Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | Add the /test-title webpage. Accessible to administrators only. |
|---|---|
| Downloads: | Tarball | ZIP archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA3-256: |
af57f63dee2822ad784612f9d07b02fa |
| User & Date: | drh 2025-03-07 20:26:49.828 |
Context
|
2025-03-08
| ||
| 11:17 | In /setup_uedit, rename the locally-shadowed zCap to aCap to avoid confusion in a pending change. No functional changes. ... (check-in: 74b149f2e2 user: stephan tags: trunk) | |
|
2025-03-07
| ||
| 23:19 | Merge the latest trunk enhancements into the comment-markdown-links branch. ... (check-in: 459499b0ea user: drh tags: comment-markdown-links) | |
| 21:09 | Merge the latest trunk enhancements into the min-from-to branch. ... (check-in: 990e287a94 user: drh tags: min-from-to) | |
| 20:26 | Add the /test-title webpage. Accessible to administrators only. ... (check-in: af57f63dee user: drh tags: trunk) | |
| 20:14 | Correctly render the title of embedded Markdown documents that contain characters that are special to HTML: > " ' & < ... (check-in: 0b24a45f49 user: drh tags: trunk) | |
Changes
Changes to src/style.c.
| ︙ | ︙ | |||
1338 1339 1340 1341 1342 1343 1344 1345 1346 1347 1348 1349 1350 1351 |
for(i=j=0; (c = allCap[j])!=0; j++){
if( login_has_capability(&c, 1, LOGIN_ANON)
&& !login_has_capability(&c, 1, 0) ) zCap[i++] = c;
}
zCap[i] = 0;
return zCap;
}
/*
** WEBPAGE: test_env
**
** Display CGI-variables and other aspects of the run-time
** environment, for debugging and trouble-shooting purposes.
*/
| > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > | 1338 1339 1340 1341 1342 1343 1344 1345 1346 1347 1348 1349 1350 1351 1352 1353 1354 1355 1356 1357 1358 1359 1360 1361 1362 1363 1364 1365 1366 1367 1368 1369 1370 1371 1372 1373 1374 1375 1376 1377 1378 1379 1380 1381 1382 1383 1384 |
for(i=j=0; (c = allCap[j])!=0; j++){
if( login_has_capability(&c, 1, LOGIN_ANON)
&& !login_has_capability(&c, 1, 0) ) zCap[i++] = c;
}
zCap[i] = 0;
return zCap;
}
/*
** WEBPAGE: test-title
**
** Render a test page in which the page title is set by the "title"
** query parameter. This can be used to show that HTML or Javascript
** content in the title does not leak through into generated page, resulting
** in an XSS issue.
**
** Due to the potential for abuse, this webpage is only available to
** administrators.
*/
void page_test_title(void){
const char *zTitle;
login_check_credentials();
if( !g.perm.Admin ){
login_needed(0);
}
zTitle = P("title");
if( zTitle==0 ){
zTitle = "(No Title)";
}
style_header("%s", zTitle);
@ <p>
@ This page sets its title to the value of the "title" query parameter.
@ The form below is a convenient way to set the title query parameter:
@
@ <form method="GET">
@ Title: <input type="text" size="50" name="title" value="%h(zTitle)">
@ <input type="submit" value="Submit">
@ </form>
style_finish_page();
}
/*
** WEBPAGE: test_env
**
** Display CGI-variables and other aspects of the run-time
** environment, for debugging and trouble-shooting purposes.
*/
|
| ︙ | ︙ |