Diff
Not logged in

Differences From:

File src/info.c part of check-in [974f025c6e] - Update the "info" command so that it can take the name of a repository as its argument and then report information about that repository. by drh on 2008-10-17 13:30:46. [view]

To:

File src/info.c part of check-in [0be54823ba] - Add defenses against cross-site request forgery attacks. by drh on 2008-10-18 12:55:44. [view]

@@ -1023,8 +1023,9 @@
     Blob ctrl;
     char *zDate;
     int nChng = 0;
 
+    login_verify_csrf_secret();
     blob_zero(&ctrl);
     zDate = db_text(0, "SELECT datetime('now')");
     zDate[10] = 'T';
     blob_appendf(&ctrl, "D %s\n", zDate);
@@ -1056,8 +1057,9 @@
   @ <p>Make changes to the User and Comment for baseline
   @ [<a href="vinfo?name=%d(rid)">%s(zUuid)</a>] then press the
   @ "Apply Changes" button.</p>
   @ <form action="%s(g.zBaseURL)/vedit" method="POST">
+  login_insert_csrf_secret();
   @ <input type="hidden" name="r" value="%d(rid)">
   @ <p>
   @ <b>User:</b> <input type="text" name="u" size="20" value="%h(zNewUser)">
   @ </p>