Fossil SCM
When on a Fossil web-page without being logged-in, pressing "Login" and doing a successful login will bring you back to the same web-page again.
Commit
d5d7e640d035f1b9aa159fb83eac94fc28862733
Parent
ca0a58fac56b532…
2 files changed
-2
+4
-2
| --- src/cgi.c | ||
| +++ src/cgi.c | ||
| @@ -1340,14 +1340,12 @@ | ||
| 1340 | 1340 | cgi_setenv("HTTP_HOST", zVal); |
| 1341 | 1341 | }else if( fossil_strcmp(zFieldName,"if-none-match:")==0 ){ |
| 1342 | 1342 | cgi_setenv("HTTP_IF_NONE_MATCH", zVal); |
| 1343 | 1343 | }else if( fossil_strcmp(zFieldName,"if-modified-since:")==0 ){ |
| 1344 | 1344 | cgi_setenv("HTTP_IF_MODIFIED_SINCE", zVal); |
| 1345 | -#if 0 | |
| 1346 | 1345 | }else if( fossil_strcmp(zFieldName,"referer:")==0 ){ |
| 1347 | 1346 | cgi_setenv("HTTP_REFERER", zVal); |
| 1348 | -#endif | |
| 1349 | 1347 | }else if( fossil_strcmp(zFieldName,"user-agent:")==0 ){ |
| 1350 | 1348 | cgi_setenv("HTTP_USER_AGENT", zVal); |
| 1351 | 1349 | }else if( fossil_strcmp(zFieldName,"x-forwarded-for:")==0 ){ |
| 1352 | 1350 | const char *zIpAddr = cgi_accept_forwarded_for(zVal); |
| 1353 | 1351 | if( zIpAddr!=0 ){ |
| 1354 | 1352 |
| --- src/cgi.c | |
| +++ src/cgi.c | |
| @@ -1340,14 +1340,12 @@ | |
| 1340 | cgi_setenv("HTTP_HOST", zVal); |
| 1341 | }else if( fossil_strcmp(zFieldName,"if-none-match:")==0 ){ |
| 1342 | cgi_setenv("HTTP_IF_NONE_MATCH", zVal); |
| 1343 | }else if( fossil_strcmp(zFieldName,"if-modified-since:")==0 ){ |
| 1344 | cgi_setenv("HTTP_IF_MODIFIED_SINCE", zVal); |
| 1345 | #if 0 |
| 1346 | }else if( fossil_strcmp(zFieldName,"referer:")==0 ){ |
| 1347 | cgi_setenv("HTTP_REFERER", zVal); |
| 1348 | #endif |
| 1349 | }else if( fossil_strcmp(zFieldName,"user-agent:")==0 ){ |
| 1350 | cgi_setenv("HTTP_USER_AGENT", zVal); |
| 1351 | }else if( fossil_strcmp(zFieldName,"x-forwarded-for:")==0 ){ |
| 1352 | const char *zIpAddr = cgi_accept_forwarded_for(zVal); |
| 1353 | if( zIpAddr!=0 ){ |
| 1354 |
| --- src/cgi.c | |
| +++ src/cgi.c | |
| @@ -1340,14 +1340,12 @@ | |
| 1340 | cgi_setenv("HTTP_HOST", zVal); |
| 1341 | }else if( fossil_strcmp(zFieldName,"if-none-match:")==0 ){ |
| 1342 | cgi_setenv("HTTP_IF_NONE_MATCH", zVal); |
| 1343 | }else if( fossil_strcmp(zFieldName,"if-modified-since:")==0 ){ |
| 1344 | cgi_setenv("HTTP_IF_MODIFIED_SINCE", zVal); |
| 1345 | }else if( fossil_strcmp(zFieldName,"referer:")==0 ){ |
| 1346 | cgi_setenv("HTTP_REFERER", zVal); |
| 1347 | }else if( fossil_strcmp(zFieldName,"user-agent:")==0 ){ |
| 1348 | cgi_setenv("HTTP_USER_AGENT", zVal); |
| 1349 | }else if( fossil_strcmp(zFieldName,"x-forwarded-for:")==0 ){ |
| 1350 | const char *zIpAddr = cgi_accept_forwarded_for(zVal); |
| 1351 | if( zIpAddr!=0 ){ |
| 1352 |
+4
| --- src/login.c | ||
| +++ src/login.c | ||
| @@ -472,10 +472,11 @@ | ||
| 472 | 472 | int anonFlag; |
| 473 | 473 | char *zErrMsg = ""; |
| 474 | 474 | int uid; /* User id logged in user */ |
| 475 | 475 | char *zSha1Pw; |
| 476 | 476 | const char *zIpAddr; /* IP address of requestor */ |
| 477 | + const char *zReferer; | |
| 477 | 478 | |
| 478 | 479 | login_check_credentials(); |
| 479 | 480 | sqlite3_create_function(g.db, "constant_time_cmp", 2, SQLITE_UTF8, 0, |
| 480 | 481 | constant_time_cmp_function, 0, 0); |
| 481 | 482 | zUsername = P("u"); |
| @@ -532,10 +533,11 @@ | ||
| 532 | 533 | return; |
| 533 | 534 | } |
| 534 | 535 | } |
| 535 | 536 | } |
| 536 | 537 | zIpAddr = PD("REMOTE_ADDR","nil"); /* Complete IP address for logging */ |
| 538 | + zReferer = P("HTTP_REFERER"); | |
| 537 | 539 | uid = login_is_valid_anonymous(zUsername, zPasswd, P("cs")); |
| 538 | 540 | if( uid>0 ){ |
| 539 | 541 | login_set_anon_cookie(zIpAddr, NULL); |
| 540 | 542 | record_login_attempt("anonymous", zIpAddr, 1); |
| 541 | 543 | redirect_to_g(); |
| @@ -570,10 +572,12 @@ | ||
| 570 | 572 | @ <p>A login is required for <a href="%h(zGoto)">%h(zGoto)</a>.</p> |
| 571 | 573 | } |
| 572 | 574 | form_begin(0, "%R/login"); |
| 573 | 575 | if( zGoto ){ |
| 574 | 576 | @ <input type="hidden" name="g" value="%h(zGoto)" /> |
| 577 | + }else if( zReferer && strncmp(g.zBaseURL, zReferer, strlen(g.zBaseURL))==0 ){ | |
| 578 | + @ <input type="hidden" name="g" value="%h(zReferer)" /> | |
| 575 | 579 | } |
| 576 | 580 | @ <table class="login_out"> |
| 577 | 581 | @ <tr> |
| 578 | 582 | @ <td class="login_out_label">User ID:</td> |
| 579 | 583 | if( anonFlag ){ |
| 580 | 584 |
| --- src/login.c | |
| +++ src/login.c | |
| @@ -472,10 +472,11 @@ | |
| 472 | int anonFlag; |
| 473 | char *zErrMsg = ""; |
| 474 | int uid; /* User id logged in user */ |
| 475 | char *zSha1Pw; |
| 476 | const char *zIpAddr; /* IP address of requestor */ |
| 477 | |
| 478 | login_check_credentials(); |
| 479 | sqlite3_create_function(g.db, "constant_time_cmp", 2, SQLITE_UTF8, 0, |
| 480 | constant_time_cmp_function, 0, 0); |
| 481 | zUsername = P("u"); |
| @@ -532,10 +533,11 @@ | |
| 532 | return; |
| 533 | } |
| 534 | } |
| 535 | } |
| 536 | zIpAddr = PD("REMOTE_ADDR","nil"); /* Complete IP address for logging */ |
| 537 | uid = login_is_valid_anonymous(zUsername, zPasswd, P("cs")); |
| 538 | if( uid>0 ){ |
| 539 | login_set_anon_cookie(zIpAddr, NULL); |
| 540 | record_login_attempt("anonymous", zIpAddr, 1); |
| 541 | redirect_to_g(); |
| @@ -570,10 +572,12 @@ | |
| 570 | @ <p>A login is required for <a href="%h(zGoto)">%h(zGoto)</a>.</p> |
| 571 | } |
| 572 | form_begin(0, "%R/login"); |
| 573 | if( zGoto ){ |
| 574 | @ <input type="hidden" name="g" value="%h(zGoto)" /> |
| 575 | } |
| 576 | @ <table class="login_out"> |
| 577 | @ <tr> |
| 578 | @ <td class="login_out_label">User ID:</td> |
| 579 | if( anonFlag ){ |
| 580 |
| --- src/login.c | |
| +++ src/login.c | |
| @@ -472,10 +472,11 @@ | |
| 472 | int anonFlag; |
| 473 | char *zErrMsg = ""; |
| 474 | int uid; /* User id logged in user */ |
| 475 | char *zSha1Pw; |
| 476 | const char *zIpAddr; /* IP address of requestor */ |
| 477 | const char *zReferer; |
| 478 | |
| 479 | login_check_credentials(); |
| 480 | sqlite3_create_function(g.db, "constant_time_cmp", 2, SQLITE_UTF8, 0, |
| 481 | constant_time_cmp_function, 0, 0); |
| 482 | zUsername = P("u"); |
| @@ -532,10 +533,11 @@ | |
| 533 | return; |
| 534 | } |
| 535 | } |
| 536 | } |
| 537 | zIpAddr = PD("REMOTE_ADDR","nil"); /* Complete IP address for logging */ |
| 538 | zReferer = P("HTTP_REFERER"); |
| 539 | uid = login_is_valid_anonymous(zUsername, zPasswd, P("cs")); |
| 540 | if( uid>0 ){ |
| 541 | login_set_anon_cookie(zIpAddr, NULL); |
| 542 | record_login_attempt("anonymous", zIpAddr, 1); |
| 543 | redirect_to_g(); |
| @@ -570,10 +572,12 @@ | |
| 572 | @ <p>A login is required for <a href="%h(zGoto)">%h(zGoto)</a>.</p> |
| 573 | } |
| 574 | form_begin(0, "%R/login"); |
| 575 | if( zGoto ){ |
| 576 | @ <input type="hidden" name="g" value="%h(zGoto)" /> |
| 577 | }else if( zReferer && strncmp(g.zBaseURL, zReferer, strlen(g.zBaseURL))==0 ){ |
| 578 | @ <input type="hidden" name="g" value="%h(zReferer)" /> |
| 579 | } |
| 580 | @ <table class="login_out"> |
| 581 | @ <tr> |
| 582 | @ <td class="login_out_label">User ID:</td> |
| 583 | if( anonFlag ){ |
| 584 |