Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | Add the 'verifyLogin' command to TH1. |
|---|---|
| Downloads: | Tarball | ZIP archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA3-256: |
a470d60355cd71cc070cd943091fc6a1 |
| User & Date: | mistachkin 2019-12-13 19:22:31.753 |
Context
|
2019-12-13
| ||
| 21:10 | Updated change log for the /ext index addition. ... (check-in: 2468b578c4 user: stephan tags: trunk) | |
| 19:22 | Add the 'verifyLogin' command to TH1. ... (check-in: a470d60355 user: mistachkin tags: trunk) | |
| 19:14 | Delay for a failed 'verifyLogin' command invocation. ... (Closed-Leaf check-in: 7703173f47 user: mistachkin tags: verifyLogin) | |
| 18:57 | Enhance the /ext page to search for "index.*" files if the pathname ends with "/" and is a directory name. ... (check-in: 3ed3fa3dda user: drh tags: trunk) | |
Changes
Changes to src/th_main.c.
| ︙ | ︙ | |||
527 528 529 530 531 532 533 534 535 536 537 538 539 540 |
){
if( argc!=1 ){
return Th_WrongNumArgs(interp, "verifyCsrf");
}
login_verify_csrf_secret();
return TH_OK;
}
/*
** TH1 command: markdown STRING
**
** Renders the input string as markdown. The result is a two-element list.
** The first element is the text-only title string. The second element
** contains the body, rendered as HTML.
| > > > > > > > > > > > > > > > > > > > > > > > > > > > | 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 563 564 565 566 567 |
){
if( argc!=1 ){
return Th_WrongNumArgs(interp, "verifyCsrf");
}
login_verify_csrf_secret();
return TH_OK;
}
/*
** TH1 command: verifyLogin
**
** Returns non-zero if the specified user name and password represent a
** valid login for the repository.
*/
static int verifyLoginCmd(
Th_Interp *interp,
void *p,
int argc,
const char **argv,
int *argl
){
const char *zUser;
const char *zPass;
int uid;
if( argc!=3 ){
return Th_WrongNumArgs(interp, "verifyLogin userName password");
}
zUser = argv[1];
zPass = argv[2];
uid = login_search_uid(&zUser, zPass);
Th_SetResultInt(interp, uid!=0);
if( uid==0 ) sqlite3_sleep(100);
return TH_OK;
}
/*
** TH1 command: markdown STRING
**
** Renders the input string as markdown. The result is a two-element list.
** The first element is the text-only title string. The second element
** contains the body, rendered as HTML.
|
| ︙ | ︙ | |||
2109 2110 2111 2112 2113 2114 2115 2116 2117 2118 2119 2120 2121 2122 |
{"styleScript", styleScriptCmd, 0},
{"tclReady", tclReadyCmd, 0},
{"trace", traceCmd, 0},
{"stime", stimeCmd, 0},
{"unversioned", unversionedCmd, 0},
{"utime", utimeCmd, 0},
{"verifyCsrf", verifyCsrfCmd, 0},
{"wiki", wikiCmd, (void*)&aFlags[0]},
{0, 0, 0}
};
if( g.thTrace ){
Th_Trace("th1-init 0x%x => 0x%x<br />\n", g.th1Flags, flags);
}
if( needConfig ){
| > | 2136 2137 2138 2139 2140 2141 2142 2143 2144 2145 2146 2147 2148 2149 2150 |
{"styleScript", styleScriptCmd, 0},
{"tclReady", tclReadyCmd, 0},
{"trace", traceCmd, 0},
{"stime", stimeCmd, 0},
{"unversioned", unversionedCmd, 0},
{"utime", utimeCmd, 0},
{"verifyCsrf", verifyCsrfCmd, 0},
{"verifyLogin", verifyLoginCmd, 0},
{"wiki", wikiCmd, (void*)&aFlags[0]},
{0, 0, 0}
};
if( g.thTrace ){
Th_Trace("th1-init 0x%x => 0x%x<br />\n", g.th1Flags, flags);
}
if( needConfig ){
|
| ︙ | ︙ |
Changes to test/th1.test.
| ︙ | ︙ | |||
1039 1040 1041 1042 1043 1044 1045 |
set base_commands {anoncap anycap array artifact break breakpoint catch\
cgiHeaderLine checkout combobox continue date decorate dir enable_output \
encode64 error expr for getParameter glob_match globalState hascap \
hasfeature html htmlize http httpize if info insertCsrf lindex linecount \
list llength lsearch markdown nonce proc puts query randhex redirect\
regexp reinitialize rename render repository return searchable set\
setParameter setting stime string styleFooter styleHeader styleScript\
| | > | 1039 1040 1041 1042 1043 1044 1045 1046 1047 1048 1049 1050 1051 1052 1053 1054 |
set base_commands {anoncap anycap array artifact break breakpoint catch\
cgiHeaderLine checkout combobox continue date decorate dir enable_output \
encode64 error expr for getParameter glob_match globalState hascap \
hasfeature html htmlize http httpize if info insertCsrf lindex linecount \
list llength lsearch markdown nonce proc puts query randhex redirect\
regexp reinitialize rename render repository return searchable set\
setParameter setting stime string styleFooter styleHeader styleScript\
tclReady trace unset unversioned uplevel upvar utime verifyCsrf\
verifyLogin wiki}
set tcl_commands {tclEval tclExpr tclInvoke tclIsSafe tclMakeSafe}
if {$th1Tcl} {
test th1-info-commands-1 {$sorted_result eq [lsort "$base_commands $tcl_commands"]}
} else {
test th1-info-commands-1 {$sorted_result eq [lsort "$base_commands"]}
}
|
| ︙ | ︙ |
Changes to www/th1.md.
| ︙ | ︙ | |||
213 214 215 216 217 218 219 220 221 222 223 224 225 226 | * tclMakeSafe * tclReady * trace * unversioned content * unversioned list * utime * verifyCsrf * wiki Each of the commands above is documented by a block comment above their implementation in the th\_main.c or th\_tcl.c source files. All commands starting with "tcl", with the exception of "tclReady", require the Tcl integration subsystem be included at compile-time. | > | 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 | * tclMakeSafe * tclReady * trace * unversioned content * unversioned list * utime * verifyCsrf * verifyLogin * wiki Each of the commands above is documented by a block comment above their implementation in the th\_main.c or th\_tcl.c source files. All commands starting with "tcl", with the exception of "tclReady", require the Tcl integration subsystem be included at compile-time. |
| ︙ | ︙ | |||
731 732 733 734 735 736 737 738 739 740 741 742 743 744 | * verifyCsrf Before using the results of a form, first call this command to verify that this Anti-CSRF token is present and is valid. If the Anti-CSRF token is missing or is incorrect, that indicates a cross-site scripting attack. If the event of an attack is detected, an error message is generated and all further processing is aborted. <a name="wiki"></a>TH1 wiki Command ----------------------------------- * wiki STRING Renders STRING as wiki content. | > > > > > > > > | 732 733 734 735 736 737 738 739 740 741 742 743 744 745 746 747 748 749 750 751 752 753 | * verifyCsrf Before using the results of a form, first call this command to verify that this Anti-CSRF token is present and is valid. If the Anti-CSRF token is missing or is incorrect, that indicates a cross-site scripting attack. If the event of an attack is detected, an error message is generated and all further processing is aborted. <a name="verifyLogin"></a>TH1 verifyLogin Command ------------------------------------------------- * verifyLogin Returns non-zero if the specified user name and password represent a valid login for the repository. <a name="wiki"></a>TH1 wiki Command ----------------------------------- * wiki STRING Renders STRING as wiki content. |
| ︙ | ︙ |