Diff
Not logged in
HomeFilesLeavesTimelineBranchesTagsTicketsWikiLogin

Differences From:

File src/xfer.c part of check-in [7a2c37063a] - merge trunk into creole branch by bob on 2009-09-22 07:49:39. Also file src/xfer.c part of check-in [39a144eb5c] - Make sure that bringing up the "/xfer" URL in a web-browser does something sensible (it redirects to the homepage.) Ticket 1d7bbe30aad51. by drh on 2009-09-16 14:50:24. [view]

To:

File src/xfer.c part of check-in [7100babda6] - Improved handling of spaces in usernames and passwords. by drh on 2009-09-21 16:14:33. [view] 
@@ -384,15 +384,17 @@
 */
 void check_login(Blob *pLogin, Blob *pNonce, Blob *pSig){
   Stmt q;
   int rc = -1;
+  char *zLogin = blob_terminate(pLogin);
+  defossilize(zLogin);
 
   db_prepare(&q,
      "SELECT pw, cap, uid FROM user"
-     " WHERE login=%B"
+     " WHERE login=%Q"
      "   AND login NOT IN ('anonymous','nobody','developer','reader')"
      "   AND length(pw)>0",
-     pLogin
+     zLogin
   );
   if( db_step(&q)==SQLITE_ROW ){
     Blob pw, combined, hash;
     blob_zero(&pw);

Fossil version [c0211010a1] 2009-12-13 01:31:36