Differences From:

File src/admin.c part of check-in [1f1d96529c] - Users unconditionally inherit capabilities of "anonymous". New capability "v" means to inherit capabilities of user "developer". Login is prohibited if the password is empty. by drh on 2008-08-03 16:47:43. Also file src/admin.c part of check-in [5fb14b9a0f] - Include non-sym- tags in tagview web page. Also merge mainline into tagview branch. by eric on 2008-08-21 20:59:01. [view]

To:

File src/admin.c part of check-in [0be54823ba] - Add defenses against cross-site request forgery attacks. by drh on 2008-10-18 12:55:44. [view]

@@ -77,13 +77,15 @@
   @ <h2>SQL:</h2>
   @ You can enter only SELECT statements here, and some SQL-side functions
   @ are also restricted.<br/>
   @ <form action='' method='post'>
+  login_insert_csrf_secret();
   @ <textarea style='border:2px solid black' name='sql'
   @  cols='80' rows='5'>%h(zSql)</textarea>
   @ <br/><input type='submit' name='sql_submit'/> <input type='reset'/>
   @ </form>
   if( zSql[0] ){
+    login_verify_csrf_secret();
     sqlite3_set_authorizer(g.db, selectOnly, 0);
     db_generic_query_view(zSql, 0);
     sqlite3_set_authorizer(g.db, 0, 0);
   }