Fossil SCM
Add a configuration option that automatically redirects to SSL for HTTP connections to the login page.
Commit
a4e7b8629db81ecfe9f722d7fb92fea6cc7f9046
Parent
27cd09c44de66ff…
5 files changed
+26
-1
+3
+11
-3
+3
+3
+26
-1
| --- src/login.c | ||
| +++ src/login.c | ||
| @@ -475,10 +475,20 @@ | ||
| 475 | 475 | char *zSha1Pw; |
| 476 | 476 | const char *zIpAddr; /* IP address of requestor */ |
| 477 | 477 | const char *zReferer; |
| 478 | 478 | |
| 479 | 479 | login_check_credentials(); |
| 480 | + if( login_wants_https_redirect() ){ | |
| 481 | + const char *zQS = P("QUERY_STRING"); | |
| 482 | + if( zQS==0 ){ | |
| 483 | + zQS = ""; | |
| 484 | + }else if( zQS[0]!=0 ){ | |
| 485 | + zQS = mprintf("?%s", zQS); | |
| 486 | + } | |
| 487 | + cgi_redirectf("%s%s%s", g.zHttpsURL, P("PATH_INFO"), zQS); | |
| 488 | + return; | |
| 489 | + } | |
| 480 | 490 | sqlite3_create_function(g.db, "constant_time_cmp", 2, SQLITE_UTF8, 0, |
| 481 | 491 | constant_time_cmp_function, 0, 0); |
| 482 | 492 | zUsername = P("u"); |
| 483 | 493 | zPasswd = P("p"); |
| 484 | 494 | anonFlag = P("anon")!=0; |
| @@ -776,10 +786,25 @@ | ||
| 776 | 786 | " AND constant_time_cmp(cookie,%Q)=0", |
| 777 | 787 | zLogin, zRemoteAddr, zCookie |
| 778 | 788 | ); |
| 779 | 789 | return uid; |
| 780 | 790 | } |
| 791 | + | |
| 792 | +/* | |
| 793 | +** Return true if it is appropriate to redirect login requests to HTTPS. | |
| 794 | +** | |
| 795 | +** Redirect to https is appropriate if all of the above are true: | |
| 796 | +** (1) The redirect-to-https flag is set | |
| 797 | +** (2) The current connection is http, not https or ssh | |
| 798 | +** (3) The sslNotAvailable flag is clear | |
| 799 | +*/ | |
| 800 | +int login_wants_https_redirect(void){ | |
| 801 | + if( g.sslNotAvailable ) return 0; | |
| 802 | + if( db_get_boolean("redirect-to-https",0)==0 ) return 0; | |
| 803 | + if( P("HTTPS")!=0 ) return 0; | |
| 804 | + return 1; | |
| 805 | +} | |
| 781 | 806 | |
| 782 | 807 | /* |
| 783 | 808 | ** This routine examines the login cookie to see if it exists and |
| 784 | 809 | ** is valid. If the login cookie checks out, it then sets global |
| 785 | 810 | ** variables appropriately. |
| @@ -812,11 +837,11 @@ | ||
| 812 | 837 | ** This feature allows the "fossil ui" command to give the user |
| 813 | 838 | ** full access rights without having to log in. |
| 814 | 839 | */ |
| 815 | 840 | zRemoteAddr = ipPrefix(zIpAddr = PD("REMOTE_ADDR","nil")); |
| 816 | 841 | if( ( fossil_strcmp(zIpAddr, "127.0.0.1")==0 || |
| 817 | - g.fSshClient & CGI_SSH_CLIENT ) | |
| 842 | + (g.fSshClient & CGI_SSH_CLIENT)!=0 ) | |
| 818 | 843 | && g.useLocalauth |
| 819 | 844 | && db_get_int("localauth",0)==0 |
| 820 | 845 | && P("HTTPS")==0 |
| 821 | 846 | ){ |
| 822 | 847 | if( g.localOpen ) zLogin = db_lget("default-user",0); |
| 823 | 848 |
| --- src/login.c | |
| +++ src/login.c | |
| @@ -475,10 +475,20 @@ | |
| 475 | char *zSha1Pw; |
| 476 | const char *zIpAddr; /* IP address of requestor */ |
| 477 | const char *zReferer; |
| 478 | |
| 479 | login_check_credentials(); |
| 480 | sqlite3_create_function(g.db, "constant_time_cmp", 2, SQLITE_UTF8, 0, |
| 481 | constant_time_cmp_function, 0, 0); |
| 482 | zUsername = P("u"); |
| 483 | zPasswd = P("p"); |
| 484 | anonFlag = P("anon")!=0; |
| @@ -776,10 +786,25 @@ | |
| 776 | " AND constant_time_cmp(cookie,%Q)=0", |
| 777 | zLogin, zRemoteAddr, zCookie |
| 778 | ); |
| 779 | return uid; |
| 780 | } |
| 781 | |
| 782 | /* |
| 783 | ** This routine examines the login cookie to see if it exists and |
| 784 | ** is valid. If the login cookie checks out, it then sets global |
| 785 | ** variables appropriately. |
| @@ -812,11 +837,11 @@ | |
| 812 | ** This feature allows the "fossil ui" command to give the user |
| 813 | ** full access rights without having to log in. |
| 814 | */ |
| 815 | zRemoteAddr = ipPrefix(zIpAddr = PD("REMOTE_ADDR","nil")); |
| 816 | if( ( fossil_strcmp(zIpAddr, "127.0.0.1")==0 || |
| 817 | g.fSshClient & CGI_SSH_CLIENT ) |
| 818 | && g.useLocalauth |
| 819 | && db_get_int("localauth",0)==0 |
| 820 | && P("HTTPS")==0 |
| 821 | ){ |
| 822 | if( g.localOpen ) zLogin = db_lget("default-user",0); |
| 823 |
| --- src/login.c | |
| +++ src/login.c | |
| @@ -475,10 +475,20 @@ | |
| 475 | char *zSha1Pw; |
| 476 | const char *zIpAddr; /* IP address of requestor */ |
| 477 | const char *zReferer; |
| 478 | |
| 479 | login_check_credentials(); |
| 480 | if( login_wants_https_redirect() ){ |
| 481 | const char *zQS = P("QUERY_STRING"); |
| 482 | if( zQS==0 ){ |
| 483 | zQS = ""; |
| 484 | }else if( zQS[0]!=0 ){ |
| 485 | zQS = mprintf("?%s", zQS); |
| 486 | } |
| 487 | cgi_redirectf("%s%s%s", g.zHttpsURL, P("PATH_INFO"), zQS); |
| 488 | return; |
| 489 | } |
| 490 | sqlite3_create_function(g.db, "constant_time_cmp", 2, SQLITE_UTF8, 0, |
| 491 | constant_time_cmp_function, 0, 0); |
| 492 | zUsername = P("u"); |
| 493 | zPasswd = P("p"); |
| 494 | anonFlag = P("anon")!=0; |
| @@ -776,10 +786,25 @@ | |
| 786 | " AND constant_time_cmp(cookie,%Q)=0", |
| 787 | zLogin, zRemoteAddr, zCookie |
| 788 | ); |
| 789 | return uid; |
| 790 | } |
| 791 | |
| 792 | /* |
| 793 | ** Return true if it is appropriate to redirect login requests to HTTPS. |
| 794 | ** |
| 795 | ** Redirect to https is appropriate if all of the above are true: |
| 796 | ** (1) The redirect-to-https flag is set |
| 797 | ** (2) The current connection is http, not https or ssh |
| 798 | ** (3) The sslNotAvailable flag is clear |
| 799 | */ |
| 800 | int login_wants_https_redirect(void){ |
| 801 | if( g.sslNotAvailable ) return 0; |
| 802 | if( db_get_boolean("redirect-to-https",0)==0 ) return 0; |
| 803 | if( P("HTTPS")!=0 ) return 0; |
| 804 | return 1; |
| 805 | } |
| 806 | |
| 807 | /* |
| 808 | ** This routine examines the login cookie to see if it exists and |
| 809 | ** is valid. If the login cookie checks out, it then sets global |
| 810 | ** variables appropriately. |
| @@ -812,11 +837,11 @@ | |
| 837 | ** This feature allows the "fossil ui" command to give the user |
| 838 | ** full access rights without having to log in. |
| 839 | */ |
| 840 | zRemoteAddr = ipPrefix(zIpAddr = PD("REMOTE_ADDR","nil")); |
| 841 | if( ( fossil_strcmp(zIpAddr, "127.0.0.1")==0 || |
| 842 | (g.fSshClient & CGI_SSH_CLIENT)!=0 ) |
| 843 | && g.useLocalauth |
| 844 | && db_get_int("localauth",0)==0 |
| 845 | && P("HTTPS")==0 |
| 846 | ){ |
| 847 | if( g.localOpen ) zLogin = db_lget("default-user",0); |
| 848 |
+3
| --- src/main.c | ||
| +++ src/main.c | ||
| @@ -150,10 +150,11 @@ | ||
| 150 | 150 | char *zSshCmd; /* SSH command string */ |
| 151 | 151 | int fNoSync; /* Do not do an autosync ever. --nosync */ |
| 152 | 152 | char *zPath; /* Name of webpage being served */ |
| 153 | 153 | char *zExtra; /* Extra path information past the webpage name */ |
| 154 | 154 | char *zBaseURL; /* Full text of the URL being served */ |
| 155 | + char *zHttpsURL; /* zBaseURL translated to https: */ | |
| 155 | 156 | char *zTop; /* Parent directory of zPath */ |
| 156 | 157 | const char *zContentType; /* The content type of the input HTTP request */ |
| 157 | 158 | int iErrPriority; /* Priority of current error message */ |
| 158 | 159 | char *zErrMsg; /* Text of an error message */ |
| 159 | 160 | int sslNotAvailable; /* SSL is not available. Do not redirect to https: */ |
| @@ -1289,13 +1290,15 @@ | ||
| 1289 | 1290 | i = strlen(zCur); |
| 1290 | 1291 | while( i>0 && zCur[i-1]=='/' ) i--; |
| 1291 | 1292 | if( fossil_stricmp(zMode,"on")==0 ){ |
| 1292 | 1293 | g.zBaseURL = mprintf("https://%s%.*s", zHost, i, zCur); |
| 1293 | 1294 | g.zTop = &g.zBaseURL[8+strlen(zHost)]; |
| 1295 | + g.zHttpsURL = g.zBaseURL; | |
| 1294 | 1296 | }else{ |
| 1295 | 1297 | g.zBaseURL = mprintf("http://%s%.*s", zHost, i, zCur); |
| 1296 | 1298 | g.zTop = &g.zBaseURL[7+strlen(zHost)]; |
| 1299 | + g.zHttpsURL = mprintf("https://%s%.*s", zHost, i, zCur); | |
| 1297 | 1300 | } |
| 1298 | 1301 | } |
| 1299 | 1302 | if( db_is_writeable("repository") ){ |
| 1300 | 1303 | if( !db_exists("SELECT 1 FROM config WHERE name='baseurl:%q'", g.zBaseURL)){ |
| 1301 | 1304 | db_multi_exec("INSERT INTO config(name,value,mtime)" |
| 1302 | 1305 |
| --- src/main.c | |
| +++ src/main.c | |
| @@ -150,10 +150,11 @@ | |
| 150 | char *zSshCmd; /* SSH command string */ |
| 151 | int fNoSync; /* Do not do an autosync ever. --nosync */ |
| 152 | char *zPath; /* Name of webpage being served */ |
| 153 | char *zExtra; /* Extra path information past the webpage name */ |
| 154 | char *zBaseURL; /* Full text of the URL being served */ |
| 155 | char *zTop; /* Parent directory of zPath */ |
| 156 | const char *zContentType; /* The content type of the input HTTP request */ |
| 157 | int iErrPriority; /* Priority of current error message */ |
| 158 | char *zErrMsg; /* Text of an error message */ |
| 159 | int sslNotAvailable; /* SSL is not available. Do not redirect to https: */ |
| @@ -1289,13 +1290,15 @@ | |
| 1289 | i = strlen(zCur); |
| 1290 | while( i>0 && zCur[i-1]=='/' ) i--; |
| 1291 | if( fossil_stricmp(zMode,"on")==0 ){ |
| 1292 | g.zBaseURL = mprintf("https://%s%.*s", zHost, i, zCur); |
| 1293 | g.zTop = &g.zBaseURL[8+strlen(zHost)]; |
| 1294 | }else{ |
| 1295 | g.zBaseURL = mprintf("http://%s%.*s", zHost, i, zCur); |
| 1296 | g.zTop = &g.zBaseURL[7+strlen(zHost)]; |
| 1297 | } |
| 1298 | } |
| 1299 | if( db_is_writeable("repository") ){ |
| 1300 | if( !db_exists("SELECT 1 FROM config WHERE name='baseurl:%q'", g.zBaseURL)){ |
| 1301 | db_multi_exec("INSERT INTO config(name,value,mtime)" |
| 1302 |
| --- src/main.c | |
| +++ src/main.c | |
| @@ -150,10 +150,11 @@ | |
| 150 | char *zSshCmd; /* SSH command string */ |
| 151 | int fNoSync; /* Do not do an autosync ever. --nosync */ |
| 152 | char *zPath; /* Name of webpage being served */ |
| 153 | char *zExtra; /* Extra path information past the webpage name */ |
| 154 | char *zBaseURL; /* Full text of the URL being served */ |
| 155 | char *zHttpsURL; /* zBaseURL translated to https: */ |
| 156 | char *zTop; /* Parent directory of zPath */ |
| 157 | const char *zContentType; /* The content type of the input HTTP request */ |
| 158 | int iErrPriority; /* Priority of current error message */ |
| 159 | char *zErrMsg; /* Text of an error message */ |
| 160 | int sslNotAvailable; /* SSL is not available. Do not redirect to https: */ |
| @@ -1289,13 +1290,15 @@ | |
| 1290 | i = strlen(zCur); |
| 1291 | while( i>0 && zCur[i-1]=='/' ) i--; |
| 1292 | if( fossil_stricmp(zMode,"on")==0 ){ |
| 1293 | g.zBaseURL = mprintf("https://%s%.*s", zHost, i, zCur); |
| 1294 | g.zTop = &g.zBaseURL[8+strlen(zHost)]; |
| 1295 | g.zHttpsURL = g.zBaseURL; |
| 1296 | }else{ |
| 1297 | g.zBaseURL = mprintf("http://%s%.*s", zHost, i, zCur); |
| 1298 | g.zTop = &g.zBaseURL[7+strlen(zHost)]; |
| 1299 | g.zHttpsURL = mprintf("https://%s%.*s", zHost, i, zCur); |
| 1300 | } |
| 1301 | } |
| 1302 | if( db_is_writeable("repository") ){ |
| 1303 | if( !db_exists("SELECT 1 FROM config WHERE name='baseurl:%q'", g.zBaseURL)){ |
| 1304 | db_multi_exec("INSERT INTO config(name,value,mtime)" |
| 1305 |
+11
-3
| --- src/setup.c | ||
| +++ src/setup.c | ||
| @@ -66,11 +66,11 @@ | ||
| 66 | 66 | |
| 67 | 67 | /* Make sure the header contains <base href="...">. Issue a warning |
| 68 | 68 | ** if it does not. */ |
| 69 | 69 | if( !cgi_header_contains("<base href=") ){ |
| 70 | 70 | @ <p class="generalError"><b>Configuration Error:</b> Please add |
| 71 | - @ <tt><base href="$baseurl/$current_page"></tt> after | |
| 71 | + @ <tt><base href="$secureurl/$current_page"></tt> after | |
| 72 | 72 | @ <tt><head></tt> in the <a href="setup_header">HTML header</a>!</p> |
| 73 | 73 | } |
| 74 | 74 | |
| 75 | 75 | @ <table border="0" cellspacing="7"> |
| 76 | 76 | setup_menu_entry("Users", "setup_ulist", |
| @@ -973,10 +973,18 @@ | ||
| 973 | 973 | style_header("Access Control Settings"); |
| 974 | 974 | db_begin_transaction(); |
| 975 | 975 | @ <form action="%s(g.zTop)/setup_access" method="post"><div> |
| 976 | 976 | login_insert_csrf_secret(); |
| 977 | 977 | @ <hr /> |
| 978 | + onoff_attribute("Redirect to HTTPS on the Login page", | |
| 979 | + "redirect-to-https", "redirhttps", 0, 0); | |
| 980 | + @ <p>When selected, force the use of HTTPS for the Login page. | |
| 981 | + @ <p>Details: When enabled, this option causes the $secureurl TH1 | |
| 982 | + @ variable is set to an "https:" variant of $baseurl. Otherwise, | |
| 983 | + @ $secureurl is just an alias for $baseurl. Also when enabled, the | |
| 984 | + @ Login page redirects to https if accessed via http. | |
| 985 | + @ <hr /> | |
| 978 | 986 | onoff_attribute("Require password for local access", |
| 979 | 987 | "localauth", "localauth", 0, 0); |
| 980 | 988 | @ <p>When enabled, the password sign-in is always required for |
| 981 | 989 | @ web access. When disabled, unrestricted web access from 127.0.0.1 |
| 982 | 990 | @ is allowed for the <a href="%s(g.zTop)/help/ui">fossil ui</a> command or |
| @@ -1551,11 +1559,11 @@ | ||
| 1551 | 1559 | char *zHead = strstr(z, "<head>"); |
| 1552 | 1560 | if( strstr(z, "<base href=")==0 && zHead!=0 ){ |
| 1553 | 1561 | char *zNew; |
| 1554 | 1562 | char *zTail = &zHead[6]; |
| 1555 | 1563 | while( fossil_isspace(zTail[0]) ) zTail++; |
| 1556 | - zNew = mprintf("%.*s\n<base href=\"$baseurl/$current_page\" />\n%s", | |
| 1564 | + zNew = mprintf("%.*s\n<base href=\"$secureurl/$current_page\" />\n%s", | |
| 1557 | 1565 | zHead+6-z, z, zTail); |
| 1558 | 1566 | cgi_replace_parameter("header", zNew); |
| 1559 | 1567 | db_set("header", zNew, 0); |
| 1560 | 1568 | } |
| 1561 | 1569 | } |
| @@ -1565,11 +1573,11 @@ | ||
| 1565 | 1573 | |
| 1566 | 1574 | /* Make sure the header contains <base href="...">. Issue a warning |
| 1567 | 1575 | ** if it does not. */ |
| 1568 | 1576 | if( !cgi_header_contains("<base href=") ){ |
| 1569 | 1577 | @ <p class="generalError">Please add |
| 1570 | - @ <tt><base href="$baseurl/$current_page"></tt> after | |
| 1578 | + @ <tt><base href="$secureurl/$current_page"></tt> after | |
| 1571 | 1579 | @ <tt><head></tt> in the header! |
| 1572 | 1580 | @ <input type="submit" name="fixbase" value="Add <base> Now"></p> |
| 1573 | 1581 | } |
| 1574 | 1582 | |
| 1575 | 1583 | login_insert_csrf_secret(); |
| 1576 | 1584 |
| --- src/setup.c | |
| +++ src/setup.c | |
| @@ -66,11 +66,11 @@ | |
| 66 | |
| 67 | /* Make sure the header contains <base href="...">. Issue a warning |
| 68 | ** if it does not. */ |
| 69 | if( !cgi_header_contains("<base href=") ){ |
| 70 | @ <p class="generalError"><b>Configuration Error:</b> Please add |
| 71 | @ <tt><base href="$baseurl/$current_page"></tt> after |
| 72 | @ <tt><head></tt> in the <a href="setup_header">HTML header</a>!</p> |
| 73 | } |
| 74 | |
| 75 | @ <table border="0" cellspacing="7"> |
| 76 | setup_menu_entry("Users", "setup_ulist", |
| @@ -973,10 +973,18 @@ | |
| 973 | style_header("Access Control Settings"); |
| 974 | db_begin_transaction(); |
| 975 | @ <form action="%s(g.zTop)/setup_access" method="post"><div> |
| 976 | login_insert_csrf_secret(); |
| 977 | @ <hr /> |
| 978 | onoff_attribute("Require password for local access", |
| 979 | "localauth", "localauth", 0, 0); |
| 980 | @ <p>When enabled, the password sign-in is always required for |
| 981 | @ web access. When disabled, unrestricted web access from 127.0.0.1 |
| 982 | @ is allowed for the <a href="%s(g.zTop)/help/ui">fossil ui</a> command or |
| @@ -1551,11 +1559,11 @@ | |
| 1551 | char *zHead = strstr(z, "<head>"); |
| 1552 | if( strstr(z, "<base href=")==0 && zHead!=0 ){ |
| 1553 | char *zNew; |
| 1554 | char *zTail = &zHead[6]; |
| 1555 | while( fossil_isspace(zTail[0]) ) zTail++; |
| 1556 | zNew = mprintf("%.*s\n<base href=\"$baseurl/$current_page\" />\n%s", |
| 1557 | zHead+6-z, z, zTail); |
| 1558 | cgi_replace_parameter("header", zNew); |
| 1559 | db_set("header", zNew, 0); |
| 1560 | } |
| 1561 | } |
| @@ -1565,11 +1573,11 @@ | |
| 1565 | |
| 1566 | /* Make sure the header contains <base href="...">. Issue a warning |
| 1567 | ** if it does not. */ |
| 1568 | if( !cgi_header_contains("<base href=") ){ |
| 1569 | @ <p class="generalError">Please add |
| 1570 | @ <tt><base href="$baseurl/$current_page"></tt> after |
| 1571 | @ <tt><head></tt> in the header! |
| 1572 | @ <input type="submit" name="fixbase" value="Add <base> Now"></p> |
| 1573 | } |
| 1574 | |
| 1575 | login_insert_csrf_secret(); |
| 1576 |
| --- src/setup.c | |
| +++ src/setup.c | |
| @@ -66,11 +66,11 @@ | |
| 66 | |
| 67 | /* Make sure the header contains <base href="...">. Issue a warning |
| 68 | ** if it does not. */ |
| 69 | if( !cgi_header_contains("<base href=") ){ |
| 70 | @ <p class="generalError"><b>Configuration Error:</b> Please add |
| 71 | @ <tt><base href="$secureurl/$current_page"></tt> after |
| 72 | @ <tt><head></tt> in the <a href="setup_header">HTML header</a>!</p> |
| 73 | } |
| 74 | |
| 75 | @ <table border="0" cellspacing="7"> |
| 76 | setup_menu_entry("Users", "setup_ulist", |
| @@ -973,10 +973,18 @@ | |
| 973 | style_header("Access Control Settings"); |
| 974 | db_begin_transaction(); |
| 975 | @ <form action="%s(g.zTop)/setup_access" method="post"><div> |
| 976 | login_insert_csrf_secret(); |
| 977 | @ <hr /> |
| 978 | onoff_attribute("Redirect to HTTPS on the Login page", |
| 979 | "redirect-to-https", "redirhttps", 0, 0); |
| 980 | @ <p>When selected, force the use of HTTPS for the Login page. |
| 981 | @ <p>Details: When enabled, this option causes the $secureurl TH1 |
| 982 | @ variable is set to an "https:" variant of $baseurl. Otherwise, |
| 983 | @ $secureurl is just an alias for $baseurl. Also when enabled, the |
| 984 | @ Login page redirects to https if accessed via http. |
| 985 | @ <hr /> |
| 986 | onoff_attribute("Require password for local access", |
| 987 | "localauth", "localauth", 0, 0); |
| 988 | @ <p>When enabled, the password sign-in is always required for |
| 989 | @ web access. When disabled, unrestricted web access from 127.0.0.1 |
| 990 | @ is allowed for the <a href="%s(g.zTop)/help/ui">fossil ui</a> command or |
| @@ -1551,11 +1559,11 @@ | |
| 1559 | char *zHead = strstr(z, "<head>"); |
| 1560 | if( strstr(z, "<base href=")==0 && zHead!=0 ){ |
| 1561 | char *zNew; |
| 1562 | char *zTail = &zHead[6]; |
| 1563 | while( fossil_isspace(zTail[0]) ) zTail++; |
| 1564 | zNew = mprintf("%.*s\n<base href=\"$secureurl/$current_page\" />\n%s", |
| 1565 | zHead+6-z, z, zTail); |
| 1566 | cgi_replace_parameter("header", zNew); |
| 1567 | db_set("header", zNew, 0); |
| 1568 | } |
| 1569 | } |
| @@ -1565,11 +1573,11 @@ | |
| 1573 | |
| 1574 | /* Make sure the header contains <base href="...">. Issue a warning |
| 1575 | ** if it does not. */ |
| 1576 | if( !cgi_header_contains("<base href=") ){ |
| 1577 | @ <p class="generalError">Please add |
| 1578 | @ <tt><base href="$secureurl/$current_page"></tt> after |
| 1579 | @ <tt><head></tt> in the header! |
| 1580 | @ <input type="submit" name="fixbase" value="Add <base> Now"></p> |
| 1581 | } |
| 1582 | |
| 1583 | login_insert_csrf_secret(); |
| 1584 |
+3
| --- src/style.c | ||
| +++ src/style.c | ||
| @@ -301,10 +301,11 @@ | ||
| 301 | 301 | |
| 302 | 302 | /* Generate the header up through the main menu */ |
| 303 | 303 | Th_Store("project_name", db_get("project-name","Unnamed Fossil Project")); |
| 304 | 304 | Th_Store("title", zTitle); |
| 305 | 305 | Th_Store("baseurl", g.zBaseURL); |
| 306 | + Th_Store("secureurl", login_wants_https_redirect()? g.zHttpsURL: g.zBaseURL); | |
| 306 | 307 | Th_Store("home", g.zTop); |
| 307 | 308 | Th_Store("index_page", db_get("index-page","/home")); |
| 308 | 309 | if( local_zCurrentPage==0 ) style_set_current_page("%T", g.zPath); |
| 309 | 310 | Th_Store("current_page", local_zCurrentPage); |
| 310 | 311 | Th_Store("csrf_token", g.zCsrfToken); |
| @@ -1259,10 +1260,11 @@ | ||
| 1259 | 1260 | |
| 1260 | 1261 | /* Process through TH1 in order to give an opportunity to substitute |
| 1261 | 1262 | ** variables such as $baseurl. |
| 1262 | 1263 | */ |
| 1263 | 1264 | Th_Store("baseurl", g.zBaseURL); |
| 1265 | + Th_Store("secureurl", login_wants_https_redirect()? g.zHttpsURL: g.zBaseURL); | |
| 1264 | 1266 | Th_Store("home", g.zTop); |
| 1265 | 1267 | image_url_var("logo"); |
| 1266 | 1268 | image_url_var("background"); |
| 1267 | 1269 | Th_Render(blob_str(&css)); |
| 1268 | 1270 | |
| @@ -1304,10 +1306,11 @@ | ||
| 1304 | 1306 | } |
| 1305 | 1307 | #if !defined(_WIN32) |
| 1306 | 1308 | @ uid=%d(getuid()), gid=%d(getgid())<br /> |
| 1307 | 1309 | #endif |
| 1308 | 1310 | @ g.zBaseURL = %h(g.zBaseURL)<br /> |
| 1311 | + @ g.zHttpsURL = %h(g.zHttpsURL)<br /> | |
| 1309 | 1312 | @ g.zTop = %h(g.zTop)<br /> |
| 1310 | 1313 | for(i=0, c='a'; c<='z'; c++){ |
| 1311 | 1314 | if( login_has_capability(&c, 1) ) zCap[i++] = c; |
| 1312 | 1315 | } |
| 1313 | 1316 | zCap[i] = 0; |
| 1314 | 1317 |
| --- src/style.c | |
| +++ src/style.c | |
| @@ -301,10 +301,11 @@ | |
| 301 | |
| 302 | /* Generate the header up through the main menu */ |
| 303 | Th_Store("project_name", db_get("project-name","Unnamed Fossil Project")); |
| 304 | Th_Store("title", zTitle); |
| 305 | Th_Store("baseurl", g.zBaseURL); |
| 306 | Th_Store("home", g.zTop); |
| 307 | Th_Store("index_page", db_get("index-page","/home")); |
| 308 | if( local_zCurrentPage==0 ) style_set_current_page("%T", g.zPath); |
| 309 | Th_Store("current_page", local_zCurrentPage); |
| 310 | Th_Store("csrf_token", g.zCsrfToken); |
| @@ -1259,10 +1260,11 @@ | |
| 1259 | |
| 1260 | /* Process through TH1 in order to give an opportunity to substitute |
| 1261 | ** variables such as $baseurl. |
| 1262 | */ |
| 1263 | Th_Store("baseurl", g.zBaseURL); |
| 1264 | Th_Store("home", g.zTop); |
| 1265 | image_url_var("logo"); |
| 1266 | image_url_var("background"); |
| 1267 | Th_Render(blob_str(&css)); |
| 1268 | |
| @@ -1304,10 +1306,11 @@ | |
| 1304 | } |
| 1305 | #if !defined(_WIN32) |
| 1306 | @ uid=%d(getuid()), gid=%d(getgid())<br /> |
| 1307 | #endif |
| 1308 | @ g.zBaseURL = %h(g.zBaseURL)<br /> |
| 1309 | @ g.zTop = %h(g.zTop)<br /> |
| 1310 | for(i=0, c='a'; c<='z'; c++){ |
| 1311 | if( login_has_capability(&c, 1) ) zCap[i++] = c; |
| 1312 | } |
| 1313 | zCap[i] = 0; |
| 1314 |
| --- src/style.c | |
| +++ src/style.c | |
| @@ -301,10 +301,11 @@ | |
| 301 | |
| 302 | /* Generate the header up through the main menu */ |
| 303 | Th_Store("project_name", db_get("project-name","Unnamed Fossil Project")); |
| 304 | Th_Store("title", zTitle); |
| 305 | Th_Store("baseurl", g.zBaseURL); |
| 306 | Th_Store("secureurl", login_wants_https_redirect()? g.zHttpsURL: g.zBaseURL); |
| 307 | Th_Store("home", g.zTop); |
| 308 | Th_Store("index_page", db_get("index-page","/home")); |
| 309 | if( local_zCurrentPage==0 ) style_set_current_page("%T", g.zPath); |
| 310 | Th_Store("current_page", local_zCurrentPage); |
| 311 | Th_Store("csrf_token", g.zCsrfToken); |
| @@ -1259,10 +1260,11 @@ | |
| 1260 | |
| 1261 | /* Process through TH1 in order to give an opportunity to substitute |
| 1262 | ** variables such as $baseurl. |
| 1263 | */ |
| 1264 | Th_Store("baseurl", g.zBaseURL); |
| 1265 | Th_Store("secureurl", login_wants_https_redirect()? g.zHttpsURL: g.zBaseURL); |
| 1266 | Th_Store("home", g.zTop); |
| 1267 | image_url_var("logo"); |
| 1268 | image_url_var("background"); |
| 1269 | Th_Render(blob_str(&css)); |
| 1270 | |
| @@ -1304,10 +1306,11 @@ | |
| 1306 | } |
| 1307 | #if !defined(_WIN32) |
| 1308 | @ uid=%d(getuid()), gid=%d(getgid())<br /> |
| 1309 | #endif |
| 1310 | @ g.zBaseURL = %h(g.zBaseURL)<br /> |
| 1311 | @ g.zHttpsURL = %h(g.zHttpsURL)<br /> |
| 1312 | @ g.zTop = %h(g.zTop)<br /> |
| 1313 | for(i=0, c='a'; c<='z'; c++){ |
| 1314 | if( login_has_capability(&c, 1) ) zCap[i++] = c; |
| 1315 | } |
| 1316 | zCap[i] = 0; |
| 1317 |
+3
| --- src/style.c | ||
| +++ src/style.c | ||
| @@ -301,10 +301,11 @@ | ||
| 301 | 301 | |
| 302 | 302 | /* Generate the header up through the main menu */ |
| 303 | 303 | Th_Store("project_name", db_get("project-name","Unnamed Fossil Project")); |
| 304 | 304 | Th_Store("title", zTitle); |
| 305 | 305 | Th_Store("baseurl", g.zBaseURL); |
| 306 | + Th_Store("secureurl", login_wants_https_redirect()? g.zHttpsURL: g.zBaseURL); | |
| 306 | 307 | Th_Store("home", g.zTop); |
| 307 | 308 | Th_Store("index_page", db_get("index-page","/home")); |
| 308 | 309 | if( local_zCurrentPage==0 ) style_set_current_page("%T", g.zPath); |
| 309 | 310 | Th_Store("current_page", local_zCurrentPage); |
| 310 | 311 | Th_Store("csrf_token", g.zCsrfToken); |
| @@ -1259,10 +1260,11 @@ | ||
| 1259 | 1260 | |
| 1260 | 1261 | /* Process through TH1 in order to give an opportunity to substitute |
| 1261 | 1262 | ** variables such as $baseurl. |
| 1262 | 1263 | */ |
| 1263 | 1264 | Th_Store("baseurl", g.zBaseURL); |
| 1265 | + Th_Store("secureurl", login_wants_https_redirect()? g.zHttpsURL: g.zBaseURL); | |
| 1264 | 1266 | Th_Store("home", g.zTop); |
| 1265 | 1267 | image_url_var("logo"); |
| 1266 | 1268 | image_url_var("background"); |
| 1267 | 1269 | Th_Render(blob_str(&css)); |
| 1268 | 1270 | |
| @@ -1304,10 +1306,11 @@ | ||
| 1304 | 1306 | } |
| 1305 | 1307 | #if !defined(_WIN32) |
| 1306 | 1308 | @ uid=%d(getuid()), gid=%d(getgid())<br /> |
| 1307 | 1309 | #endif |
| 1308 | 1310 | @ g.zBaseURL = %h(g.zBaseURL)<br /> |
| 1311 | + @ g.zHttpsURL = %h(g.zHttpsURL)<br /> | |
| 1309 | 1312 | @ g.zTop = %h(g.zTop)<br /> |
| 1310 | 1313 | for(i=0, c='a'; c<='z'; c++){ |
| 1311 | 1314 | if( login_has_capability(&c, 1) ) zCap[i++] = c; |
| 1312 | 1315 | } |
| 1313 | 1316 | zCap[i] = 0; |
| 1314 | 1317 |
| --- src/style.c | |
| +++ src/style.c | |
| @@ -301,10 +301,11 @@ | |
| 301 | |
| 302 | /* Generate the header up through the main menu */ |
| 303 | Th_Store("project_name", db_get("project-name","Unnamed Fossil Project")); |
| 304 | Th_Store("title", zTitle); |
| 305 | Th_Store("baseurl", g.zBaseURL); |
| 306 | Th_Store("home", g.zTop); |
| 307 | Th_Store("index_page", db_get("index-page","/home")); |
| 308 | if( local_zCurrentPage==0 ) style_set_current_page("%T", g.zPath); |
| 309 | Th_Store("current_page", local_zCurrentPage); |
| 310 | Th_Store("csrf_token", g.zCsrfToken); |
| @@ -1259,10 +1260,11 @@ | |
| 1259 | |
| 1260 | /* Process through TH1 in order to give an opportunity to substitute |
| 1261 | ** variables such as $baseurl. |
| 1262 | */ |
| 1263 | Th_Store("baseurl", g.zBaseURL); |
| 1264 | Th_Store("home", g.zTop); |
| 1265 | image_url_var("logo"); |
| 1266 | image_url_var("background"); |
| 1267 | Th_Render(blob_str(&css)); |
| 1268 | |
| @@ -1304,10 +1306,11 @@ | |
| 1304 | } |
| 1305 | #if !defined(_WIN32) |
| 1306 | @ uid=%d(getuid()), gid=%d(getgid())<br /> |
| 1307 | #endif |
| 1308 | @ g.zBaseURL = %h(g.zBaseURL)<br /> |
| 1309 | @ g.zTop = %h(g.zTop)<br /> |
| 1310 | for(i=0, c='a'; c<='z'; c++){ |
| 1311 | if( login_has_capability(&c, 1) ) zCap[i++] = c; |
| 1312 | } |
| 1313 | zCap[i] = 0; |
| 1314 |
| --- src/style.c | |
| +++ src/style.c | |
| @@ -301,10 +301,11 @@ | |
| 301 | |
| 302 | /* Generate the header up through the main menu */ |
| 303 | Th_Store("project_name", db_get("project-name","Unnamed Fossil Project")); |
| 304 | Th_Store("title", zTitle); |
| 305 | Th_Store("baseurl", g.zBaseURL); |
| 306 | Th_Store("secureurl", login_wants_https_redirect()? g.zHttpsURL: g.zBaseURL); |
| 307 | Th_Store("home", g.zTop); |
| 308 | Th_Store("index_page", db_get("index-page","/home")); |
| 309 | if( local_zCurrentPage==0 ) style_set_current_page("%T", g.zPath); |
| 310 | Th_Store("current_page", local_zCurrentPage); |
| 311 | Th_Store("csrf_token", g.zCsrfToken); |
| @@ -1259,10 +1260,11 @@ | |
| 1260 | |
| 1261 | /* Process through TH1 in order to give an opportunity to substitute |
| 1262 | ** variables such as $baseurl. |
| 1263 | */ |
| 1264 | Th_Store("baseurl", g.zBaseURL); |
| 1265 | Th_Store("secureurl", login_wants_https_redirect()? g.zHttpsURL: g.zBaseURL); |
| 1266 | Th_Store("home", g.zTop); |
| 1267 | image_url_var("logo"); |
| 1268 | image_url_var("background"); |
| 1269 | Th_Render(blob_str(&css)); |
| 1270 | |
| @@ -1304,10 +1306,11 @@ | |
| 1306 | } |
| 1307 | #if !defined(_WIN32) |
| 1308 | @ uid=%d(getuid()), gid=%d(getgid())<br /> |
| 1309 | #endif |
| 1310 | @ g.zBaseURL = %h(g.zBaseURL)<br /> |
| 1311 | @ g.zHttpsURL = %h(g.zHttpsURL)<br /> |
| 1312 | @ g.zTop = %h(g.zTop)<br /> |
| 1313 | for(i=0, c='a'; c<='z'; c++){ |
| 1314 | if( login_has_capability(&c, 1) ) zCap[i++] = c; |
| 1315 | } |
| 1316 | zCap[i] = 0; |
| 1317 |