Fossil

Check-in [2b233e0af2]
Login
Home Timeline Docs Branches Tickets Wiki DownloadMore...

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:limit hook http requests to localhost, unless setting "http-outside" is set.
Downloads: Tarball | ZIP archive
Timelines: family | ancestors | descendants | both | tkt-change-hook
Files: files | file ages | folders
SHA1: 2b233e0af294c6590455d9fd461619a296d0c911
User & Date: jan.nijtmans 2013-07-08 20:07:00.776
Context
2013-07-09
11:06
"http-allow-regexp" setting and "http -async" (continuing experiments) check-in: 75a9c981ab user: jan.nijtmans tags: tkt-change-hook
2013-07-08
20:07
limit hook http requests to localhost, unless setting "http-outside" is set. check-in: 2b233e0af2 user: jan.nijtmans tags: tkt-change-hook
18:28
some first security restrictions check-in: 6949032cfe user: jan.nijtmans tags: tkt-change-hook
Changes
Unified Diff Ignore Whitespace Patch
Changes to src/db.c. 
2110
2111
2112
2113
2114
2115
2116

2117
2118
2119
2120
2121
2122
2123

  { "diff-command",  0,               40, 0, ""                    },
  { "dont-push",     0,                0, 0, "off"                 },
  { "editor",        0,               32, 0, ""                    },
  { "empty-dirs",    0,               40, 1, ""                    },
  { "encoding-glob",  0,              40, 1, ""                    },
  { "gdiff-command", 0,               40, 0, "gdiff"               },
  { "gmerge-command",0,               40, 0, ""                    },

  { "http-port",     0,               16, 0, "8080"                },
  { "https-login",   0,                0, 0, "off"                 },
  { "ignore-glob",   0,               40, 1, ""                    },
  { "keep-glob",     0,               40, 1, ""                    },
  { "localauth",     0,                0, 0, "off"                 },
  { "main-branch",   0,               40, 0, "trunk"               },
  { "manifest",      0,                0, 1, "off"                 },








>








2110
2111
2112
2113
2114
2115
2116
2117
2118
2119
2120
2121
2122
2123
2124

  { "diff-command",  0,               40, 0, ""                    },
  { "dont-push",     0,                0, 0, "off"                 },
  { "editor",        0,               32, 0, ""                    },
  { "empty-dirs",    0,               40, 1, ""                    },
  { "encoding-glob",  0,              40, 1, ""                    },
  { "gdiff-command", 0,               40, 0, "gdiff"               },
  { "gmerge-command",0,               40, 0, ""                    },
  { "http-outside",  0,                0, 0, "off"                 },
  { "http-port",     0,               16, 0, "8080"                },
  { "https-login",   0,                0, 0, "off"                 },
  { "ignore-glob",   0,               40, 1, ""                    },
  { "keep-glob",     0,               40, 1, ""                    },
  { "localauth",     0,                0, 0, "off"                 },
  { "main-branch",   0,               40, 0, "trunk"               },
  { "manifest",      0,                0, 1, "off"                 },

2239
2240
2241
2242
2243
2244
2245



2246
2247
2248
2249
2250
2251
2252

**                     diff. If undefined, text diff will be used.
**
**    gmerge-command   A graphical merge conflict resolver command operating
**                     on four files.
**                     Ex: kdiff3 "%baseline" "%original" "%merge" -o "%output"
**                     Ex: xxdiff "%original" "%baseline" "%merge" -M "%output"
**                     Ex: meld "%baseline" "%original" "%merge" "%output"



**
**    http-port        The TCP/IP port number to use by the "server"
**                     and "ui" commands.  Default: 8080
**
**    https-login      Send login credentials using HTTPS instead of HTTP
**                     even if the login page request came via HTTP.
**








>
>
>








2240
2241
2242
2243
2244
2245
2246
2247
2248
2249
2250
2251
2252
2253
2254
2255
2256

**                     diff. If undefined, text diff will be used.
**
**    gmerge-command   A graphical merge conflict resolver command operating
**                     on four files.
**                     Ex: kdiff3 "%baseline" "%original" "%merge" -o "%output"
**                     Ex: xxdiff "%original" "%baseline" "%merge" -M "%output"
**                     Ex: meld "%baseline" "%original" "%merge" "%output"
**
**    http-outside     Allow http requests for commit and ticket hooks to reach
**                     outside the local machine. Default: off.
**
**    http-port        The TCP/IP port number to use by the "server"
**                     and "ui" commands.  Default: 8080
**
**    https-login      Send login credentials using HTTPS instead of HTTP
**                     even if the login page request came via HTTP.
**
Changes to src/th_main.c. 
255
256
257
258
259
260
261






262
263
264
265
266
267
268

  }else{
    type = "GET";
  }
  url_parse(argv[1], 0);
  if( g.urlIsSsh || g.urlIsFile ){
    Th_ErrorMessage(interp, "url must be http:// or https://", 0, 0);
    return TH_ERROR;






  }
  if( transport_open() ){
    Th_ErrorMessage(interp, transport_errmsg(), 0, 0);
    return TH_ERROR;
  }
  blob_zero(&hdr);
  i = strlen(g.urlPath);








>
>
>
>
>
>








255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274

  }else{
    type = "GET";
  }
  url_parse(argv[1], 0);
  if( g.urlIsSsh || g.urlIsFile ){
    Th_ErrorMessage(interp, "url must be http:// or https://", 0, 0);
    return TH_ERROR;
  }
  if( db_get_boolean("http-outside", 0)==0 ){
    if( strcmp(g.urlName, "localhost") && strcmp(g.urlName, "127.0.0.1") ){
      Th_ErrorMessage(interp, "hostname must be \"localhost\" or \"127.0.0.1\"", 0, 0);
      return TH_ERROR;
    }
  }
  if( transport_open() ){
    Th_ErrorMessage(interp, transport_errmsg(), 0, 0);
    return TH_ERROR;
  }
  blob_zero(&hdr);
  i = strlen(g.urlPath);
This page was generated in about 0.037s by Fossil 2.26 [1205ec86cb] 2025-04-30 16:57:32