changeset 1384:86d23010ea74

Ignore unknown names in query string name-value pairs; allow any side effects by Extern URLs, without signature checking
author Adam Chlipala <adam@chlipala.net>
date Thu, 06 Jan 2011 12:49:14 -0500 (2011-01-06)
parents 0af6bd2dd149
children 449a12b82db7
files src/c/urweb.c src/cjr_print.sml
diffstat 2 files changed, 3 insertions(+), 7 deletions(-) [+]
line wrap: on
line diff
--- a/src/c/urweb.c	Thu Jan 06 12:31:13 2011 -0500
+++ b/src/c/urweb.c	Thu Jan 06 12:49:14 2011 -0500
@@ -927,12 +927,8 @@
   } else {
     int n = ctx->app->input_num(name);
 
-    if (n < 0) {
-      if (!strcmp(name, "null"))
-        return 0;
-      uw_set_error(ctx, "Bad input name %s", name);
-      return -1;
-    }
+    if (n < 0)
+      return 0;
 
     if (n >= ctx->app->inputs_len) {
       uw_set_error(ctx, "For input name %s, index %d is out of range", name, n);
--- a/src/cjr_print.sml	Thu Jan 06 12:31:13 2011 -0500
+++ b/src/cjr_print.sml	Thu Jan 06 12:49:14 2011 -0500
@@ -2588,7 +2588,7 @@
                         Link => false
                       | Action ef => ef = ReadCookieWrite
                       | Rpc ef => ef = ReadCookieWrite
-                      | Extern ef => ef = ReadCookieWrite
+                      | Extern _ => false
 
                 val s =
                     case Settings.getUrlPrefix () of