Differences From Artifact [e3e3bcd32f]:
- File
src/main.c
— part of check-in
[fa6e993017]
at
2008-08-12 03:27:54
on branch trunk
— New Zip permission. This permission allow someone to download a
zipped artifact via the wiki's /zip URL. It can given the user
nobody to allow automatic package builder to download the sources
they know from fossil-scm.org or other servers without any
intervening login necessary.
As the /zip page do not expose anything, a spider should have a hard time to crawl thru the project using this URL. So IMO it does not open a break-in hole for spiders. (user: cle size: 21064) [more...]
To Artifact [bc031c08b3]:
- File src/main.c — part of check-in [0be54823ba] at 2008-10-18 12:55:44 on branch trunk — Add defenses against cross-site request forgery attacks. (user: drh size: 21258)
| ︙ | ︙ | |||
117 118 119 120 121 122 123 124 125 126 127 128 129 130 | int okNewTkt; /* n: create new tickets */ int okApndTkt; /* c: append to tickets via the web */ int okWrTkt; /* w: make changes to tickets via web */ int okTktFmt; /* t: create new ticket report formats */ int okRdAddr; /* e: read email addresses or other private data */ int okZip; /* z: download zipped artifact via /zip URL */ FILE *fDebug; /* Write debug information here, if the file exists */ /* Storage for the aux() and/or option() SQL function arguments */ int nAux; /* Number of distinct aux() or option() values */ const char *azAuxName[MX_AUX]; /* Name of each aux() or option() value */ char *azAuxParam[MX_AUX]; /* Param of each aux() or option() value */ const char *azAuxVal[MX_AUX]; /* Value of each aux() or option() value */ | > > > > | 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 | int okNewTkt; /* n: create new tickets */ int okApndTkt; /* c: append to tickets via the web */ int okWrTkt; /* w: make changes to tickets via web */ int okTktFmt; /* t: create new ticket report formats */ int okRdAddr; /* e: read email addresses or other private data */ int okZip; /* z: download zipped artifact via /zip URL */ /* For defense against Cross-site Request Forgery attacks */ char zCsrfToken[12]; /* Value of the anti-CSRF token */ int okCsrf; /* Anti-CSRF token is present and valid */ FILE *fDebug; /* Write debug information here, if the file exists */ /* Storage for the aux() and/or option() SQL function arguments */ int nAux; /* Number of distinct aux() or option() values */ const char *azAuxName[MX_AUX]; /* Name of each aux() or option() value */ char *azAuxParam[MX_AUX]; /* Param of each aux() or option() value */ const char *azAuxVal[MX_AUX]; /* Value of each aux() or option() value */ |
| ︙ | ︙ |