Differences From Artifact [2f158b31b2]:

• File src/tktsetup.c — part of check-in [f5482a0a79] at 2023-05-10 18:40:08 on branch trunk — Removed all of the XML-style " />" tag closing markers on empty tags such as "hr", "br", and "input" to placate modern HTML5 validators. That's the doctype we declare, not XHTML, so we should conform. (Besides which, the XHTML dream is dead.) (user: wyoung size: 24509) [more...]

To Artifact [ae0401b6ef]:

• File src/tktsetup.c — part of check-in [88a402fe2a] at 2023-09-18 13:18:41 on branch csrf-defense-enhancement — Try to simplify and rationalize the defenses against cross-site request forgery attacks. A hodgepodge of techniques have been used in the past. This changes attempts to make everything work more alike and to centralize CSRF defenses for easier auditing. (user: drh size: 24485) [more...]

133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154

  isSubmit = P("submit")!=0;
  z = P("x");
  if( z==0 ){
    z = db_get(zDbField, zDfltValue);
  }
  style_set_current_feature("tktsetup");
  style_header("Edit %s", zTitle);
  if( P("clear")!=0 ){
    login_verify_csrf_secret();
    db_unset(zDbField/*works-like:"x"*/, 0);
    if( xRebuild ) xRebuild();
    cgi_redirect("tktsetup");
  }else if( isSubmit ){
    char *zErr = 0;
    login_verify_csrf_secret();
    if( xText && (zErr = xText(z))!=0 ){
      @ <p class="tktsetupError">ERROR: %h(zErr)</p>
    }else{
      db_set(zDbField/*works-like:"x"*/, z, 0);
      if( xRebuild ) xRebuild();
      cgi_redirect("tktsetup");
    }

|
<



|

<

133
134
135
136
137
138
139
140

141
142
143
144
145

146
147
148
149
150
151
152

  isSubmit = P("submit")!=0;
  z = P("x");
  if( z==0 ){
    z = db_get(zDbField, zDfltValue);
  }
  style_set_current_feature("tktsetup");
  style_header("Edit %s", zTitle);
  if( P("clear")!=0 && cgi_csrf_safe(2) ){

    db_unset(zDbField/*works-like:"x"*/, 0);
    if( xRebuild ) xRebuild();
    cgi_redirect("tktsetup");
  }else if( isSubmit && cgi_csrf_safe(2) ){
    char *zErr = 0;

    if( xText && (zErr = xText(z))!=0 ){
      @ <p class="tktsetupError">ERROR: %h(zErr)</p>
    }else{
      db_set(zDbField/*works-like:"x"*/, z, 0);
      if( xRebuild ) xRebuild();
      cgi_redirect("tktsetup");
    }