96dcb7e709a… — Fossil SCM

M src/cgi.c

+12 -2

		--- src/cgi.c
		+++ src/cgi.c
		@@ -1343,12 +1343,14 @@
1343	1343	** NULL pointer to stick with the IP address previously computed and
1344	1344	** loaded into g.zIpAddr.
1345	1345	*/
1346	1346	static const char cgi_accept_forwarded_for(const char z){
1347	1347	int i;
1348		- if( fossil_strcmp(g.zIpAddr, "127.0.0.1")!=0 ) return 0;
1349		-
	1348	+ if( !cgi_is_loopback(g.zIpAddr) ){
	1349	+ /* Only accept X-FORWARDED-FOR if input coming from the local machine */
	1350	+ return 0;
	1351	+ }
1350	1352	i = strlen(z)-1;
1351	1353	while( i>=0 && z[i]!=',' && !fossil_isspace(z[i]) ) i--;
1352	1354	return &z[++i];
1353	1355	}
1354	1356
		@@ -2031,5 +2033,13 @@
2031	2033	return zSshClient;
2032	2034	}
2033	2035	}
2034	2036	return zDefault;
2035	2037	}
	2038	+
	2039	+/*
	2040	+** Return true if information is coming from the loopback network.
	2041	+*/
	2042	+int cgi_is_loopback(const char *zIpAddr){
	2043	+ return fossil_strcmp(zIpAddr, "127.0.0.1")==0 \|\|
	2044	+ fossil_strcmp(zIpAddr, "::ffff:127.0.0.1")==0;
	2045	+}
2036	2046

	--- src/cgi.c
	+++ src/cgi.c
	@@ -1343,12 +1343,14 @@
1343	** NULL pointer to stick with the IP address previously computed and
1344	** loaded into g.zIpAddr.
1345	*/
1346	static const char cgi_accept_forwarded_for(const char z){
1347	int i;
1348	if( fossil_strcmp(g.zIpAddr, "127.0.0.1")!=0 ) return 0;
1349


1350	i = strlen(z)-1;
1351	while( i>=0 && z[i]!=',' && !fossil_isspace(z[i]) ) i--;
1352	return &z[++i];
1353	}
1354
	@@ -2031,5 +2033,13 @@
2031	return zSshClient;
2032	}
2033	}
2034	return zDefault;
2035	}








2036

	--- src/cgi.c
	+++ src/cgi.c
	@@ -1343,12 +1343,14 @@
1343	** NULL pointer to stick with the IP address previously computed and
1344	** loaded into g.zIpAddr.
1345	*/
1346	static const char cgi_accept_forwarded_for(const char z){
1347	int i;
1348	if( !cgi_is_loopback(g.zIpAddr) ){
1349	/* Only accept X-FORWARDED-FOR if input coming from the local machine */
1350	return 0;
1351	}
1352	i = strlen(z)-1;
1353	while( i>=0 && z[i]!=',' && !fossil_isspace(z[i]) ) i--;
1354	return &z[++i];
1355	}
1356
	@@ -2031,5 +2033,13 @@
2033	return zSshClient;
2034	}
2035	}
2036	return zDefault;
2037	}
2038
2039	/*
2040	** Return true if information is coming from the loopback network.
2041	*/
2042	int cgi_is_loopback(const char *zIpAddr){
2043	return fossil_strcmp(zIpAddr, "127.0.0.1")==0 \|\|
2044	fossil_strcmp(zIpAddr, "::ffff:127.0.0.1")==0;
2045	}
2046

M src/login.c

+2 -2

		--- src/login.c
		+++ src/login.c
		@@ -926,12 +926,12 @@
926	926	**
927	927	** This feature allows the "fossil ui" command to give the user
928	928	** full access rights without having to log in.
929	929	*/
930	930	zRemoteAddr = ipPrefix(zIpAddr = PD("REMOTE_ADDR","nil"));
931		- if( ( fossil_strcmp(zIpAddr, "127.0.0.1")==0 \|\|
932		- (g.fSshClient & CGI_SSH_CLIENT)!=0 )
	931	+ if( ( cgi_is_loopback(zIpAddr)
	932	+ \|\| (g.fSshClient & CGI_SSH_CLIENT)!=0 )
933	933	&& g.useLocalauth
934	934	&& db_get_int("localauth",0)==0
935	935	&& P("HTTPS")==0
936	936	){
937	937	if( g.localOpen ) zLogin = db_lget("default-user",0);
938	938

	--- src/login.c
	+++ src/login.c
	@@ -926,12 +926,12 @@
926	**
927	** This feature allows the "fossil ui" command to give the user
928	** full access rights without having to log in.
929	*/
930	zRemoteAddr = ipPrefix(zIpAddr = PD("REMOTE_ADDR","nil"));
931	if( ( fossil_strcmp(zIpAddr, "127.0.0.1")==0 \|\|
932	(g.fSshClient & CGI_SSH_CLIENT)!=0 )
933	&& g.useLocalauth
934	&& db_get_int("localauth",0)==0
935	&& P("HTTPS")==0
936	){
937	if( g.localOpen ) zLogin = db_lget("default-user",0);
938

	--- src/login.c
	+++ src/login.c
	@@ -926,12 +926,12 @@
926	**
927	** This feature allows the "fossil ui" command to give the user
928	** full access rights without having to log in.
929	*/
930	zRemoteAddr = ipPrefix(zIpAddr = PD("REMOTE_ADDR","nil"));
931	if( ( cgi_is_loopback(zIpAddr)
932	\|\| (g.fSshClient & CGI_SSH_CLIENT)!=0 )
933	&& g.useLocalauth
934	&& db_get_int("localauth",0)==0
935	&& P("HTTPS")==0
936	){
937	if( g.localOpen ) zLogin = db_lget("default-user",0);
938

M src/timeline.c

+1 -1

		--- src/timeline.c
		+++ src/timeline.c
		@@ -259,11 +259,11 @@
259	259	int bCommentGitStyle = 0; /* Only show comments through first blank line */
260	260	const char zStyle; / Sub-name for classes for the style */
261	261	const char *zDateFmt;
262	262	int iTableId = timeline_tableid();
263	263
264		- if( fossil_strcmp(g.zIpAddr, "127.0.0.1")==0 && db_open_local(0) ){
	264	+ if( cgi_is_loopback(g.zIpAddr) && db_open_local(0) ){
265	265	vid = db_lget_int("checkout", 0);
266	266	}
267	267	zPrevDate[0] = 0;
268	268	mxWikiLen = db_get_int("timeline-max-comment", 0);
269	269	dateFormat = db_get_int("timeline-date-format", 0);
270	270

	--- src/timeline.c
	+++ src/timeline.c
	@@ -259,11 +259,11 @@
259	int bCommentGitStyle = 0; /* Only show comments through first blank line */
260	const char zStyle; / Sub-name for classes for the style */
261	const char *zDateFmt;
262	int iTableId = timeline_tableid();
263
264	if( fossil_strcmp(g.zIpAddr, "127.0.0.1")==0 && db_open_local(0) ){
265	vid = db_lget_int("checkout", 0);
266	}
267	zPrevDate[0] = 0;
268	mxWikiLen = db_get_int("timeline-max-comment", 0);
269	dateFormat = db_get_int("timeline-date-format", 0);
270

	--- src/timeline.c
	+++ src/timeline.c
	@@ -259,11 +259,11 @@
259	int bCommentGitStyle = 0; /* Only show comments through first blank line */
260	const char zStyle; / Sub-name for classes for the style */
261	const char *zDateFmt;
262	int iTableId = timeline_tableid();
263
264	if( cgi_is_loopback(g.zIpAddr) && db_open_local(0) ){
265	vid = db_lget_int("checkout", 0);
266	}
267	zPrevDate[0] = 0;
268	mxWikiLen = db_get_int("timeline-max-comment", 0);
269	dateFormat = db_get_int("timeline-date-format", 0);
270

Fossil SCM