Fossil SCM
Don't show the cookie values on the test_env page, unless the fossil executable was built with FOSSIL_DEBUG.
Commit
35ecc92b69f7d0a73237e10dde8697ee3aad9afb
Parent
fc15fe04180beab…
1 file changed
+11
-2
+11
-2
| --- src/cgi.c | ||
| +++ src/cgi.c | ||
| @@ -887,17 +887,26 @@ | ||
| 887 | 887 | } |
| 888 | 888 | |
| 889 | 889 | /* |
| 890 | 890 | ** Print all query parameters on standard output. Format the |
| 891 | 891 | ** parameters as HTML. This is used for testing and debugging. |
| 892 | +** Release builds omit the values of the cookies to avoid defeating | |
| 893 | +** the purpose of setting HttpOnly cookies. | |
| 892 | 894 | */ |
| 893 | 895 | void cgi_print_all(void){ |
| 894 | 896 | int i; |
| 897 | + int showAll = 0; | |
| 898 | +#ifdef FOSSIL_DEBUG | |
| 899 | + /* Show the values of cookies in debug mode. */ | |
| 900 | + showAll = 1; | |
| 901 | +#endif | |
| 895 | 902 | cgi_parameter("",""); /* Force the parameters into sorted order */ |
| 896 | 903 | for(i=0; i<nUsedQP; i++){ |
| 897 | - cgi_printf("%s = %s <br />\n", | |
| 898 | - htmlize(aParamQP[i].zName, -1), htmlize(aParamQP[i].zValue, -1)); | |
| 904 | + if( showAll || (fossil_stricmp("HTTP_COOKIE",aParamQP[i].zName)!=0 && fossil_strnicmp("fossil-",aParamQP[i].zName,7)!=0) ){ | |
| 905 | + cgi_printf("%s = %s <br />\n", | |
| 906 | + htmlize(aParamQP[i].zName, -1), htmlize(aParamQP[i].zValue, -1)); | |
| 907 | + } | |
| 899 | 908 | } |
| 900 | 909 | } |
| 901 | 910 | |
| 902 | 911 | /* |
| 903 | 912 | ** This routine works like "printf" except that it has the |
| 904 | 913 |
| --- src/cgi.c | |
| +++ src/cgi.c | |
| @@ -887,17 +887,26 @@ | |
| 887 | } |
| 888 | |
| 889 | /* |
| 890 | ** Print all query parameters on standard output. Format the |
| 891 | ** parameters as HTML. This is used for testing and debugging. |
| 892 | */ |
| 893 | void cgi_print_all(void){ |
| 894 | int i; |
| 895 | cgi_parameter("",""); /* Force the parameters into sorted order */ |
| 896 | for(i=0; i<nUsedQP; i++){ |
| 897 | cgi_printf("%s = %s <br />\n", |
| 898 | htmlize(aParamQP[i].zName, -1), htmlize(aParamQP[i].zValue, -1)); |
| 899 | } |
| 900 | } |
| 901 | |
| 902 | /* |
| 903 | ** This routine works like "printf" except that it has the |
| 904 |
| --- src/cgi.c | |
| +++ src/cgi.c | |
| @@ -887,17 +887,26 @@ | |
| 887 | } |
| 888 | |
| 889 | /* |
| 890 | ** Print all query parameters on standard output. Format the |
| 891 | ** parameters as HTML. This is used for testing and debugging. |
| 892 | ** Release builds omit the values of the cookies to avoid defeating |
| 893 | ** the purpose of setting HttpOnly cookies. |
| 894 | */ |
| 895 | void cgi_print_all(void){ |
| 896 | int i; |
| 897 | int showAll = 0; |
| 898 | #ifdef FOSSIL_DEBUG |
| 899 | /* Show the values of cookies in debug mode. */ |
| 900 | showAll = 1; |
| 901 | #endif |
| 902 | cgi_parameter("",""); /* Force the parameters into sorted order */ |
| 903 | for(i=0; i<nUsedQP; i++){ |
| 904 | if( showAll || (fossil_stricmp("HTTP_COOKIE",aParamQP[i].zName)!=0 && fossil_strnicmp("fossil-",aParamQP[i].zName,7)!=0) ){ |
| 905 | cgi_printf("%s = %s <br />\n", |
| 906 | htmlize(aParamQP[i].zName, -1), htmlize(aParamQP[i].zValue, -1)); |
| 907 | } |
| 908 | } |
| 909 | } |
| 910 | |
| 911 | /* |
| 912 | ** This routine works like "printf" except that it has the |
| 913 |