr){ fossil_warning("assertion fault at %s:%d - %s", zFile, iLine, zExpr); cgi_reset_content(); webpage_error("assertion fault at %s:%d - %s", zFile, iLine, zExpr); } #if INTERFACE # define webpage_assert(T) if(!(T)){webpage_assert_page(__FILE__,__LINE__,#T);} #endif