Fossil

Check-in [3c2ef25d]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Fix bad url on "Advanced"/"Basic" link of the timeline page.

The zLink argument of style_submenu_element() should be a literal "%s", otherwise, encoded url parameter value may contain "%" and get corrupt by the vmprintf() call inside.

Problem was happening when clicking on "Basic/Advanced" link on this page: http://www.fossil-scm.org/index.html/timeline?advm=1&chng=src/*

Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256:3c2ef25d03fb48d532badb0cba2843de24c1b19f75da27b4b9f0ab0a1fc70349
User & Date: mgagnon 2018-01-16 15:41:34
References
2018-01-16
16:30
Update the codecheck1.c utility program to find unsafe format strings for recently added varargs functions. Fix unsafe varargs found by this update. This is a continuation of the fix in check-in [3c2ef25d03fb48d5]. check-in: 2fac7df4 user: drh tags: trunk
Context
2018-01-16
15:44
merge previous fork check-in: dddad4f0 user: mgagnon tags: trunk
15:41
Fix bad url on "Advanced"/"Basic" link of the timeline page.

The zLink argument of style_submenu_element() should be a literal "%s", otherwise, encoded url parameter value may contain "%" and get corrupt by the vmprintf() call inside.

Problem was happening when clicking on "Basic/Advanced" link on this page: http://www.fossil-scm.org/index.html/timeline?advm=1&chng=src/* check-in: 3c2ef25d user: mgagnon tags: trunk

14:01
Fix typo in the default skin CSS - patch from Johan Kuuse. check-in: e07fdbc5 user: drh tags: trunk
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to src/timeline.c.

2017
2018
2019
2020
2021
2022
2023
2024
2025
2026
2027
2028
2029
2030
2031
2032
2033
  if( PB("showsql") ){
    @ <pre>%h(blob_sql_text(&sql))</pre>
  }
  if( search_restrict(SRCH_CKIN)!=0 ){
    style_submenu_element("Search", "%R/search?y=c");
  }
  if( advancedMenu ){
    style_submenu_element("Basic", url_render(&url, "advm", "0", 0, 0));
  }else{
    style_submenu_element("Advanced", url_render(&url, "advm", "1", 0, 0));
  }
  if( PB("showid") ) tmFlags |= TIMELINE_SHOWRID;
  if( useDividers && zMark && zMark[0] ){
    double r = symbolic_name_to_mtime(zMark);
    if( r>0.0 ) selectedRid = timeline_add_divider(r);
  }
  blob_zero(&sql);







|

|







2017
2018
2019
2020
2021
2022
2023
2024
2025
2026
2027
2028
2029
2030
2031
2032
2033
  if( PB("showsql") ){
    @ <pre>%h(blob_sql_text(&sql))</pre>
  }
  if( search_restrict(SRCH_CKIN)!=0 ){
    style_submenu_element("Search", "%R/search?y=c");
  }
  if( advancedMenu ){
    style_submenu_element("Basic", "%s", url_render(&url, "advm", "0", 0, 0));
  }else{
    style_submenu_element("Advanced", "%s", url_render(&url, "advm", "1", 0, 0));
  }
  if( PB("showid") ) tmFlags |= TIMELINE_SHOWRID;
  if( useDividers && zMark && zMark[0] ){
    double r = symbolic_name_to_mtime(zMark);
    if( r>0.0 ) selectedRid = timeline_add_divider(r);
  }
  blob_zero(&sql);