Fossil SCM
Do not allow the "fossil chat send" command to transmit over an unencrypted channel unless the --unsafe option is used on the command-line.
Commit
6da3a74d5fa83b941de647a21f2c87a79934a9da52dad9913ac389468a3ca57b
Parent
904a5a5612e0042…
1 file changed
+6
-1
+6
-1
| --- src/chat.c | ||
| +++ src/chat.c | ||
| @@ -699,12 +699,13 @@ | ||
| 699 | 699 | ** > fossil chat send [ARGUMENTS] |
| 700 | 700 | ** |
| 701 | 701 | ** This command sends a new message to the chatroom. The message |
| 702 | 702 | ** to be sent is determined by arguments as follows: |
| 703 | 703 | ** |
| 704 | -** -m|--message TEXT Text of the chat message | |
| 705 | 704 | ** -f|--file FILENAME File to attach to the message |
| 705 | +** -m|--message TEXT Text of the chat message | |
| 706 | +** --unsafe Allow the use of unencrypted http:// | |
| 706 | 707 | ** |
| 707 | 708 | ** Additional subcommands may be added in the future. |
| 708 | 709 | */ |
| 709 | 710 | void chat_command(void){ |
| 710 | 711 | const char *zUrl = find_option("remote",0,1); |
| @@ -752,19 +753,23 @@ | ||
| 752 | 753 | #endif |
| 753 | 754 | fossil_system(zCmd); |
| 754 | 755 | }else if( strcmp(g.argv[2],"send")==0 ){ |
| 755 | 756 | const char *zFilename = find_option("file","r",1); |
| 756 | 757 | const char *zMsg = find_option("message","m",1); |
| 758 | + int allowUnsafe = find_option("unsafe",0,0)!=0; | |
| 757 | 759 | const int mFlags = HTTP_GENERIC | HTTP_QUIET | HTTP_NOCOMPRESS; |
| 758 | 760 | int i; |
| 759 | 761 | const char *zPw; |
| 760 | 762 | Blob up, down, fcontent; |
| 761 | 763 | char zBoundary[80]; |
| 762 | 764 | sqlite3_uint64 r[3]; |
| 763 | 765 | if( zFilename==0 && zMsg==0 ){ |
| 764 | 766 | fossil_fatal("must have --message or --file or both"); |
| 765 | 767 | } |
| 768 | + if( !g.url.isHttps && !allowUnsafe ){ | |
| 769 | + fossil_fatal("URL \"%s\" is unencrypted. Use https:// instead", zUrl); | |
| 770 | + } | |
| 766 | 771 | verify_all_options(); |
| 767 | 772 | i = (int)strlen(g.url.path); |
| 768 | 773 | while( i>0 && g.url.path[i-1]=='/' ) i--; |
| 769 | 774 | g.url.path = mprintf("%.*s/chat-send", i, g.url.path); |
| 770 | 775 | blob_init(&up, 0, 0); |
| 771 | 776 |
| --- src/chat.c | |
| +++ src/chat.c | |
| @@ -699,12 +699,13 @@ | |
| 699 | ** > fossil chat send [ARGUMENTS] |
| 700 | ** |
| 701 | ** This command sends a new message to the chatroom. The message |
| 702 | ** to be sent is determined by arguments as follows: |
| 703 | ** |
| 704 | ** -m|--message TEXT Text of the chat message |
| 705 | ** -f|--file FILENAME File to attach to the message |
| 706 | ** |
| 707 | ** Additional subcommands may be added in the future. |
| 708 | */ |
| 709 | void chat_command(void){ |
| 710 | const char *zUrl = find_option("remote",0,1); |
| @@ -752,19 +753,23 @@ | |
| 752 | #endif |
| 753 | fossil_system(zCmd); |
| 754 | }else if( strcmp(g.argv[2],"send")==0 ){ |
| 755 | const char *zFilename = find_option("file","r",1); |
| 756 | const char *zMsg = find_option("message","m",1); |
| 757 | const int mFlags = HTTP_GENERIC | HTTP_QUIET | HTTP_NOCOMPRESS; |
| 758 | int i; |
| 759 | const char *zPw; |
| 760 | Blob up, down, fcontent; |
| 761 | char zBoundary[80]; |
| 762 | sqlite3_uint64 r[3]; |
| 763 | if( zFilename==0 && zMsg==0 ){ |
| 764 | fossil_fatal("must have --message or --file or both"); |
| 765 | } |
| 766 | verify_all_options(); |
| 767 | i = (int)strlen(g.url.path); |
| 768 | while( i>0 && g.url.path[i-1]=='/' ) i--; |
| 769 | g.url.path = mprintf("%.*s/chat-send", i, g.url.path); |
| 770 | blob_init(&up, 0, 0); |
| 771 |
| --- src/chat.c | |
| +++ src/chat.c | |
| @@ -699,12 +699,13 @@ | |
| 699 | ** > fossil chat send [ARGUMENTS] |
| 700 | ** |
| 701 | ** This command sends a new message to the chatroom. The message |
| 702 | ** to be sent is determined by arguments as follows: |
| 703 | ** |
| 704 | ** -f|--file FILENAME File to attach to the message |
| 705 | ** -m|--message TEXT Text of the chat message |
| 706 | ** --unsafe Allow the use of unencrypted http:// |
| 707 | ** |
| 708 | ** Additional subcommands may be added in the future. |
| 709 | */ |
| 710 | void chat_command(void){ |
| 711 | const char *zUrl = find_option("remote",0,1); |
| @@ -752,19 +753,23 @@ | |
| 753 | #endif |
| 754 | fossil_system(zCmd); |
| 755 | }else if( strcmp(g.argv[2],"send")==0 ){ |
| 756 | const char *zFilename = find_option("file","r",1); |
| 757 | const char *zMsg = find_option("message","m",1); |
| 758 | int allowUnsafe = find_option("unsafe",0,0)!=0; |
| 759 | const int mFlags = HTTP_GENERIC | HTTP_QUIET | HTTP_NOCOMPRESS; |
| 760 | int i; |
| 761 | const char *zPw; |
| 762 | Blob up, down, fcontent; |
| 763 | char zBoundary[80]; |
| 764 | sqlite3_uint64 r[3]; |
| 765 | if( zFilename==0 && zMsg==0 ){ |
| 766 | fossil_fatal("must have --message or --file or both"); |
| 767 | } |
| 768 | if( !g.url.isHttps && !allowUnsafe ){ |
| 769 | fossil_fatal("URL \"%s\" is unencrypted. Use https:// instead", zUrl); |
| 770 | } |
| 771 | verify_all_options(); |
| 772 | i = (int)strlen(g.url.path); |
| 773 | while( i>0 && g.url.path[i-1]=='/' ) i--; |
| 774 | g.url.path = mprintf("%.*s/chat-send", i, g.url.path); |
| 775 | blob_init(&up, 0, 0); |
| 776 |