Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | Do not allow more than one login card in the sync protocol. |
|---|---|
| Timelines: | family | ancestors | descendants | both | xfer-login-card |
| Files: | files | file ages | folders |
| SHA3-256: |
12cc5bbf227e3905de21960093c26bff |
| User & Date: | drh 2025-07-21 19:39:13.740 |
References
|
2025-07-21
| ||
| 19:47 | Update sync.wiki for [12cc5bbf227e3]. check-in: a4c5a2a961 user: stephan tags: xfer-login-card | |
Context
|
2025-07-21
| ||
| 19:47 | Update sync.wiki for [12cc5bbf227e3]. check-in: a4c5a2a961 user: stephan tags: xfer-login-card | |
| 19:39 | Do not allow more than one login card in the sync protocol. check-in: 12cc5bbf22 user: drh tags: xfer-login-card | |
| 18:42 | Replace an mprintf() with fossil_strdup(). check-in: 73a2bd06b1 user: stephan tags: xfer-login-card | |
Changes
Changes to src/xfer.c.
| ︙ | ︙ | |||
1271 1272 1273 1274 1275 1276 1277 1278 1279 1280 1281 1282 1283 1284 |
const char *zScript = 0;
char *zUuidList = 0;
int nUuidList = 0;
char **pzUuidList = 0;
int *pnUuidList = 0;
int uvCatalogSent = 0;
int bSendLinks = 0;
if( fossil_strcmp(PD("REQUEST_METHOD","POST"),"POST") ){
fossil_redirect_home();
}
g.zLogin = "anonymous";
login_set_anon_nobody_capabilities();
login_check_credentials();
| > | 1271 1272 1273 1274 1275 1276 1277 1278 1279 1280 1281 1282 1283 1284 1285 |
const char *zScript = 0;
char *zUuidList = 0;
int nUuidList = 0;
char **pzUuidList = 0;
int *pnUuidList = 0;
int uvCatalogSent = 0;
int bSendLinks = 0;
int nLogin = 0;
if( fossil_strcmp(PD("REQUEST_METHOD","POST"),"POST") ){
fossil_redirect_home();
}
g.zLogin = "anonymous";
login_set_anon_nobody_capabilities();
login_check_credentials();
|
| ︙ | ︙ | |||
1560 1561 1562 1563 1564 1565 1566 |
@ push %s(db_get("server-code", "x")) %s(db_get("project-code", "x"))
}else
/* login USER NONCE SIGNATURE
**
** The client has sent login credentials to the server.
** Validate the login. This has to happen before anything else.
| > > | > > > > > > > > | 1561 1562 1563 1564 1565 1566 1567 1568 1569 1570 1571 1572 1573 1574 1575 1576 1577 1578 1579 1580 1581 1582 1583 1584 1585 1586 1587 1588 1589 1590 1591 1592 |
@ push %s(db_get("server-code", "x")) %s(db_get("project-code", "x"))
}else
/* login USER NONCE SIGNATURE
**
** The client has sent login credentials to the server.
** Validate the login. This has to happen before anything else.
**
** For many years, Fossil would accept multiple login cards with
** cumulative permissions. But that feature was never used. Hence
** it is now prohibited. Any login card after the first generates
** a fatal error.
*/
if( blob_eq(&xfer.aToken[0], "login")
&& xfer.nToken==4
){
handle_login_card:
nLogin++;
if( disableLogin ){
g.perm.Read = g.perm.Write = g.perm.Private = g.perm.Admin = 1;
}else if( nLogin > 1 ){
cgi_reset_content();
@ error multiple\slogin\cards
nErr++;
break;
}else{
if( check_tail_hash(&xfer.aToken[2], xfer.pIn)
|| check_login(&xfer.aToken[1], &xfer.aToken[2], &xfer.aToken[3])
){
cgi_reset_content();
@ error login\sfailed
nErr++;
|
| ︙ | ︙ |