Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | Accept both "127.0.0.1" and "::ffff:127.0.0.1" as valid loopback IP addresses. |
|---|---|
| Downloads: | Tarball | ZIP archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA3-256: |
96dcb7e709a47863d31580e0812a7212 |
| User & Date: | drh 2018-01-03 18:56:52.628 |
Context
|
2018-01-03
| ||
| 22:13 | Fix harmless compiler warning. ... (check-in: a61922e2be user: mistachkin tags: trunk) | |
| 20:07 | For "fossil ui" and "fossil server" use the IPV6 loopback on Windows. ... (Closed-Leaf check-in: c038de8d27 user: drh tags: windows-loopback-ipv6) | |
| 18:56 | Accept both "127.0.0.1" and "::ffff:127.0.0.1" as valid loopback IP addresses. ... (check-in: 96dcb7e709 user: drh tags: trunk) | |
|
2018-01-02
| ||
| 11:37 | Fix the login mechanism on the new IPv6 code for "fossil server" on Windows. Patch from Olivier Mascia. ... (check-in: 723dedac57 user: drh tags: trunk) | |
Changes
Changes to src/cgi.c.
| ︙ | ︙ | |||
1341 1342 1343 1344 1345 1346 1347 |
/* z[] is the value of an X-FORWARDED-FOR: line in an HTTP header.
** Return a pointer to a string containing the real IP address, or a
** NULL pointer to stick with the IP address previously computed and
** loaded into g.zIpAddr.
*/
static const char *cgi_accept_forwarded_for(const char *z){
int i;
| > > | | | 1341 1342 1343 1344 1345 1346 1347 1348 1349 1350 1351 1352 1353 1354 1355 1356 1357 1358 |
/* z[] is the value of an X-FORWARDED-FOR: line in an HTTP header.
** Return a pointer to a string containing the real IP address, or a
** NULL pointer to stick with the IP address previously computed and
** loaded into g.zIpAddr.
*/
static const char *cgi_accept_forwarded_for(const char *z){
int i;
if( !cgi_is_loopback(g.zIpAddr) ){
/* Only accept X-FORWARDED-FOR if input coming from the local machine */
return 0;
}
i = strlen(z)-1;
while( i>=0 && z[i]!=',' && !fossil_isspace(z[i]) ) i--;
return &z[++i];
}
/*
** Remove the first space-delimited token from a string and return
|
| ︙ | ︙ | |||
2029 2030 2031 2032 2033 2034 2035 |
if( (zIndex = strchr(zSshClient,' '))!=0 ){
zSshClient[zIndex-zSshClient] = '\0';
return zSshClient;
}
}
return zDefault;
}
| > > > > > > > > | 2031 2032 2033 2034 2035 2036 2037 2038 2039 2040 2041 2042 2043 2044 2045 |
if( (zIndex = strchr(zSshClient,' '))!=0 ){
zSshClient[zIndex-zSshClient] = '\0';
return zSshClient;
}
}
return zDefault;
}
/*
** Return true if information is coming from the loopback network.
*/
int cgi_is_loopback(const char *zIpAddr){
return fossil_strcmp(zIpAddr, "127.0.0.1")==0 ||
fossil_strcmp(zIpAddr, "::ffff:127.0.0.1")==0;
}
|
Changes to src/login.c.
| ︙ | ︙ | |||
924 925 926 927 928 929 930 |
** local login is disabled and if we are using HTTP and not HTTPS,
** then there is no need to check user credentials.
**
** This feature allows the "fossil ui" command to give the user
** full access rights without having to log in.
*/
zRemoteAddr = ipPrefix(zIpAddr = PD("REMOTE_ADDR","nil"));
| | | | 924 925 926 927 928 929 930 931 932 933 934 935 936 937 938 939 |
** local login is disabled and if we are using HTTP and not HTTPS,
** then there is no need to check user credentials.
**
** This feature allows the "fossil ui" command to give the user
** full access rights without having to log in.
*/
zRemoteAddr = ipPrefix(zIpAddr = PD("REMOTE_ADDR","nil"));
if( ( cgi_is_loopback(zIpAddr)
|| (g.fSshClient & CGI_SSH_CLIENT)!=0 )
&& g.useLocalauth
&& db_get_int("localauth",0)==0
&& P("HTTPS")==0
){
if( g.localOpen ) zLogin = db_lget("default-user",0);
if( zLogin!=0 ){
uid = db_int(0, "SELECT uid FROM user WHERE login=%Q", zLogin);
|
| ︙ | ︙ |
Changes to src/timeline.c.
| ︙ | ︙ | |||
257 258 259 260 261 262 263 | int vid = 0; /* Current checkout version */ int dateFormat = 0; /* 0: HH:MM (default) */ int bCommentGitStyle = 0; /* Only show comments through first blank line */ const char *zStyle; /* Sub-name for classes for the style */ const char *zDateFmt; int iTableId = timeline_tableid(); | | | 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 |
int vid = 0; /* Current checkout version */
int dateFormat = 0; /* 0: HH:MM (default) */
int bCommentGitStyle = 0; /* Only show comments through first blank line */
const char *zStyle; /* Sub-name for classes for the style */
const char *zDateFmt;
int iTableId = timeline_tableid();
if( cgi_is_loopback(g.zIpAddr) && db_open_local(0) ){
vid = db_lget_int("checkout", 0);
}
zPrevDate[0] = 0;
mxWikiLen = db_get_int("timeline-max-comment", 0);
dateFormat = db_get_int("timeline-date-format", 0);
bCommentGitStyle = db_get_int("timeline-truncate-at-blank", 0);
if( (tmFlags & TIMELINE_VIEWS)==0 ){
|
| ︙ | ︙ |