From c0f2a81316e9135c85e0d9aaf46aeea4e851e156 Mon Sep 17 00:00:00 2001 From: Jeremy Tan Date: Thu, 24 Oct 2013 19:37:32 +0800 Subject: [PATCH] Only use POST for login, and only if the GET string is empty Fix 'friendly name' too. --- server/fastcgi.c | 13 +++++++++---- testing/MCTXWeb/public_html/static/mctx.gui.js | 2 +- 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/server/fastcgi.c b/server/fastcgi.c index 19d2869..94742bd 100644 --- a/server/fastcgi.c +++ b/server/fastcgi.c @@ -591,10 +591,8 @@ void * FCGI_RequestLoop (void *data) //strncpy doesn't zero-truncate properly snprintf(module, BUFSIZ, "%s", getenv("DOCUMENT_URI_LOCAL")); - //Read from post body. If not empty, try GET instead. - if (fgets(params, BUFSIZ, stdin) == NULL || *params == '\0') { - snprintf(params, BUFSIZ, "%s", getenv("QUERY_STRING")); - } + //Get the GET query string + snprintf(params, BUFSIZ, "%s", getenv("QUERY_STRING")); //URL decode the parameters FCGI_URLDecode(params); @@ -653,6 +651,13 @@ void * FCGI_RequestLoop (void *data) //Escape all special characters. //Don't escape for login (password may have special chars?) FCGI_EscapeText(params); + } else { //Only for Login handler. + //If GET data is empty, use POST instead. + if (*params == '\0') { + Log(LOGDEBUG, "Using POST!"); + fgets(params, BUFSIZ, stdin); + FCGI_URLDecode(params); + } } module_handler(&context, params); diff --git a/testing/MCTXWeb/public_html/static/mctx.gui.js b/testing/MCTXWeb/public_html/static/mctx.gui.js index 3df2bac..c64f3c4 100644 --- a/testing/MCTXWeb/public_html/static/mctx.gui.js +++ b/testing/MCTXWeb/public_html/static/mctx.gui.js @@ -123,7 +123,7 @@ function runBeforeLoad(isLoginPage) { window.location = mctx.location + "login.html"; } } else { - mctx.friendlyName = data.friendly_name; + mctx.friendlyName = data.user_name; } }).fail(function (jqHXR) { if (mctx.debug) { -- 2.20.1