Fossil SCM

The codecheck1 utility makes a distinction between routines that need to generate HTML-free content and routines that generate content that is safe for any generic HTTP reply.

drh 2025-03-07 16:30 enhanced-defenses
Commit cd9086c2669b3b21dfbc0f67949172ca44bdf077884fbdd1ae30a00fa45098f1
Parent 2da41072ffefda4…
1 file changed +4 -4
~ tools/codecheck1.c
M tools/codecheck1.c
+4 -4
--- tools/codecheck1.c
+++ tools/codecheck1.c
@@ -368,11 +368,11 @@
368368
 #define FMT_SQL 0x00001 /* Generator for SQL text */
369369
 #define FMT_HTML 0x00002 /* Generator for HTML text */
370370
 #define FMT_URL 0x00004 /* Generator for URLs */
371371
 #define FMT_JSON 0x00008 /* Generator for JSON */
372372
 #define FMT_SAFE 0x00010 /* Generator for human-readable text */
373
-#define FMT_FIXME FMT_SAFE
373
+#define FMT_HTTP FMT_SAFE /* Generator for HTTP reply content */
374374
 #define FMT_LIT 0x00020 /* Just verify that a string literal */
375375
 #define FMT_PX 0x00040 /* Must have a literal prefix in format string */
376376
377377
 /*
378378
 ** A list of internal Fossil interfaces that take a printf-style format
@@ -390,15 +390,15 @@
390390
 { "backoffice_log", 1, FMT_SAFE },
391391
 { "blob_append_sql", 2, FMT_SQL },
392392
 { "blob_appendf", 2, FMT_SAFE },
393393
 { "cgi_debug", 1, FMT_SAFE },
394394
 { "cgi_panic", 1, FMT_SAFE },
395
- { "cgi_printf", 1, FMT_FIXME },
396
- { "cgi_printf_header", 1, FMT_FIXME },
395
+ { "cgi_printf", 1, FMT_HTTP },
396
+ { "cgi_printf_header", 1, FMT_HTTP },
397397
 { "cgi_redirectf", 1, FMT_URL },
398398
 { "chref", 2, FMT_URL },
399
- { "CX", 1, FMT_FIXME },
399
+ { "CX", 1, FMT_HTTP },
400400
 { "db_blob", 2, FMT_SQL },
401401
 { "db_debug", 1, FMT_SQL },
402402
 { "db_double", 2, FMT_SQL },
403403
 { "db_err", 1, FMT_SAFE },
404404
 { "db_exists", 1, FMT_SQL },
405405
--- tools/codecheck1.c
+++ tools/codecheck1.c
@@ -368,11 +368,11 @@
368 #define FMT_SQL 0x00001 /* Generator for SQL text */
369 #define FMT_HTML 0x00002 /* Generator for HTML text */
370 #define FMT_URL 0x00004 /* Generator for URLs */
371 #define FMT_JSON 0x00008 /* Generator for JSON */
372 #define FMT_SAFE 0x00010 /* Generator for human-readable text */
373 #define FMT_FIXME FMT_SAFE
374 #define FMT_LIT 0x00020 /* Just verify that a string literal */
375 #define FMT_PX 0x00040 /* Must have a literal prefix in format string */
376
377 /*
378 ** A list of internal Fossil interfaces that take a printf-style format
@@ -390,15 +390,15 @@
390 { "backoffice_log", 1, FMT_SAFE },
391 { "blob_append_sql", 2, FMT_SQL },
392 { "blob_appendf", 2, FMT_SAFE },
393 { "cgi_debug", 1, FMT_SAFE },
394 { "cgi_panic", 1, FMT_SAFE },
395 { "cgi_printf", 1, FMT_FIXME },
396 { "cgi_printf_header", 1, FMT_FIXME },
397 { "cgi_redirectf", 1, FMT_URL },
398 { "chref", 2, FMT_URL },
399 { "CX", 1, FMT_FIXME },
400 { "db_blob", 2, FMT_SQL },
401 { "db_debug", 1, FMT_SQL },
402 { "db_double", 2, FMT_SQL },
403 { "db_err", 1, FMT_SAFE },
404 { "db_exists", 1, FMT_SQL },
405
--- tools/codecheck1.c
+++ tools/codecheck1.c
@@ -368,11 +368,11 @@
368 #define FMT_SQL 0x00001 /* Generator for SQL text */
369 #define FMT_HTML 0x00002 /* Generator for HTML text */
370 #define FMT_URL 0x00004 /* Generator for URLs */
371 #define FMT_JSON 0x00008 /* Generator for JSON */
372 #define FMT_SAFE 0x00010 /* Generator for human-readable text */
373 #define FMT_HTTP FMT_SAFE /* Generator for HTTP reply content */
374 #define FMT_LIT 0x00020 /* Just verify that a string literal */
375 #define FMT_PX 0x00040 /* Must have a literal prefix in format string */
376
377 /*
378 ** A list of internal Fossil interfaces that take a printf-style format
@@ -390,15 +390,15 @@
390 { "backoffice_log", 1, FMT_SAFE },
391 { "blob_append_sql", 2, FMT_SQL },
392 { "blob_appendf", 2, FMT_SAFE },
393 { "cgi_debug", 1, FMT_SAFE },
394 { "cgi_panic", 1, FMT_SAFE },
395 { "cgi_printf", 1, FMT_HTTP },
396 { "cgi_printf_header", 1, FMT_HTTP },
397 { "cgi_redirectf", 1, FMT_URL },
398 { "chref", 2, FMT_URL },
399 { "CX", 1, FMT_HTTP },
400 { "db_blob", 2, FMT_SQL },
401 { "db_debug", 1, FMT_SQL },
402 { "db_double", 2, FMT_SQL },
403 { "db_err", 1, FMT_SAFE },
404 { "db_exists", 1, FMT_SQL },
405

Keyboard Shortcuts

Open search /
Next entry (timeline) j
Previous entry (timeline) k
Open focused entry Enter
Show this help ?
Toggle theme Top nav button