Fossil SCM
Provide an option to enable the /test_env URL for all users. Optionally display cookie values in the /test_env URL.
Commit
4d32db8ef8110b56f0203dc44f1e2d359f672808
Parent
862d7dbf59f55e2…
3 files changed
+8
-11
+10
-1
+14
-2
+8
-11
| --- src/cgi.c | ||
| +++ src/cgi.c | ||
| @@ -888,26 +888,23 @@ | ||
| 888 | 888 | } |
| 889 | 889 | |
| 890 | 890 | /* |
| 891 | 891 | ** Print all query parameters on standard output. Format the |
| 892 | 892 | ** parameters as HTML. This is used for testing and debugging. |
| 893 | -** Release builds omit the values of the cookies to avoid defeating | |
| 894 | -** the purpose of setting HttpOnly cookies. | |
| 893 | +** | |
| 894 | +** Omit the values of the cookies unless showAll is true. | |
| 895 | 895 | */ |
| 896 | -void cgi_print_all(void){ | |
| 896 | +void cgi_print_all(int showAll){ | |
| 897 | 897 | int i; |
| 898 | - int showAll = 0; | |
| 899 | -#ifdef FOSSIL_DEBUG | |
| 900 | - /* Show the values of cookies in debug mode. */ | |
| 901 | - showAll = 1; | |
| 902 | -#endif | |
| 903 | 898 | cgi_parameter("",""); /* Force the parameters into sorted order */ |
| 904 | 899 | for(i=0; i<nUsedQP; i++){ |
| 905 | - if( showAll || (fossil_stricmp("HTTP_COOKIE",aParamQP[i].zName)!=0 && fossil_strnicmp("fossil-",aParamQP[i].zName,7)!=0) ){ | |
| 906 | - cgi_printf("%s = %s <br />\n", | |
| 907 | - htmlize(aParamQP[i].zName, -1), htmlize(aParamQP[i].zValue, -1)); | |
| 900 | + const char *zName = aParamQP[i].zName; | |
| 901 | + if( !showAll ){ | |
| 902 | + if( fossil_stricmp("HTTP_COOKIE",zName)==0 ) continue; | |
| 903 | + if( fossil_strnicmp("fossil-",zName,7)==0 ) continue; | |
| 908 | 904 | } |
| 905 | + cgi_printf("%h = %h <br />\n", zName, aParamQP[i].zValue); | |
| 909 | 906 | } |
| 910 | 907 | } |
| 911 | 908 | |
| 912 | 909 | /* |
| 913 | 910 | ** This routine works like "printf" except that it has the |
| 914 | 911 |
| --- src/cgi.c | |
| +++ src/cgi.c | |
| @@ -888,26 +888,23 @@ | |
| 888 | } |
| 889 | |
| 890 | /* |
| 891 | ** Print all query parameters on standard output. Format the |
| 892 | ** parameters as HTML. This is used for testing and debugging. |
| 893 | ** Release builds omit the values of the cookies to avoid defeating |
| 894 | ** the purpose of setting HttpOnly cookies. |
| 895 | */ |
| 896 | void cgi_print_all(void){ |
| 897 | int i; |
| 898 | int showAll = 0; |
| 899 | #ifdef FOSSIL_DEBUG |
| 900 | /* Show the values of cookies in debug mode. */ |
| 901 | showAll = 1; |
| 902 | #endif |
| 903 | cgi_parameter("",""); /* Force the parameters into sorted order */ |
| 904 | for(i=0; i<nUsedQP; i++){ |
| 905 | if( showAll || (fossil_stricmp("HTTP_COOKIE",aParamQP[i].zName)!=0 && fossil_strnicmp("fossil-",aParamQP[i].zName,7)!=0) ){ |
| 906 | cgi_printf("%s = %s <br />\n", |
| 907 | htmlize(aParamQP[i].zName, -1), htmlize(aParamQP[i].zValue, -1)); |
| 908 | } |
| 909 | } |
| 910 | } |
| 911 | |
| 912 | /* |
| 913 | ** This routine works like "printf" except that it has the |
| 914 |
| --- src/cgi.c | |
| +++ src/cgi.c | |
| @@ -888,26 +888,23 @@ | |
| 888 | } |
| 889 | |
| 890 | /* |
| 891 | ** Print all query parameters on standard output. Format the |
| 892 | ** parameters as HTML. This is used for testing and debugging. |
| 893 | ** |
| 894 | ** Omit the values of the cookies unless showAll is true. |
| 895 | */ |
| 896 | void cgi_print_all(int showAll){ |
| 897 | int i; |
| 898 | cgi_parameter("",""); /* Force the parameters into sorted order */ |
| 899 | for(i=0; i<nUsedQP; i++){ |
| 900 | const char *zName = aParamQP[i].zName; |
| 901 | if( !showAll ){ |
| 902 | if( fossil_stricmp("HTTP_COOKIE",zName)==0 ) continue; |
| 903 | if( fossil_strnicmp("fossil-",zName,7)==0 ) continue; |
| 904 | } |
| 905 | cgi_printf("%h = %h <br />\n", zName, aParamQP[i].zValue); |
| 906 | } |
| 907 | } |
| 908 | |
| 909 | /* |
| 910 | ** This routine works like "printf" except that it has the |
| 911 |
+10
-1
| --- src/setup.c | ||
| +++ src/setup.c | ||
| @@ -848,18 +848,27 @@ | ||
| 848 | 848 | @ <a href="%s(g.zTop)/help/server">fossil http</a> commands |
| 849 | 849 | @ without the "--localauth" option. |
| 850 | 850 | @ <li> The server is started from CGI without the "localauth" keyword |
| 851 | 851 | @ in the CGI script. |
| 852 | 852 | @ </ol> |
| 853 | + @ | |
| 854 | + @ <hr /> | |
| 855 | + onoff_attribute("Enable /test_env", | |
| 856 | + "test_env_enable", "test_env_enable", 0); | |
| 857 | + @ <p>When enabled, the %h(g.zBaseURL)/test_env URL is available to all | |
| 858 | + @ users. When disabled (the default) only users Admin and Setup can visit | |
| 859 | + @ the /test_env page. | |
| 860 | + @ </p> | |
| 861 | + @ | |
| 853 | 862 | @ <hr /> |
| 854 | 863 | onoff_attribute("Allow REMOTE_USER authentication", |
| 855 | 864 | "remote_user_ok", "remote_user_ok", 0); |
| 856 | 865 | @ <p>When enabled, if the REMOTE_USER environment variable is set to the |
| 857 | 866 | @ login name of a valid user and no other login credentials are available, |
| 858 | 867 | @ then the REMOTE_USER is accepted as an authenticated user. |
| 859 | 868 | @ </p> |
| 860 | - | |
| 869 | + @ | |
| 861 | 870 | @ <hr /> |
| 862 | 871 | entry_attribute("Login expiration time", 6, "cookie-expire", "cex", "8766"); |
| 863 | 872 | @ <p>The number of hours for which a login is valid. This must be a |
| 864 | 873 | @ positive number. The default is 8760 hours which is approximately equal |
| 865 | 874 | @ to a year.</p> |
| 866 | 875 |
| --- src/setup.c | |
| +++ src/setup.c | |
| @@ -848,18 +848,27 @@ | |
| 848 | @ <a href="%s(g.zTop)/help/server">fossil http</a> commands |
| 849 | @ without the "--localauth" option. |
| 850 | @ <li> The server is started from CGI without the "localauth" keyword |
| 851 | @ in the CGI script. |
| 852 | @ </ol> |
| 853 | @ <hr /> |
| 854 | onoff_attribute("Allow REMOTE_USER authentication", |
| 855 | "remote_user_ok", "remote_user_ok", 0); |
| 856 | @ <p>When enabled, if the REMOTE_USER environment variable is set to the |
| 857 | @ login name of a valid user and no other login credentials are available, |
| 858 | @ then the REMOTE_USER is accepted as an authenticated user. |
| 859 | @ </p> |
| 860 | |
| 861 | @ <hr /> |
| 862 | entry_attribute("Login expiration time", 6, "cookie-expire", "cex", "8766"); |
| 863 | @ <p>The number of hours for which a login is valid. This must be a |
| 864 | @ positive number. The default is 8760 hours which is approximately equal |
| 865 | @ to a year.</p> |
| 866 |
| --- src/setup.c | |
| +++ src/setup.c | |
| @@ -848,18 +848,27 @@ | |
| 848 | @ <a href="%s(g.zTop)/help/server">fossil http</a> commands |
| 849 | @ without the "--localauth" option. |
| 850 | @ <li> The server is started from CGI without the "localauth" keyword |
| 851 | @ in the CGI script. |
| 852 | @ </ol> |
| 853 | @ |
| 854 | @ <hr /> |
| 855 | onoff_attribute("Enable /test_env", |
| 856 | "test_env_enable", "test_env_enable", 0); |
| 857 | @ <p>When enabled, the %h(g.zBaseURL)/test_env URL is available to all |
| 858 | @ users. When disabled (the default) only users Admin and Setup can visit |
| 859 | @ the /test_env page. |
| 860 | @ </p> |
| 861 | @ |
| 862 | @ <hr /> |
| 863 | onoff_attribute("Allow REMOTE_USER authentication", |
| 864 | "remote_user_ok", "remote_user_ok", 0); |
| 865 | @ <p>When enabled, if the REMOTE_USER environment variable is set to the |
| 866 | @ login name of a valid user and no other login credentials are available, |
| 867 | @ then the REMOTE_USER is accepted as an authenticated user. |
| 868 | @ </p> |
| 869 | @ |
| 870 | @ <hr /> |
| 871 | entry_attribute("Login expiration time", 6, "cookie-expire", "cex", "8766"); |
| 872 | @ <p>The number of hours for which a login is valid. This must be a |
| 873 | @ positive number. The default is 8760 hours which is approximately equal |
| 874 | @ to a year.</p> |
| 875 |
+14
-2
| --- src/style.c | ||
| +++ src/style.c | ||
| @@ -803,14 +803,26 @@ | ||
| 803 | 803 | ** WEBPAGE: test_env |
| 804 | 804 | */ |
| 805 | 805 | void page_test_env(void){ |
| 806 | 806 | char c; |
| 807 | 807 | int i; |
| 808 | + int showAll; | |
| 808 | 809 | char zCap[30]; |
| 809 | 810 | login_check_credentials(); |
| 810 | - if( !g.perm.Admin && !g.perm.Setup ){ login_needed(); return; } | |
| 811 | + if( !g.perm.Admin && !g.perm.Setup && !db_get_boolean("test_env_enable",0) ){ | |
| 812 | + login_needed(); | |
| 813 | + return; | |
| 814 | + } | |
| 811 | 815 | style_header("Environment Test"); |
| 816 | + showAll = atoi(PD("showall","0")); | |
| 817 | + if( !showAll ){ | |
| 818 | + style_submenu_element("Show Cookies", "Show Cookies", | |
| 819 | + "%s/test_env?showall=1", g.zTop); | |
| 820 | + }else{ | |
| 821 | + style_submenu_element("Hide Cookies", "Hide Cookies", | |
| 822 | + "%s/test_env", g.zTop); | |
| 823 | + } | |
| 812 | 824 | #if !defined(_WIN32) |
| 813 | 825 | @ uid=%d(getuid()), gid=%d(getgid())<br /> |
| 814 | 826 | #endif |
| 815 | 827 | @ g.zBaseURL = %h(g.zBaseURL)<br /> |
| 816 | 828 | @ g.zTop = %h(g.zTop)<br /> |
| @@ -820,12 +832,12 @@ | ||
| 820 | 832 | zCap[i] = 0; |
| 821 | 833 | @ g.userUid = %d(g.userUid)<br /> |
| 822 | 834 | @ g.zLogin = %h(g.zLogin)<br /> |
| 823 | 835 | @ capabilities = %s(zCap)<br /> |
| 824 | 836 | @ <hr> |
| 825 | - cgi_print_all(); | |
| 837 | + cgi_print_all(atoi(PD("showall","0"))); | |
| 826 | 838 | if( g.perm.Setup ){ |
| 827 | 839 | const char *zRedir = P("redirect"); |
| 828 | 840 | if( zRedir ) cgi_redirect(zRedir); |
| 829 | 841 | } |
| 830 | 842 | style_footer(); |
| 831 | 843 | } |
| 832 | 844 |
| --- src/style.c | |
| +++ src/style.c | |
| @@ -803,14 +803,26 @@ | |
| 803 | ** WEBPAGE: test_env |
| 804 | */ |
| 805 | void page_test_env(void){ |
| 806 | char c; |
| 807 | int i; |
| 808 | char zCap[30]; |
| 809 | login_check_credentials(); |
| 810 | if( !g.perm.Admin && !g.perm.Setup ){ login_needed(); return; } |
| 811 | style_header("Environment Test"); |
| 812 | #if !defined(_WIN32) |
| 813 | @ uid=%d(getuid()), gid=%d(getgid())<br /> |
| 814 | #endif |
| 815 | @ g.zBaseURL = %h(g.zBaseURL)<br /> |
| 816 | @ g.zTop = %h(g.zTop)<br /> |
| @@ -820,12 +832,12 @@ | |
| 820 | zCap[i] = 0; |
| 821 | @ g.userUid = %d(g.userUid)<br /> |
| 822 | @ g.zLogin = %h(g.zLogin)<br /> |
| 823 | @ capabilities = %s(zCap)<br /> |
| 824 | @ <hr> |
| 825 | cgi_print_all(); |
| 826 | if( g.perm.Setup ){ |
| 827 | const char *zRedir = P("redirect"); |
| 828 | if( zRedir ) cgi_redirect(zRedir); |
| 829 | } |
| 830 | style_footer(); |
| 831 | } |
| 832 |
| --- src/style.c | |
| +++ src/style.c | |
| @@ -803,14 +803,26 @@ | |
| 803 | ** WEBPAGE: test_env |
| 804 | */ |
| 805 | void page_test_env(void){ |
| 806 | char c; |
| 807 | int i; |
| 808 | int showAll; |
| 809 | char zCap[30]; |
| 810 | login_check_credentials(); |
| 811 | if( !g.perm.Admin && !g.perm.Setup && !db_get_boolean("test_env_enable",0) ){ |
| 812 | login_needed(); |
| 813 | return; |
| 814 | } |
| 815 | style_header("Environment Test"); |
| 816 | showAll = atoi(PD("showall","0")); |
| 817 | if( !showAll ){ |
| 818 | style_submenu_element("Show Cookies", "Show Cookies", |
| 819 | "%s/test_env?showall=1", g.zTop); |
| 820 | }else{ |
| 821 | style_submenu_element("Hide Cookies", "Hide Cookies", |
| 822 | "%s/test_env", g.zTop); |
| 823 | } |
| 824 | #if !defined(_WIN32) |
| 825 | @ uid=%d(getuid()), gid=%d(getgid())<br /> |
| 826 | #endif |
| 827 | @ g.zBaseURL = %h(g.zBaseURL)<br /> |
| 828 | @ g.zTop = %h(g.zTop)<br /> |
| @@ -820,12 +832,12 @@ | |
| 832 | zCap[i] = 0; |
| 833 | @ g.userUid = %d(g.userUid)<br /> |
| 834 | @ g.zLogin = %h(g.zLogin)<br /> |
| 835 | @ capabilities = %s(zCap)<br /> |
| 836 | @ <hr> |
| 837 | cgi_print_all(atoi(PD("showall","0"))); |
| 838 | if( g.perm.Setup ){ |
| 839 | const char *zRedir = P("redirect"); |
| 840 | if( zRedir ) cgi_redirect(zRedir); |
| 841 | } |
| 842 | style_footer(); |
| 843 | } |
| 844 |