On Wed, Sep 14, 2011 at 2:20 PM, Stephan Beal <sgb...@googlemail.com> wrote:
> On Wed, Sep 14, 2011 at 8:05 PM, Richard Hipp <d...@sqlite.org> wrote:
>
>> cgi_set_parameter("fossil-ABCDEF", "xxxxxx");
>>
>
> Great :). i now see cgi_replace_parameter(), which is what i really want
> (because the JSON auth info will be processed after fossil has done its
> cookie cutting).
>
To clarify, Fossil uses a single namespace to hold all environment
variables, cookies, query parameters, and POST parameters. All of things
are name/value pairs, and they all go into a common look-up table. So there
is no way in Fossil to ask for the value of a cookie, for example. You have
to ask for the value associated with a name, where that name/value might be
any of a an environment variable, cookie, query parameter or POST
parameter. They all work the same.
Note however, that query parameters, POST parameters, and cookies always use
lower-case names and environment variables use upper-case names. So there
is no way to generate a rogue request that overrides an environment variable
using a query parameter, for example. In other words, you cannot do:
http://www.fossil-scm.org/fossil/xfer?REMOTE_USER=drh
... hoping to subvert the login mechanism and push content under my name.
But you can interchange cookies, query parameters, and POST parameters, and
Fossil won't notice.
>
> Thanks!
>
> --
> ----- stephan beal
> http://wanderinghorse.net/home/stephan/
>
> _______________________________________________
> fossil-users mailing list
> fossil-users@lists.fossil-scm.org
> http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
>
>
--
D. Richard Hipp
d...@sqlite.org
_______________________________________________
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
