Fossil SCM

Fix the /chat-send page so that it works even with the recent same-origin security enhancements.

drh 2023-01-06 12:59 trunk

Commit 4ba37b1c1437376741a45c47594ce7510a42555bc9c5bcbbc8677a97065fe5af

Parent be6d71dd6471f98…

1 file changed +2

M src/chat.c

		--- src/chat.c
		+++ src/chat.c
		@@ -393,10 +393,11 @@
393	393	chat_create_tables();
394	394	zUserName = (g.zLogin && g.zLogin[0]) ? g.zLogin : "nobody";
395	395	nByte = atoi(PD("file:bytes","0"));
396	396	zMsg = PD("msg","");
397	397	db_begin_write();
	398	+ db_unprotect(PROTECT_READONLY);
398	399	chat_purge();
399	400	if( nByte==0 ){
400	401	if( zMsg[0] ){
401	402	db_multi_exec(
402	403	"INSERT INTO chat(mtime,lmtime,xfrom,xmsg)"
		@@ -416,10 +417,11 @@
416	417	db_bind_blob(&q, ":file", &b);
417	418	db_step(&q);
418	419	db_finalize(&q);
419	420	blob_reset(&b);
420	421	}
	422	+ db_protect_pop();
421	423	db_commit_transaction();
422	424	}
423	425
424	426	/*
425	427	** This routine receives raw (user-entered) message text and
426	428

	--- src/chat.c
	+++ src/chat.c
	@@ -393,10 +393,11 @@
393	chat_create_tables();
394	zUserName = (g.zLogin && g.zLogin[0]) ? g.zLogin : "nobody";
395	nByte = atoi(PD("file:bytes","0"));
396	zMsg = PD("msg","");
397	db_begin_write();

398	chat_purge();
399	if( nByte==0 ){
400	if( zMsg[0] ){
401	db_multi_exec(
402	"INSERT INTO chat(mtime,lmtime,xfrom,xmsg)"
	@@ -416,10 +417,11 @@
416	db_bind_blob(&q, ":file", &b);
417	db_step(&q);
418	db_finalize(&q);
419	blob_reset(&b);
420	}

421	db_commit_transaction();
422	}
423
424	/*
425	** This routine receives raw (user-entered) message text and
426

	--- src/chat.c
	+++ src/chat.c
	@@ -393,10 +393,11 @@
393	chat_create_tables();
394	zUserName = (g.zLogin && g.zLogin[0]) ? g.zLogin : "nobody";
395	nByte = atoi(PD("file:bytes","0"));
396	zMsg = PD("msg","");
397	db_begin_write();
398	db_unprotect(PROTECT_READONLY);
399	chat_purge();
400	if( nByte==0 ){
401	if( zMsg[0] ){
402	db_multi_exec(
403	"INSERT INTO chat(mtime,lmtime,xfrom,xmsg)"
	@@ -416,10 +417,11 @@
417	db_bind_blob(&q, ":file", &b);
418	db_step(&q);
419	db_finalize(&q);
420	blob_reset(&b);
421	}
422	db_protect_pop();
423	db_commit_transaction();
424	}
425
426	/*
427	** This routine receives raw (user-entered) message text and
428