Fossil SCM

Fix a potential CSRF bypass.

drh 2026-05-06 15:04 UTC enhanced-checkin-edit
Commit 80ae3f149e368a0a408646e3a651ccc1f9545d925d3e2ec00d6a5a93a7460872
Parent dbf6ce780d8e41b…
1 file changed +2 -1
~ src/info.c
M src/info.c
+2 -1
--- src/info.c
+++ src/info.c
@@ -3744,11 +3744,12 @@
37443744
 zNewBranch = PDT("brname","");
37453745
 zBranchName = branch_of_rid(rid);
37463746
 zCloseFlag = P("close") ? " checked" : "";
37473747
 zHideFlag = P("hide") ? " checked" : "";
37483748
 blob_zero(&ctrl);
3749
- if( (bApply && cgi_csrf_safe(2)) || bPreview ){
3749
+ if( bApply && !cgi_csrf_safe(2) ) bApply = 0;
3750
+ if( bApply || bPreview ){
37503751
 char *zNow = date_in_standard_format(zChngTime ? zChngTime : "now");
37513752
 blob_appendf(&ctrl, "D %s\n", zNow);
37523753
 init_newtags();
37533754
 if( zNewColorFlag[0]
37543755
 && zNewColor[0]
37553756
--- src/info.c
+++ src/info.c
@@ -3744,11 +3744,12 @@
3744 zNewBranch = PDT("brname","");
3745 zBranchName = branch_of_rid(rid);
3746 zCloseFlag = P("close") ? " checked" : "";
3747 zHideFlag = P("hide") ? " checked" : "";
3748 blob_zero(&ctrl);
3749 if( (bApply && cgi_csrf_safe(2)) || bPreview ){
 
3750 char *zNow = date_in_standard_format(zChngTime ? zChngTime : "now");
3751 blob_appendf(&ctrl, "D %s\n", zNow);
3752 init_newtags();
3753 if( zNewColorFlag[0]
3754 && zNewColor[0]
3755
--- src/info.c
+++ src/info.c
@@ -3744,11 +3744,12 @@
3744 zNewBranch = PDT("brname","");
3745 zBranchName = branch_of_rid(rid);
3746 zCloseFlag = P("close") ? " checked" : "";
3747 zHideFlag = P("hide") ? " checked" : "";
3748 blob_zero(&ctrl);
3749 if( bApply && !cgi_csrf_safe(2) ) bApply = 0;
3750 if( bApply || bPreview ){
3751 char *zNow = date_in_standard_format(zChngTime ? zChngTime : "now");
3752 blob_appendf(&ctrl, "D %s\n", zNow);
3753 init_newtags();
3754 if( zNewColorFlag[0]
3755 && zNewColor[0]
3756

Keyboard Shortcuts

Open search /
Next entry (timeline) j
Previous entry (timeline) k
Open focused entry Enter
Show this help ?
Toggle theme Top nav button