3716
3717
3718
3719
3720
3721
3722
3723
3724
3725
3726
3727
3728
3729
3730
3731
3732
3733
3734
3735
3736
3737
3738
3739
3740
3741
3742
3743
3744
3745
3746
3747
3748
|
** case=1 Issue a fossil_warning() while generating the page.
** case=2 Extra db_begin_transaction()
** case=3 Extra db_end_transaction()
** case=4 Error during SQL processing
** case=5 Call the segfault handler
** case=6 Call webpage_assert()
** case=7 Call webpage_error()
*/
void test_warning_page(void){
int iCase = atoi(PD("case","0"));
int i;
login_check_credentials();
if( !g.perm.Admin ){
login_needed(0);
return;
}
style_set_current_feature("test");
style_header("Warning Test Page");
style_submenu_element("Error Log","%R/errorlog");
if( iCase<1 || iCase>4 ){
@ <p>Generate a message to the <a href="%R/errorlog">error log</a>
@ by clicking on one of the following cases:
}else{
@ <p>This is the test page for case=%d(iCase). All possible cases:
}
for(i=1; i<=8; i++){
@ <a href='./test-warning?case=%d(i)'>[%d(i)]</a>
}
@ </p>
@ <p><ol>
@ <li value='1'> Call fossil_warning()
if( iCase==1 ){
fossil_warning("Test warning message from /test-warning");
|
>
>
>
|
>
|
|
<
<
<
|
|
3716
3717
3718
3719
3720
3721
3722
3723
3724
3725
3726
3727
3728
3729
3730
3731
3732
3733
3734
3735
3736
3737
3738
3739
3740
3741
3742
3743
3744
3745
3746
3747
3748
3749
|
** case=1 Issue a fossil_warning() while generating the page.
** case=2 Extra db_begin_transaction()
** case=3 Extra db_end_transaction()
** case=4 Error during SQL processing
** case=5 Call the segfault handler
** case=6 Call webpage_assert()
** case=7 Call webpage_error()
** case=8 Simulate a timeout
** case=9 Simulate a TH1 XSS vulnerability
** case=10 Simulate a TH1 SQL-injection vulnerability
*/
void test_warning_page(void){
int iCase = atoi(PD("case","0"));
int i;
login_check_credentials();
if( !g.perm.Admin ){
login_needed(0);
return;
}
style_set_current_feature("test");
style_header("Warning Test Page");
style_submenu_element("Error Log","%R/errorlog");
@ <p>This page will generate various kinds of errors to test Fossil's
@ reaction. Depending on settings, a message might be written
@ into the <a href="%R/errorlog">error log</a>. Click on
@ one of the following hyperlinks to generate a simulated error:
for(i=1; i<=10; i++){
@ <a href='./test-warning?case=%d(i)'>[%d(i)]</a>
}
@ </p>
@ <p><ol>
@ <li value='1'> Call fossil_warning()
if( iCase==1 ){
fossil_warning("Test warning message from /test-warning");
|
3767
3768
3769
3770
3771
3772
3773
3774
3775
3776
3777
3778
3779
3780
3781
3782
3783
3784
3785
3786
3787
3788
|
if( iCase==5 ){
sigsegv_handler(0);
}
@ <li value='6'> call webpage_assert(0)
if( iCase==6 ){
webpage_assert( 5==7 );
}
@ <li value='7'> call webpage_error()"
if( iCase==7 ){
cgi_reset_content();
webpage_error("Case 7 from /test-warning");
}
@ <li value='8'> simulated timeout"
if( iCase==8 ){
fossil_set_timeout(1);
cgi_reset_content();
sqlite3_sleep(1100);
}
@ </ol>
@ <p>End of test</p>
style_finish_page();
}
|
|
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
3768
3769
3770
3771
3772
3773
3774
3775
3776
3777
3778
3779
3780
3781
3782
3783
3784
3785
3786
3787
3788
3789
3790
3791
3792
3793
3794
3795
3796
3797
3798
3799
3800
3801
3802
3803
3804
3805
3806
3807
3808
|
if( iCase==5 ){
sigsegv_handler(0);
}
@ <li value='6'> call webpage_assert(0)
if( iCase==6 ){
webpage_assert( 5==7 );
}
@ <li value='7'> call webpage_error()
if( iCase==7 ){
cgi_reset_content();
webpage_error("Case 7 from /test-warning");
}
@ <li value='8'> simulated timeout
if( iCase==8 ){
fossil_set_timeout(1);
cgi_reset_content();
sqlite3_sleep(1100);
}
@ <li value='9'> simulated TH1 XSS vulnerability
@ <li value='10'> simulated TH1 SQL-injection vulnerability
if( iCase==9 || iCase==10 ){
const char *zR;
int n, rc;
static const char *zTH1[] = {
/* case 9 */ "html [taint {<b>XSS</b>}]",
/* case 10 */ "query [taint {SELECT 'SQL-injection' AS msg}] {\n"
" html \"<b>[htmlize $msg]</b>\"\n"
"}"
};
rc = Th_Eval(g.interp, 0, zTH1[iCase==10], -1);
zR = Th_GetResult(g.interp, &n);
if( rc==TH_OK ){
@ <pre class="th1result">%h(zR)</pre>
}else{
@ <pre class="th1error">%h(zR)</pre>
}
}
@ </ol>
@ <p>End of test</p>
style_finish_page();
}
|