Fossil SCM
Minor corrections to comments for login_verify_csrf_secret().
Commit
3c47e0c66a60c2cab6667e748540f0a2a2a1c32e
Parent
eb0cf27ab7c92bd…
1 file changed
+3
-2
+3
-2
| --- src/login.c | ||
| +++ src/login.c | ||
| @@ -1289,12 +1289,13 @@ | ||
| 1289 | 1289 | } |
| 1290 | 1290 | |
| 1291 | 1291 | /* |
| 1292 | 1292 | ** Before using the results of a form, first call this routine to verify |
| 1293 | 1293 | ** that this Anti-CSRF token is present and is valid. If the Anti-CSRF token |
| 1294 | -** is missing or is incorrect, that indicates a cross-site scripting attach | |
| 1295 | -** so emits an error message and abort. | |
| 1294 | +** is missing or is incorrect, that indicates a cross-site scripting attack. | |
| 1295 | +** If the event of an attack is detected, an error message is generated and | |
| 1296 | +** all further processing is aborted. | |
| 1296 | 1297 | */ |
| 1297 | 1298 | void login_verify_csrf_secret(void){ |
| 1298 | 1299 | if( g.okCsrf ) return; |
| 1299 | 1300 | if( fossil_strcmp(P("csrf"), g.zCsrfToken)==0 ){ |
| 1300 | 1301 | g.okCsrf = 1; |
| 1301 | 1302 |
| --- src/login.c | |
| +++ src/login.c | |
| @@ -1289,12 +1289,13 @@ | |
| 1289 | } |
| 1290 | |
| 1291 | /* |
| 1292 | ** Before using the results of a form, first call this routine to verify |
| 1293 | ** that this Anti-CSRF token is present and is valid. If the Anti-CSRF token |
| 1294 | ** is missing or is incorrect, that indicates a cross-site scripting attach |
| 1295 | ** so emits an error message and abort. |
| 1296 | */ |
| 1297 | void login_verify_csrf_secret(void){ |
| 1298 | if( g.okCsrf ) return; |
| 1299 | if( fossil_strcmp(P("csrf"), g.zCsrfToken)==0 ){ |
| 1300 | g.okCsrf = 1; |
| 1301 |
| --- src/login.c | |
| +++ src/login.c | |
| @@ -1289,12 +1289,13 @@ | |
| 1289 | } |
| 1290 | |
| 1291 | /* |
| 1292 | ** Before using the results of a form, first call this routine to verify |
| 1293 | ** that this Anti-CSRF token is present and is valid. If the Anti-CSRF token |
| 1294 | ** is missing or is incorrect, that indicates a cross-site scripting attack. |
| 1295 | ** If the event of an attack is detected, an error message is generated and |
| 1296 | ** all further processing is aborted. |
| 1297 | */ |
| 1298 | void login_verify_csrf_secret(void){ |
| 1299 | if( g.okCsrf ) return; |
| 1300 | if( fossil_strcmp(P("csrf"), g.zCsrfToken)==0 ){ |
| 1301 | g.okCsrf = 1; |
| 1302 |