689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
|
/*
** Return true if the current request is coming from the same origin.
*/
int cgi_same_origin(void){
const char *zRef;
int nBase;
if( g.zBaseURL==0 ) return 0;
zRef = P("HTTP_REFERER");
if( zRef==0 ) return 0;
nBase = (int)strlen(g.zBaseURL);
if( fossil_strncmp(g.zBaseURL,zRef,nBase)!=0 ) return 0;
if( zRef[nBase]!=0 && zRef[nBase]!='/' ) return 0;
return 1;
}
/*
** Return true if the current CGI request is a POST request
*/
static int cgi_is_post_request(void){
const char *zMethod = P("REQUEST_METHOD");
|
>
>
>
>
>
>
>
|
>
|
>
>
>
>
>
|
|
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
|
/*
** Return true if the current request is coming from the same origin.
*/
int cgi_same_origin(void){
const char *zRef;
char *zToFree = 0;
int nBase;
int rc;
if( g.zBaseURL==0 ) return 0;
zRef = P("HTTP_REFERER");
if( zRef==0 ) return 0;
if( strchr(zRef,'%')!=0 ){
zToFree = strdup(zRef);
dehttpize(zToFree);
zRef = zToFree;
}
nBase = (int)strlen(g.zBaseURL);
if( fossil_strncmp(g.zBaseURL,zRef,nBase)!=0 ){
rc = 0;
}else if( zRef[nBase]!=0 && zRef[nBase]!='/' ){
rc = 0;
}else{
rc = 1;
}
fossil_free(zToFree);
return rc;
}
/*
** Return true if the current CGI request is a POST request
*/
static int cgi_is_post_request(void){
const char *zMethod = P("REQUEST_METHOD");
|