Check-in [a0863d2b46]
Not logged in
Home Timeline Branches Tags Tickets Wiki Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Any call to fossil_fatal() while generating a webpage changes the output to a 400 Bad Request with an appropriately formatted web page.
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: a0863d2b46174995a79f0f8e1c4c0fbf51020513d74152ece711e5b9fb0130d6
User & Date: drh 2018-06-24 23:17:49.259
Context
2018-06-24
23:22
Include the HTTP_REFERER value in the error log file. Also, omit empty environment variables from the error log. check-in: 4c839973e4 user: drh tags: trunk
23:17
Any call to fossil_fatal() while generating a webpage changes the output to a 400 Bad Request with an appropriately formatted web page. check-in: a0863d2b46 user: drh tags: trunk
19:27
Do not report errors to the error log on a 304 reply. check-in: 60c8eca305 user: drh tags: trunk
Changes
Unified Diff Ignore Whitespace Patch
Changes to src/main.c. 
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174

  char *zHttpsURL;        /* zBaseURL translated to https: */
  char *zTop;             /* Parent directory of zPath */
  const char *zContentType;  /* The content type of the input HTTP request */
  int iErrPriority;       /* Priority of current error message */
  char *zErrMsg;          /* Text of an error message */
  int sslNotAvailable;    /* SSL is not available.  Do not redirect to https: */
  Blob cgiIn;             /* Input to an xfer www method */
  int cgiOutput;          /* Write error and status messages to CGI */
  int xferPanic;          /* Write error messages in XFER protocol */
  int fullHttpReply;      /* True for full HTTP reply.  False for CGI reply */
  Th_Interp *interp;      /* The TH1 interpreter */
  char *th1Setup;         /* The TH1 post-creation setup script, if any */
  int th1Flags;           /* The TH1 integration state flags */
  FILE *httpIn;           /* Accept HTTP input from here */
  FILE *httpOut;          /* Send HTTP output here */








|








160
161
162
163
164
165
166
167
168
169
170
171
172
173
174

  char *zHttpsURL;        /* zBaseURL translated to https: */
  char *zTop;             /* Parent directory of zPath */
  const char *zContentType;  /* The content type of the input HTTP request */
  int iErrPriority;       /* Priority of current error message */
  char *zErrMsg;          /* Text of an error message */
  int sslNotAvailable;    /* SSL is not available.  Do not redirect to https: */
  Blob cgiIn;             /* Input to an xfer www method */
  int cgiOutput;          /* 0: command-line 1: CGI. 2: CGI after an error */
  int xferPanic;          /* Write error messages in XFER protocol */
  int fullHttpReply;      /* True for full HTTP reply.  False for CGI reply */
  Th_Interp *interp;      /* The TH1 interpreter */
  char *th1Setup;         /* The TH1 post-creation setup script, if any */
  int th1Flags;           /* The TH1 integration state flags */
  FILE *httpIn;           /* Accept HTTP input from here */
  FILE *httpOut;          /* Send HTTP output here */
Changes to src/printf.c. 
1054
1055
1056
1057
1058
1059
1060

1061
1062
1063
1064
1065
1066
1067

    }
  }
  else
#endif
  {
    if( g.cgiOutput ){
      cgi_printf("<p class=\"generalError\">%h</p>", z);

      cgi_reply();
    }else if( !g.fQuiet ){
      fossil_force_newline();
      fossil_puts("Fossil internal error: ", 1);
      fossil_puts(z, 1);
      fossil_puts("\n", 1);
    }








>








1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068

    }
  }
  else
#endif
  {
    if( g.cgiOutput ){
      cgi_printf("<p class=\"generalError\">%h</p>", z);
      cgi_set_status(500, "Internal Server Error");
      cgi_reply();
    }else if( !g.fQuiet ){
      fossil_force_newline();
      fossil_puts("Fossil internal error: ", 1);
      fossil_puts(z, 1);
      fossil_puts("\n", 1);
    }

1084
1085
1086
1087
1088
1089
1090
1091
1092


1093


1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107

    if( g.isHTTP ){
      rc = 0 /* avoid HTTP 500 */;
    }
  }
  else
#endif
  {
    if( g.cgiOutput ){
      g.cgiOutput = 0;


      cgi_printf("<p class=\"generalError\">\n%h\n</p>\n", z);


      cgi_reply();
    }else if( !g.fQuiet ){
      fossil_force_newline();
      fossil_trace("%s\n", z);
    }
  }
  free(z);
  db_force_rollback();
  fossil_exit(rc);
}

/* This routine works like fossil_fatal() except that if called
** recursively, the recursive call is a no-op.
**








|
|
>
>
|
>
>






|








1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112

    if( g.isHTTP ){
      rc = 0 /* avoid HTTP 500 */;
    }
  }
  else
#endif
  {
    if( g.cgiOutput==1 ){
      g.cgiOutput = 2;
      cgi_reset_content();
      style_header("Bad Request");
      @ <p class="generalError">%h(z)</p>
      cgi_set_status(400, "Bad Request");
      style_footer();
      cgi_reply();
    }else if( !g.fQuiet ){
      fossil_force_newline();
      fossil_trace("%s\n", z);
    }
  }
  fossil_free(z);
  db_force_rollback();
  fossil_exit(rc);
}

/* This routine works like fossil_fatal() except that if called
** recursively, the recursive call is a no-op.
**

1129
1130
1131
1132
1133
1134
1135

1136
1137
1138
1139
1140
1141
1142

    }
  } else
#endif
  {
    if( g.cgiOutput ){
      g.cgiOutput = 0;
      cgi_printf("<p class=\"generalError\">\n%h\n</p>\n", z);

      cgi_reply();
    }else{
      fossil_force_newline();
      fossil_trace("%s\n", z);
    }
  }
  db_force_rollback();








>








1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148

    }
  } else
#endif
  {
    if( g.cgiOutput ){
      g.cgiOutput = 0;
      cgi_printf("<p class=\"generalError\">\n%h\n</p>\n", z);
      cgi_set_status(400, "Bad Request");
      cgi_reply();
    }else{
      fossil_force_newline();
      fossil_trace("%s\n", z);
    }
  }
  db_force_rollback();
Fossil version [1205ec86cb] 2025-04-30 16:57:32