Fossil SCM
Only honor the fpsilent flag if the user has g.perm.Debug, to avoid that malicious parties inject that flag via the browser dev tools.
Commit
b8ab407f782d251c1f84495d0b0491a99323b1f13530dce2e1927c817ff9f7df
Parent
65062c29d446805…
1 file changed
+1
-1
+1
-1
| --- src/forum.c | ||
| +++ src/forum.c | ||
| @@ -955,11 +955,11 @@ | ||
| 955 | 955 | ** Return a flags value for use with the final argument to |
| 956 | 956 | ** forum_post(), extracted from the CGI environment. |
| 957 | 957 | */ |
| 958 | 958 | static int forum_post_flags(void){ |
| 959 | 959 | int iPostFlags = 0; |
| 960 | - if( P("fpsilent")!=0 ){ | |
| 960 | + if( g.perm.Debug && P("fpsilent")!=0 ){ | |
| 961 | 961 | iPostFlags |= FPOST_NO_ALERT; |
| 962 | 962 | } |
| 963 | 963 | return iPostFlags; |
| 964 | 964 | } |
| 965 | 965 | |
| 966 | 966 |
| --- src/forum.c | |
| +++ src/forum.c | |
| @@ -955,11 +955,11 @@ | |
| 955 | ** Return a flags value for use with the final argument to |
| 956 | ** forum_post(), extracted from the CGI environment. |
| 957 | */ |
| 958 | static int forum_post_flags(void){ |
| 959 | int iPostFlags = 0; |
| 960 | if( P("fpsilent")!=0 ){ |
| 961 | iPostFlags |= FPOST_NO_ALERT; |
| 962 | } |
| 963 | return iPostFlags; |
| 964 | } |
| 965 | |
| 966 |
| --- src/forum.c | |
| +++ src/forum.c | |
| @@ -955,11 +955,11 @@ | |
| 955 | ** Return a flags value for use with the final argument to |
| 956 | ** forum_post(), extracted from the CGI environment. |
| 957 | */ |
| 958 | static int forum_post_flags(void){ |
| 959 | int iPostFlags = 0; |
| 960 | if( g.perm.Debug && P("fpsilent")!=0 ){ |
| 961 | iPostFlags |= FPOST_NO_ALERT; |
| 962 | } |
| 963 | return iPostFlags; |
| 964 | } |
| 965 | |
| 966 |