Fossil

Differences From Artifact [9ab55854]:

• File src/style.c — part of check-in [0204f4aa] at 2023-08-31 12:20:00 on branch trunk — Show the complete CGI environment in the error log on a 418 hack attempt error. (user: drh size: 55762)

To Artifact [b86a42cf]:

• File src/style.c — part of check-in [88a402fe] at 2023-09-18 13:18:41 on branch csrf-defense-enhancement — Try to simplify and rationalize the defenses against cross-site request forgery attacks. A hodgepodge of techniques have been used in the past. This changes attempts to make everything work more alike and to centralize CSRF defenses for easier auditing. (user: drh size: 55792)

257
258
259
260
261
262
263

264
265
266
267
268
269
270

  if( g.perm.Hyperlink ){
    @ <form method="POST" action="%z(zLink)" %s(zOtherArgs)>
  }else{
    needHrefJs = 1;
    @ <form method="POST" data-action='%s(zLink)' action='%R/login' \
    @ %s(zOtherArgs)>
  }

}

/*
** Add a new element to the submenu
*/
void style_submenu_element(
  const char *zLabel,

>

257
258
259
260
261
262
263
264
265
266
267
268
269
270
271

  if( g.perm.Hyperlink ){
    @ <form method="POST" action="%z(zLink)" %s(zOtherArgs)>
  }else{
    needHrefJs = 1;
    @ <form method="POST" data-action='%s(zLink)' action='%R/login' \
    @ %s(zOtherArgs)>
  }
  login_insert_csrf_secret();
}

/*
** Add a new element to the submenu
*/
void style_submenu_element(
  const char *zLabel,