Mercurial > urweb
changeset 1384:86d23010ea74
Ignore unknown names in query string name-value pairs; allow any side effects by Extern URLs, without signature checking
author | Adam Chlipala <adam@chlipala.net> |
---|---|
date | Thu, 06 Jan 2011 12:49:14 -0500 (2011-01-06) |
parents | 0af6bd2dd149 |
children | 449a12b82db7 |
files | src/c/urweb.c src/cjr_print.sml |
diffstat | 2 files changed, 3 insertions(+), 7 deletions(-) [+] |
line wrap: on
line diff
--- a/src/c/urweb.c Thu Jan 06 12:31:13 2011 -0500 +++ b/src/c/urweb.c Thu Jan 06 12:49:14 2011 -0500 @@ -927,12 +927,8 @@ } else { int n = ctx->app->input_num(name); - if (n < 0) { - if (!strcmp(name, "null")) - return 0; - uw_set_error(ctx, "Bad input name %s", name); - return -1; - } + if (n < 0) + return 0; if (n >= ctx->app->inputs_len) { uw_set_error(ctx, "For input name %s, index %d is out of range", name, n);
--- a/src/cjr_print.sml Thu Jan 06 12:31:13 2011 -0500 +++ b/src/cjr_print.sml Thu Jan 06 12:49:14 2011 -0500 @@ -2588,7 +2588,7 @@ Link => false | Action ef => ef = ReadCookieWrite | Rpc ef => ef = ReadCookieWrite - | Extern ef => ef = ReadCookieWrite + | Extern _ => false val s = case Settings.getUrlPrefix () of