Fossil SCM

Fix the security enhancment at [0c1419a466f2152b] so that it does not mistake multi-byte unicode characters as control characers. [forum:/forumpost/bfcf326231|Forum post bfcf326231].

drh 2025-12-19 10:07 trunk
Commit 82dc70d5ab76cb631ff0a09cf301b1182d91062c42cc81238f0a220b5029f19a
Parent 480bf26bf801257…
1 file changed +1 -1
~ src/cgi.c
M src/cgi.c
+1 -1
--- src/cgi.c
+++ src/cgi.c
@@ -955,11 +955,11 @@
955955
 ** Returns true if NUL-terminated z contains any non-NUL
956956
 ** control characters (<0x20, 32d).
957957
 */
958958
 static int contains_ctrl(const char *z){
959959
 assert(z);
960
- for( ; *z>=0x20; ++z ){}
960
+ for( ; *z>=0x20 || *z<0; ++z ){}
961961
 return 0!=*z;
962962
 }
963963
964964
 /*
965965
 ** Add a list of query parameters or cookies to the parameter set.
966966
--- src/cgi.c
+++ src/cgi.c
@@ -955,11 +955,11 @@
955 ** Returns true if NUL-terminated z contains any non-NUL
956 ** control characters (<0x20, 32d).
957 */
958 static int contains_ctrl(const char *z){
959 assert(z);
960 for( ; *z>=0x20; ++z ){}
961 return 0!=*z;
962 }
963
964 /*
965 ** Add a list of query parameters or cookies to the parameter set.
966
--- src/cgi.c
+++ src/cgi.c
@@ -955,11 +955,11 @@
955 ** Returns true if NUL-terminated z contains any non-NUL
956 ** control characters (<0x20, 32d).
957 */
958 static int contains_ctrl(const char *z){
959 assert(z);
960 for( ; *z>=0x20 || *z<0; ++z ){}
961 return 0!=*z;
962 }
963
964 /*
965 ** Add a list of query parameters or cookies to the parameter set.
966

Keyboard Shortcuts

Open search /
Next entry (timeline) j
Previous entry (timeline) k
Open focused entry Enter
Show this help ?
Toggle theme Top nav button