Fossil SCM
Do not provide failure diagnostics on the /ext page unless the user has Debug privilege.
Commit
08b9b619721be12e5dda359c4dba5246b26ccb2f37ca5d87390b64cf36310212
Parent
e4849f58e467b68…
1 file changed
+6
-2
+6
-2
| --- src/extcgi.c | ||
| +++ src/extcgi.c | ||
| @@ -114,10 +114,11 @@ | ||
| 114 | 114 | int rc; /* Reply code from subroutine call */ |
| 115 | 115 | int nContent = -1; /* Content length */ |
| 116 | 116 | Blob reply; /* The reply */ |
| 117 | 117 | char zLine[1000]; /* One line of the CGI reply */ |
| 118 | 118 | |
| 119 | + login_check_credentials(); | |
| 119 | 120 | blob_init(&reply, 0, 0); |
| 120 | 121 | if( g.zExtRoot==0 ){ |
| 121 | 122 | zFailReason = "extroot is not set"; |
| 122 | 123 | goto ext_not_found; |
| 123 | 124 | } |
| @@ -195,11 +196,10 @@ | ||
| 195 | 196 | cgi_replace_parameter("SCRIPT_FILENAME", zScript); |
| 196 | 197 | cgi_replace_parameter("SCRIPT_NAME", |
| 197 | 198 | mprintf("%T/ext/%T",g.zTop,zScript+nRoot+1)); |
| 198 | 199 | cgi_replace_parameter("SCRIPT_DIRECTORY", file_dirname(zScript)); |
| 199 | 200 | cgi_replace_parameter("PATH_INFO", zName + strlen(zScript+nRoot+1)); |
| 200 | - login_check_credentials(); | |
| 201 | 201 | if( g.zLogin ){ |
| 202 | 202 | cgi_replace_parameter("REMOTE_USER", g.zLogin); |
| 203 | 203 | cgi_set_parameter_nocopy("FOSSIL_USER", g.zLogin, 0); |
| 204 | 204 | } |
| 205 | 205 | cgi_set_parameter_nocopy("FOSSIL_REPOSITORY", g.zRepositoryName, 0); |
| @@ -279,9 +279,13 @@ | ||
| 279 | 279 | if( toChild ) fclose(toChild); |
| 280 | 280 | if( zFailReason==0 ){ |
| 281 | 281 | document_render(&reply, zMime, zName, zName); |
| 282 | 282 | }else{ |
| 283 | 283 | cgi_set_status(404, "Not Found"); |
| 284 | - @ %h(zFailReason) | |
| 284 | + @ <h1>Not Found</h1> | |
| 285 | + @ <p>Page not found: %h(g.zPath)</p> | |
| 286 | + if( g.perm.Debug ){ | |
| 287 | + @ <p>Reason for failure: %h(zFailReason)</p> | |
| 288 | + } | |
| 285 | 289 | } |
| 286 | 290 | return; |
| 287 | 291 | } |
| 288 | 292 |
| --- src/extcgi.c | |
| +++ src/extcgi.c | |
| @@ -114,10 +114,11 @@ | |
| 114 | int rc; /* Reply code from subroutine call */ |
| 115 | int nContent = -1; /* Content length */ |
| 116 | Blob reply; /* The reply */ |
| 117 | char zLine[1000]; /* One line of the CGI reply */ |
| 118 | |
| 119 | blob_init(&reply, 0, 0); |
| 120 | if( g.zExtRoot==0 ){ |
| 121 | zFailReason = "extroot is not set"; |
| 122 | goto ext_not_found; |
| 123 | } |
| @@ -195,11 +196,10 @@ | |
| 195 | cgi_replace_parameter("SCRIPT_FILENAME", zScript); |
| 196 | cgi_replace_parameter("SCRIPT_NAME", |
| 197 | mprintf("%T/ext/%T",g.zTop,zScript+nRoot+1)); |
| 198 | cgi_replace_parameter("SCRIPT_DIRECTORY", file_dirname(zScript)); |
| 199 | cgi_replace_parameter("PATH_INFO", zName + strlen(zScript+nRoot+1)); |
| 200 | login_check_credentials(); |
| 201 | if( g.zLogin ){ |
| 202 | cgi_replace_parameter("REMOTE_USER", g.zLogin); |
| 203 | cgi_set_parameter_nocopy("FOSSIL_USER", g.zLogin, 0); |
| 204 | } |
| 205 | cgi_set_parameter_nocopy("FOSSIL_REPOSITORY", g.zRepositoryName, 0); |
| @@ -279,9 +279,13 @@ | |
| 279 | if( toChild ) fclose(toChild); |
| 280 | if( zFailReason==0 ){ |
| 281 | document_render(&reply, zMime, zName, zName); |
| 282 | }else{ |
| 283 | cgi_set_status(404, "Not Found"); |
| 284 | @ %h(zFailReason) |
| 285 | } |
| 286 | return; |
| 287 | } |
| 288 |
| --- src/extcgi.c | |
| +++ src/extcgi.c | |
| @@ -114,10 +114,11 @@ | |
| 114 | int rc; /* Reply code from subroutine call */ |
| 115 | int nContent = -1; /* Content length */ |
| 116 | Blob reply; /* The reply */ |
| 117 | char zLine[1000]; /* One line of the CGI reply */ |
| 118 | |
| 119 | login_check_credentials(); |
| 120 | blob_init(&reply, 0, 0); |
| 121 | if( g.zExtRoot==0 ){ |
| 122 | zFailReason = "extroot is not set"; |
| 123 | goto ext_not_found; |
| 124 | } |
| @@ -195,11 +196,10 @@ | |
| 196 | cgi_replace_parameter("SCRIPT_FILENAME", zScript); |
| 197 | cgi_replace_parameter("SCRIPT_NAME", |
| 198 | mprintf("%T/ext/%T",g.zTop,zScript+nRoot+1)); |
| 199 | cgi_replace_parameter("SCRIPT_DIRECTORY", file_dirname(zScript)); |
| 200 | cgi_replace_parameter("PATH_INFO", zName + strlen(zScript+nRoot+1)); |
| 201 | if( g.zLogin ){ |
| 202 | cgi_replace_parameter("REMOTE_USER", g.zLogin); |
| 203 | cgi_set_parameter_nocopy("FOSSIL_USER", g.zLogin, 0); |
| 204 | } |
| 205 | cgi_set_parameter_nocopy("FOSSIL_REPOSITORY", g.zRepositoryName, 0); |
| @@ -279,9 +279,13 @@ | |
| 279 | if( toChild ) fclose(toChild); |
| 280 | if( zFailReason==0 ){ |
| 281 | document_render(&reply, zMime, zName, zName); |
| 282 | }else{ |
| 283 | cgi_set_status(404, "Not Found"); |
| 284 | @ <h1>Not Found</h1> |
| 285 | @ <p>Page not found: %h(g.zPath)</p> |
| 286 | if( g.perm.Debug ){ |
| 287 | @ <p>Reason for failure: %h(zFailReason)</p> |
| 288 | } |
| 289 | } |
| 290 | return; |
| 291 | } |
| 292 |