SQLITE_NOTICE(283): recovered 2 frames from WAL file /home/hwaci/fossil/fossil.fossil-wal

Fossil: Check-in [5abc0f6e]

Fossil

Check-in [5abc0f6e]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:style.css now checks for a builtin file named after the first path component of the referer (sic), rather than PD("name"), however, we still have to emit style.css/PAGENAME in $stylesheet_url in order to pick up the the page-specific CSS, otherwise /style.css?id=... is the same for all pages and a page with its own style may pick up a cached copy without its own styles, or with the styles from another page.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | style-css-revamp
Files: files | file ages | folders
SHA3-256: 5abc0f6e79dfbfc5bd9b57377002805227b02e2d4a01f24c294b2181a1f202c2
User & Date: stephan 2020-05-18 02:59:21
Original Comment: style.css now checks for a builtin file named after the first path component of the referer (sic), rather than PD("name"), however, we still have to emit style.css/NAME in order to pick up the the name-specific CSS, otherwise /style.css?id=... is the same for all pages and a page with its own style may pick up a cached copy without its own styles, or with the styles from another page.
References
2020-05-18
12:32
Reverted [5abc0f6e7] because testing has shown the referrer to simply be too fragile and subject to browser-side whims (which also includes the option to send only the scheme and host, without the path, as the referrer, which breaks what that commit did). Now style.css supports both style.css/pagename and style.css?page=name, preferring the former, pending a decision on which one of those syntaxes the other devs prefer. Leaf check-in: 45341a28 user: stephan tags: style-css-revamp
Context
2020-05-18
03:38
Removed doc/help references to "overriding" CSS rules, as that no longer applies in this branch. check-in: a21e2668 user: stephan tags: style-css-revamp
02:59
style.css now checks for a builtin file named after the first path component of the referer (sic), rather than PD("name"), however, we still have to emit style.css/PAGENAME in $stylesheet_url in order to pick up the the page-specific CSS, otherwise /style.css?id=... is the same for all pages and a page with its own style may pick up a cached copy without its own styles, or with the styles from another page. check-in: 5abc0f6e user: stephan tags: style-css-revamp
2020-05-17
19:55
Removed accidental dual-emit of skin-level CSS. Copy/paste bug. check-in: eddb5ac5 user: stephan tags: style-css-revamp
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to src/cgi.c.
445
446
447
448
449
450
451




































452
453
454
455
456
457
458
  const char *zRef = P("referer");
  if( zRef==0 ){
    zRef = P("HTTP_REFERER");
    if( zRef==0 ) zRef = zDefault;
  }
  return zRef;
}





































/*
** Return true if the current request appears to be safe from a
** Cross-Site Request Forgery (CSRF) attack.  Conditions that must
** be met:
**
**    *   The HTTP_REFERER must have the same origin







>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>







445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
  const char *zRef = P("referer");
  if( zRef==0 ){
    zRef = P("HTTP_REFERER");
    if( zRef==0 ) zRef = zDefault;
  }
  return zRef;
}

/*
** If cgi_referer(0) returns a non-0 AND the referrer is from the same
** fossil app path (i.e. the referrer's path starts with g.zTop), this
** function returns the first path element of the referring page, up
** to, but not including, the first slash. Thus if he refer[r]er is
** https://foo.com/fossil.cgi/foo/bar, this returns "foo". The
** returned memory is malloc'd and needs to be freed by the caller.
*/
char * cgi_referer_fossil_page_name(){
  UrlData url;
  char * zPage = 0;
  const char * zRef = cgi_referer(0);

  if(zRef==0) return 0;
  memset(&url, 0, sizeof(url));
  url_parse_local(zRef, 0, &url);
  if(url.path==strstr(url.path, g.zTop)){
    /* g.zTop is, e.g., /cgi-bin/fossil.cgi,
       url.path is, e.g., /cgi-bin/fossil.cgi/page/... */
    char * zSlash = 0;
    zPage = url.path + strlen(g.zTop);
    if('/' == zPage[0]){
      *zPage++ = 0;
      if((zSlash = strstr(zPage,"/"))!=0){
        *zSlash = 0;
      }
      zPage = mprintf("%s", zPage);
    }else{ /*unexpected result*/
      zPage = 0;
    }
  }
  url_cleanup(&url);
  return zPage;
}


/*
** Return true if the current request appears to be safe from a
** Cross-Site Request Forgery (CSRF) attack.  Conditions that must
** be met:
**
**    *   The HTTP_REFERER must have the same origin

Changes to src/style.c.
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
....
1116
1117
1118
1119
1120
1121
1122

1123
1124
1125
1126
1127
1128
1129
    /* Default behavior is to return javascript */
    cgi_set_content_type("application/javascript");
  }
  style_init_th1_vars(0);
  Th_Render(zScript?zScript:"");
}


/*
** WEBPAGE: style.css
**
** Return the style sheet.
*/
void page_style_css(void){
  Blob css = empty_blob;
  int i;
  const char *zPage = P("name");

  cgi_set_content_type("text/css");
  /* Emit all default rules... */
  for(i=1; cssDefaultList[i].elementClass; i++){
    char *z = blob_str(&css);
    if( !containsSelector(z, cssDefaultList[i].elementClass) ){
      blob_appendf(&css, "%s {\n%s}\n",
................................................................................
        "\n/***********************************************************\n"
        "** End of page-specific CSS for page %s.\n"
        "***********************************************************/\n",
        zPage);
    }
    fossil_free(zFile);
  }

  blob_append(&css,
     "\n/***********************************************************\n"
     "** All CSS which follows is supplied by the repository \"skin\".\n"
     "***********************************************************/\n",
     -1);
  blob_append(&css,skin_get("css"),-1);








<








|







 







>







1069
1070
1071
1072
1073
1074
1075

1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
....
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
    /* Default behavior is to return javascript */
    cgi_set_content_type("application/javascript");
  }
  style_init_th1_vars(0);
  Th_Render(zScript?zScript:"");
}


/*
** WEBPAGE: style.css
**
** Return the style sheet.
*/
void page_style_css(void){
  Blob css = empty_blob;
  int i;
  char *zPage = cgi_referer_fossil_page_name();

  cgi_set_content_type("text/css");
  /* Emit all default rules... */
  for(i=1; cssDefaultList[i].elementClass; i++){
    char *z = blob_str(&css);
    if( !containsSelector(z, cssDefaultList[i].elementClass) ){
      blob_appendf(&css, "%s {\n%s}\n",
................................................................................
        "\n/***********************************************************\n"
        "** End of page-specific CSS for page %s.\n"
        "***********************************************************/\n",
        zPage);
    }
    fossil_free(zFile);
  }
  fossil_free(zPage);
  blob_append(&css,
     "\n/***********************************************************\n"
     "** All CSS which follows is supplied by the repository \"skin\".\n"
     "***********************************************************/\n",
     -1);
  blob_append(&css,skin_get("css"),-1);

Changes to src/url.c.
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
..
63
64
65
66
67
68
69



















70
71
72
73
74
75
76
*/
struct UrlData {
  int isFile;      /* True if a "file:" url */
  int isHttps;     /* True if a "https:" url */
  int isSsh;       /* True if an "ssh:" url */
  char *name;      /* Hostname for http: or filename for file: */
  char *hostname;  /* The HOST: parameter on http headers */
  char *protocol;  /* "http" or "https" */
  int port;        /* TCP port number for http: or https: */
  int dfltPort;    /* The default port for the given protocol */
  char *path;      /* Pathname for http: */
  char *user;      /* User id for http: */
  char *passwd;    /* Password for http: */
  char *canonical; /* Canonical representation of the URL */
  char *proxyAuth; /* Proxy-Authorizer: string */
................................................................................
  unsigned flags;  /* Boolean flags controlling URL processing */
  int useProxy;    /* Used to remember that a proxy is in use */
  char *proxyUrlPath;
  int proxyOrigPort; /* Tunneled port number for https through proxy */
};
#endif /* INTERFACE */





















/*
** Parse the given URL.  Populate members of the provided UrlData structure
** as follows:
**
**      isFile      True if FILE:
**      isHttps     True if HTTPS:







|







 







>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>







47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
..
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
*/
struct UrlData {
  int isFile;      /* True if a "file:" url */
  int isHttps;     /* True if a "https:" url */
  int isSsh;       /* True if an "ssh:" url */
  char *name;      /* Hostname for http: or filename for file: */
  char *hostname;  /* The HOST: parameter on http headers */
  const char *protocol; /* "http" or "https" or "ssh" */
  int port;        /* TCP port number for http: or https: */
  int dfltPort;    /* The default port for the given protocol */
  char *path;      /* Pathname for http: */
  char *user;      /* User id for http: */
  char *passwd;    /* Password for http: */
  char *canonical; /* Canonical representation of the URL */
  char *proxyAuth; /* Proxy-Authorizer: string */
................................................................................
  unsigned flags;  /* Boolean flags controlling URL processing */
  int useProxy;    /* Used to remember that a proxy is in use */
  char *proxyUrlPath;
  int proxyOrigPort; /* Tunneled port number for https through proxy */
};
#endif /* INTERFACE */

/*
** Frees (almost) all (char*) members of pUrlData and zeroes out
** pUrlData. Results are undefined if pUrlData passed an uninitialized
** object.
*/
void url_cleanup(UrlData *pUrlData){
  fossil_free(pUrlData->user);
  fossil_free(pUrlData->passwd);
  if(pUrlData->hostname != pUrlData->name){
    fossil_free(pUrlData->name);
  }
  fossil_free(pUrlData->hostname);
  fossil_free(pUrlData->path);
  fossil_free(pUrlData->canonical);
  /* ??? fossil_free(pUrlData->proxyAuth); */
  /* ??? fossil_free(pUrlData->fossil); */
  /* ??? fossil_free(pUrlData->proxyUrlPath); */
  memset(pUrlData, 0, sizeof(*pUrlData));
}

/*
** Parse the given URL.  Populate members of the provided UrlData structure
** as follows:
**
**      isFile      True if FILE:
**      isHttps     True if HTTPS: