Fossil SCM

Add robustness to decoding of query parameters on the /wdiff page.

drh 2024-05-27 09:56 trunk

Commit 8839378fb000f16d8b29ff941799144c3307ac6d52cf78361d9f83a218a04a13

Parent 2669f492cd94608…

1 file changed +11 -1

M src/wiki.c

+11 -1

		--- src/wiki.c
		+++ src/wiki.c
		@@ -1845,10 +1845,11 @@
1845	1845	** The "id" query parameter is required. "pid" is optional. If "pid"
1846	1846	** is omitted, then the diff is against the first parent of the child.
1847	1847	*/
1848	1848	void wdiff_page(void){
1849	1849	const char *zId;
	1850	+ const char *zIdFull;
1850	1851	const char *zPid;
1851	1852	Manifest pW1, pW2 = 0;
1852	1853	int rid1, rid2, nextRid;
1853	1854	Blob w1, w2, d;
1854	1855	DiffConfig DCfg;
		@@ -1859,11 +1860,20 @@
1859	1860	if( zId==0 ){
1860	1861	rid1 = atoi(PD("rid","0"));
1861	1862	}else{
1862	1863	rid1 = name_to_typed_rid(zId, "w");
1863	1864	}
1864		- zId = db_text(0, "SELECT uuid FROM blob WHERE rid=%d", rid1);
	1865	+ zIdFull = db_text(0, "SELECT uuid FROM blob WHERE rid=%d", rid1);
	1866	+ if( zIdFull==0 ){
	1867	+ if( zId ){
	1868	+ webpage_notfound_error("No such wiki page: \"%s\"", zId);
	1869	+ }else{
	1870	+ webpage_notfound_error("No such wiki page: %d", rid1);
	1871	+ }
	1872	+ return;
	1873	+ }
	1874	+ zId = zIdFull;
1865	1875	pW1 = manifest_get(rid1, CFTYPE_WIKI, 0);
1866	1876	if( pW1==0 ) fossil_redirect_home();
1867	1877	blob_init(&w1, pW1->zWiki, -1);
1868	1878	zPid = P("pid");
1869	1879	if( ( zPid==0 \|\| zPid[0] == 0 ) && pW1->nParent ){
1870	1880

	--- src/wiki.c
	+++ src/wiki.c
	@@ -1845,10 +1845,11 @@
1845	** The "id" query parameter is required. "pid" is optional. If "pid"
1846	** is omitted, then the diff is against the first parent of the child.
1847	*/
1848	void wdiff_page(void){
1849	const char *zId;

1850	const char *zPid;
1851	Manifest pW1, pW2 = 0;
1852	int rid1, rid2, nextRid;
1853	Blob w1, w2, d;
1854	DiffConfig DCfg;
	@@ -1859,11 +1860,20 @@
1859	if( zId==0 ){
1860	rid1 = atoi(PD("rid","0"));
1861	}else{
1862	rid1 = name_to_typed_rid(zId, "w");
1863	}
1864	zId = db_text(0, "SELECT uuid FROM blob WHERE rid=%d", rid1);









1865	pW1 = manifest_get(rid1, CFTYPE_WIKI, 0);
1866	if( pW1==0 ) fossil_redirect_home();
1867	blob_init(&w1, pW1->zWiki, -1);
1868	zPid = P("pid");
1869	if( ( zPid==0 \|\| zPid[0] == 0 ) && pW1->nParent ){
1870

	--- src/wiki.c
	+++ src/wiki.c
	@@ -1845,10 +1845,11 @@
1845	** The "id" query parameter is required. "pid" is optional. If "pid"
1846	** is omitted, then the diff is against the first parent of the child.
1847	*/
1848	void wdiff_page(void){
1849	const char *zId;
1850	const char *zIdFull;
1851	const char *zPid;
1852	Manifest pW1, pW2 = 0;
1853	int rid1, rid2, nextRid;
1854	Blob w1, w2, d;
1855	DiffConfig DCfg;
	@@ -1859,11 +1860,20 @@
1860	if( zId==0 ){
1861	rid1 = atoi(PD("rid","0"));
1862	}else{
1863	rid1 = name_to_typed_rid(zId, "w");
1864	}
1865	zIdFull = db_text(0, "SELECT uuid FROM blob WHERE rid=%d", rid1);
1866	if( zIdFull==0 ){
1867	if( zId ){
1868	webpage_notfound_error("No such wiki page: \"%s\"", zId);
1869	}else{
1870	webpage_notfound_error("No such wiki page: %d", rid1);
1871	}
1872	return;
1873	}
1874	zId = zIdFull;
1875	pW1 = manifest_get(rid1, CFTYPE_WIKI, 0);
1876	if( pW1==0 ) fossil_redirect_home();
1877	blob_init(&w1, pW1->zWiki, -1);
1878	zPid = P("pid");
1879	if( ( zPid==0 \|\| zPid[0] == 0 ) && pW1->nParent ){
1880