Fossil SCM
Do not check for x-site scripting attacks on unshun.
Commit
0b51238612ba69797fbb94c3d0d17929d7206599
Parent
a60b008f1a01a38…
1 file changed
-2
-2
| --- src/shun.c | ||
| +++ src/shun.c | ||
| @@ -66,11 +66,10 @@ | ||
| 66 | 66 | zUuid = zCanonical; |
| 67 | 67 | } |
| 68 | 68 | } |
| 69 | 69 | style_header("Shunned Artifacts"); |
| 70 | 70 | if( zUuid && P("sub") ){ |
| 71 | - login_verify_csrf_secret(); | |
| 72 | 71 | db_multi_exec("DELETE FROM shun WHERE uuid='%s'", zUuid); |
| 73 | 72 | if( db_exists("SELECT 1 FROM blob WHERE uuid='%s'", zUuid) ){ |
| 74 | 73 | @ <p class="noMoreShun">Artifact |
| 75 | 74 | @ <a href="%s(g.zTop)/artifact/%s(zUuid)">%s(zUuid)</a> is no |
| 76 | 75 | @ longer being shunned.</p> |
| @@ -141,11 +140,10 @@ | ||
| 141 | 140 | @ the formerly shunned artifact will be accepted on subsequent sync |
| 142 | 141 | @ operations.</p> |
| 143 | 142 | @ |
| 144 | 143 | @ <blockquote> |
| 145 | 144 | @ <form method="post" action="%s(g.zTop)/%s(g.zPath)"><div> |
| 146 | - login_insert_csrf_secret(); | |
| 147 | 145 | @ <input type="text" name="uuid" size="50" /> |
| 148 | 146 | @ <input type="submit" name="sub" value="Accept" /> |
| 149 | 147 | @ </div></form> |
| 150 | 148 | @ </blockquote> |
| 151 | 149 | @ |
| 152 | 150 |
| --- src/shun.c | |
| +++ src/shun.c | |
| @@ -66,11 +66,10 @@ | |
| 66 | zUuid = zCanonical; |
| 67 | } |
| 68 | } |
| 69 | style_header("Shunned Artifacts"); |
| 70 | if( zUuid && P("sub") ){ |
| 71 | login_verify_csrf_secret(); |
| 72 | db_multi_exec("DELETE FROM shun WHERE uuid='%s'", zUuid); |
| 73 | if( db_exists("SELECT 1 FROM blob WHERE uuid='%s'", zUuid) ){ |
| 74 | @ <p class="noMoreShun">Artifact |
| 75 | @ <a href="%s(g.zTop)/artifact/%s(zUuid)">%s(zUuid)</a> is no |
| 76 | @ longer being shunned.</p> |
| @@ -141,11 +140,10 @@ | |
| 141 | @ the formerly shunned artifact will be accepted on subsequent sync |
| 142 | @ operations.</p> |
| 143 | @ |
| 144 | @ <blockquote> |
| 145 | @ <form method="post" action="%s(g.zTop)/%s(g.zPath)"><div> |
| 146 | login_insert_csrf_secret(); |
| 147 | @ <input type="text" name="uuid" size="50" /> |
| 148 | @ <input type="submit" name="sub" value="Accept" /> |
| 149 | @ </div></form> |
| 150 | @ </blockquote> |
| 151 | @ |
| 152 |
| --- src/shun.c | |
| +++ src/shun.c | |
| @@ -66,11 +66,10 @@ | |
| 66 | zUuid = zCanonical; |
| 67 | } |
| 68 | } |
| 69 | style_header("Shunned Artifacts"); |
| 70 | if( zUuid && P("sub") ){ |
| 71 | db_multi_exec("DELETE FROM shun WHERE uuid='%s'", zUuid); |
| 72 | if( db_exists("SELECT 1 FROM blob WHERE uuid='%s'", zUuid) ){ |
| 73 | @ <p class="noMoreShun">Artifact |
| 74 | @ <a href="%s(g.zTop)/artifact/%s(zUuid)">%s(zUuid)</a> is no |
| 75 | @ longer being shunned.</p> |
| @@ -141,11 +140,10 @@ | |
| 140 | @ the formerly shunned artifact will be accepted on subsequent sync |
| 141 | @ operations.</p> |
| 142 | @ |
| 143 | @ <blockquote> |
| 144 | @ <form method="post" action="%s(g.zTop)/%s(g.zPath)"><div> |
| 145 | @ <input type="text" name="uuid" size="50" /> |
| 146 | @ <input type="submit" name="sub" value="Accept" /> |
| 147 | @ </div></form> |
| 148 | @ </blockquote> |
| 149 | @ |
| 150 |