Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | Do not export <var>g.zRelReqURI</var> to TH1 interpreter because <code>getParameter</code> proc can retrieve <code>PATH_INFO</code> and <code>QUERY_STRING</code>. Instead export <var>g.zPath</var> (as <var>$webpagename</var>) since that is typically needed in the TH1 headers/footers of custom skins. |
|---|---|
| Downloads: | Tarball | ZIP archive |
| Timelines: | family | ancestors | descendants | both | base-href-fix |
| Files: | files | file ages | folders |
| SHA3-256: |
ff4c7ed6096beceb2cf48055e3c475fd |
| User & Date: | george 2022-02-14 23:06:12.798 |
Context
|
2022-02-15
| ||
| 00:14 | Move <code><meta charset="UTF-8"></code> to the begining of the default header. Supply BODY element with a class that derives from <var>$webpagename</var>. ... (check-in: 6d135904ad user: george tags: base-href-fix) | |
|
2022-02-14
| ||
| 23:06 | Do not export <var>g.zRelReqURI</var> to TH1 interpreter because <code>getParameter</code> proc can retrieve <code>PATH_INFO</code> and <code>QUERY_STRING</code>. Instead export <var>g.zPath</var> (as <var>$webpagename</var>) since that is typically needed in the TH1 headers/footers of custom skins. ... (check-in: ff4c7ed609 user: george tags: base-href-fix) | |
| 22:43 | Make <code>style_set_base_href_suffix()</code> safe for misuse: if the resulting suffix contains unescaped quotes then escape them. <var>$base_href_suffix</var> is intended for interpolation inside of the quoted href attribute. This check-in should address the case when a user of malfunctioning browser (which mishandles quoting) is tricked by an adversary to visit a specially crafted hyperlink. ... (check-in: d97752f30b user: george tags: base-href-fix) | |
Changes
Changes to src/style.c.
| ︙ | ︙ | |||
791 792 793 794 795 796 797 |
if( zTitle ) Th_Store("title", zTitle);
Th_Store("baseurl", g.zBaseURL);
Th_Store("secureurl", fossil_wants_https(1)? g.zHttpsURL: g.zBaseURL);
Th_Store("home", g.zTop);
Th_Store("index_page", db_get("index-page","/home"));
if( local_zCurrentPage==0 ) style_set_current_page("%T", g.zPath);
Th_Store("current_page", local_zCurrentPage);
| < | < < | | 791 792 793 794 795 796 797 798 799 800 801 802 803 804 805 806 807 |
if( zTitle ) Th_Store("title", zTitle);
Th_Store("baseurl", g.zBaseURL);
Th_Store("secureurl", fossil_wants_https(1)? g.zHttpsURL: g.zBaseURL);
Th_Store("home", g.zTop);
Th_Store("index_page", db_get("index-page","/home"));
if( local_zCurrentPage==0 ) style_set_current_page("%T", g.zPath);
Th_Store("current_page", local_zCurrentPage);
if( !local_zBaseHrefSuffix ) style_set_base_href_suffix("%s",g.zRelReqURI);
Th_Store("base_href_suffix", local_zBaseHrefSuffix);
Th_Store("webpagename", g.zPath);
Th_Store("csrf_token", g.zCsrfToken);
Th_Store("release_version", RELEASE_VERSION);
Th_Store("manifest_version", MANIFEST_VERSION);
Th_Store("manifest_date", MANIFEST_DATE);
Th_Store("compiler_name", COMPILER_NAME);
Th_Store("mainmenu", style_get_mainmenu());
stylesheet_url_var();
|
| ︙ | ︙ |