Fossil SCM
Include the login name as part of the ETag hash for ETAG_QUERY. That way, the hash will change if the user logs in or logs out, and the page will be recomputed.
Commit
18aec6b9a8197c726b2fc271d4db6d27288232772535d2d1a288afa3e9d607ac
Parent
22fc5a792ce12a2…
1 file changed
+8
+8
| --- src/etag.c | ||
| +++ src/etag.c | ||
| @@ -24,10 +24,12 @@ | ||
| 24 | 24 | ** (1) The mtime on the Fossil executable |
| 25 | 25 | ** (2) The last change to the CONFIG table |
| 26 | 26 | ** (3) The last change to the EVENT table |
| 27 | 27 | ** (4) The value of the display cookie |
| 28 | 28 | ** (5) A hash value supplied by the page generator |
| 29 | +** (6) The details of the request URI | |
| 30 | +** (7) The name user as determined by the login cookie | |
| 29 | 31 | ** |
| 30 | 32 | ** Item (1) is always included in the ETag. The other elements are |
| 31 | 33 | ** optional. Because (1) is always included as part of the ETag, all |
| 32 | 34 | ** outstanding ETags can be invalidated by touching the fossil executable. |
| 33 | 35 | ** |
| @@ -61,10 +63,11 @@ | ||
| 61 | 63 | #define ETAG_CONFIG 0x01 /* Output depends on the CONFIG table */ |
| 62 | 64 | #define ETAG_DATA 0x02 /* Output depends on the EVENT table */ |
| 63 | 65 | #define ETAG_COOKIE 0x04 /* Output depends on a display cookie value */ |
| 64 | 66 | #define ETAG_HASH 0x08 /* Output depends on a hash */ |
| 65 | 67 | #define ETAG_QUERY 0x10 /* Output depends on PATH_INFO and QUERY_STRING */ |
| 68 | + /* and the g.zLogin value */ | |
| 66 | 69 | #endif |
| 67 | 70 | |
| 68 | 71 | static char zETag[33]; /* The generated ETag */ |
| 69 | 72 | static int iMaxAge = 0; /* The max-age parameter in the reply */ |
| 70 | 73 | static sqlite3_int64 iEtagMtime = 0; /* Last-Modified time */ |
| @@ -139,10 +142,15 @@ | ||
| 139 | 142 | if( zQS ){ |
| 140 | 143 | md5sum_step_text("?", 1); |
| 141 | 144 | md5sum_step_text(zQS, -1); |
| 142 | 145 | } |
| 143 | 146 | md5sum_step_text("\n",1); |
| 147 | + if( g.zLogin ){ | |
| 148 | + md5sum_step_text("login: ", -1); | |
| 149 | + md5sum_step_text(g.zLogin, -1); | |
| 150 | + md5sum_step_text("\n", 1); | |
| 151 | + } | |
| 144 | 152 | } |
| 145 | 153 | |
| 146 | 154 | /* Generate the ETag */ |
| 147 | 155 | memcpy(zETag, md5sum_finish(0), 33); |
| 148 | 156 | |
| 149 | 157 |
| --- src/etag.c | |
| +++ src/etag.c | |
| @@ -24,10 +24,12 @@ | |
| 24 | ** (1) The mtime on the Fossil executable |
| 25 | ** (2) The last change to the CONFIG table |
| 26 | ** (3) The last change to the EVENT table |
| 27 | ** (4) The value of the display cookie |
| 28 | ** (5) A hash value supplied by the page generator |
| 29 | ** |
| 30 | ** Item (1) is always included in the ETag. The other elements are |
| 31 | ** optional. Because (1) is always included as part of the ETag, all |
| 32 | ** outstanding ETags can be invalidated by touching the fossil executable. |
| 33 | ** |
| @@ -61,10 +63,11 @@ | |
| 61 | #define ETAG_CONFIG 0x01 /* Output depends on the CONFIG table */ |
| 62 | #define ETAG_DATA 0x02 /* Output depends on the EVENT table */ |
| 63 | #define ETAG_COOKIE 0x04 /* Output depends on a display cookie value */ |
| 64 | #define ETAG_HASH 0x08 /* Output depends on a hash */ |
| 65 | #define ETAG_QUERY 0x10 /* Output depends on PATH_INFO and QUERY_STRING */ |
| 66 | #endif |
| 67 | |
| 68 | static char zETag[33]; /* The generated ETag */ |
| 69 | static int iMaxAge = 0; /* The max-age parameter in the reply */ |
| 70 | static sqlite3_int64 iEtagMtime = 0; /* Last-Modified time */ |
| @@ -139,10 +142,15 @@ | |
| 139 | if( zQS ){ |
| 140 | md5sum_step_text("?", 1); |
| 141 | md5sum_step_text(zQS, -1); |
| 142 | } |
| 143 | md5sum_step_text("\n",1); |
| 144 | } |
| 145 | |
| 146 | /* Generate the ETag */ |
| 147 | memcpy(zETag, md5sum_finish(0), 33); |
| 148 | |
| 149 |
| --- src/etag.c | |
| +++ src/etag.c | |
| @@ -24,10 +24,12 @@ | |
| 24 | ** (1) The mtime on the Fossil executable |
| 25 | ** (2) The last change to the CONFIG table |
| 26 | ** (3) The last change to the EVENT table |
| 27 | ** (4) The value of the display cookie |
| 28 | ** (5) A hash value supplied by the page generator |
| 29 | ** (6) The details of the request URI |
| 30 | ** (7) The name user as determined by the login cookie |
| 31 | ** |
| 32 | ** Item (1) is always included in the ETag. The other elements are |
| 33 | ** optional. Because (1) is always included as part of the ETag, all |
| 34 | ** outstanding ETags can be invalidated by touching the fossil executable. |
| 35 | ** |
| @@ -61,10 +63,11 @@ | |
| 63 | #define ETAG_CONFIG 0x01 /* Output depends on the CONFIG table */ |
| 64 | #define ETAG_DATA 0x02 /* Output depends on the EVENT table */ |
| 65 | #define ETAG_COOKIE 0x04 /* Output depends on a display cookie value */ |
| 66 | #define ETAG_HASH 0x08 /* Output depends on a hash */ |
| 67 | #define ETAG_QUERY 0x10 /* Output depends on PATH_INFO and QUERY_STRING */ |
| 68 | /* and the g.zLogin value */ |
| 69 | #endif |
| 70 | |
| 71 | static char zETag[33]; /* The generated ETag */ |
| 72 | static int iMaxAge = 0; /* The max-age parameter in the reply */ |
| 73 | static sqlite3_int64 iEtagMtime = 0; /* Last-Modified time */ |
| @@ -139,10 +142,15 @@ | |
| 142 | if( zQS ){ |
| 143 | md5sum_step_text("?", 1); |
| 144 | md5sum_step_text(zQS, -1); |
| 145 | } |
| 146 | md5sum_step_text("\n",1); |
| 147 | if( g.zLogin ){ |
| 148 | md5sum_step_text("login: ", -1); |
| 149 | md5sum_step_text(g.zLogin, -1); |
| 150 | md5sum_step_text("\n", 1); |
| 151 | } |
| 152 | } |
| 153 | |
| 154 | /* Generate the ETag */ |
| 155 | memcpy(zETag, md5sum_finish(0), 33); |
| 156 | |
| 157 |