b04a39a028980ea32b2ac62950bdff0a67de16d0 galt Wed Jul 18 14:48:19 2018 -0700 Add missing CSP header to pages not handled automatically by library functions. refs #21729. diff --git src/hg/useCount/useCount.c src/hg/useCount/useCount.c index ce11ad2..953ad12 100644 --- src/hg/useCount/useCount.c +++ src/hg/useCount/useCount.c @@ -1,52 +1,53 @@ /* useCount - a simple CGI that merely counts its references. */ /* Copyright (C) 2013 The Regents of the University of California * See README in this or parent directory for licensing information. */ #include "common.h" #include "jksql.h" #include "cheapcgi.h" +#include "htmshell.h" #include "hdb.h" /* table to use for counting in hgcentral */ static char useCount[] = "useCount"; int main(int argc, char *argv[]) { int count = 0; cgiSpoof(&argc, argv); char dateTime[256]; char *remoteAddr = getenv("REMOTE_ADDR"); char *userAgent = getenv("HTTP_USER_AGENT"); char *version = cgiUsualString("version", "unknown"); if (remoteAddr == NULL) remoteAddr = "unknown"; if (userAgent == NULL) userAgent = "unknown"; /* protect against huge strings coming in from outside */ char safeAgent[255]; snprintf(safeAgent, sizeof(safeAgent), "%s", userAgent); char safeAddr[255]; snprintf(safeAddr, sizeof(safeAddr), "%s", remoteAddr); char safeVersion[255]; snprintf(safeVersion, sizeof(safeVersion), "%s", version); printf("Content-Type:text/html\n\n\n"); printf("<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 3.2//EN\">"); -printf("<HTML><HEAD>\n"); +printf("<HTML><HEAD>\n%s",getCspMetaHeader()); struct sqlConnection *conn = hConnectCentral(); if (conn) { char query[1024]; if (sqlTableExists(conn, useCount)) { sqlSafef(query, sizeof(query), "INSERT %s VALUES(0,\"%s\",\"%s\",now(),\"%s\")", useCount, safeAgent, safeAddr, safeVersion); sqlUpdate(conn,query); count = sqlLastAutoId(conn); sqlSafef(query, sizeof(query), "SELECT dateTime FROM %s WHERE count=%d", useCount, count); (void) sqlQuickQuery(conn, query, dateTime, sizeof(dateTime)); }