Fossil SCM

Always apply the robot-restrict setting to self-declared robots.

drh 2024-08-15 13:02 trunk

Commit 398ea9e425aa60eaaf0c1c2fbcee125166e023f300ca9024462c1ca82aab305d

Parent 89388d4c6072354…

1 file changed +7 -3

M src/login.c

+7 -3

		--- src/login.c
		+++ src/login.c
		@@ -1276,11 +1276,13 @@
1276	1276	**
1277	1277	** This routine believes that this is a complex request is coming from
1278	1278	** a robot if all of the following are true:
1279	1279	**
1280	1280	** * The user is "nobody".
1281		-** * The REFERER field of the HTTP header is missing or empty.
	1281	+** * Either the REFERER field of the HTTP header is missing or empty,
	1282	+** or the USERAGENT field of the HTTP header suggests that
	1283	+** the request as coming from a robot.
1282	1284	** * There are one or more query parameters other than "name".
1283	1285	**
1284	1286	** Robot restrictions are governed by settings.
1285	1287	**
1286	1288	** robot-restrict The value is a list of GLOB patterns for pages
		@@ -1291,14 +1293,16 @@
1291	1293	void login_restrict_robot_access(void){
1292	1294	const char *zReferer;
1293	1295	const char *zGlob;
1294	1296	int isMatch = 1;
1295	1297	if( g.zLogin!=0 ) return;
1296		- zReferer = P("HTTP_REFERER");
1297		- if( zReferer && zReferer[0]!=0 ) return;
1298	1298	zGlob = db_get("robot-restrict",0);
1299	1299	if( zGlob==0 \|\| zGlob[0]==0 ) return;
	1300	+ if( g.isHuman ){
	1301	+ zReferer = P("HTTP_REFERER");
	1302	+ if( zReferer && zReferer[0]!=0 ) return;
	1303	+ }
1300	1304	if( cgi_qp_count()<1 ) return;
1301	1305	isMatch = glob_multi_match(zGlob, g.zPath);
1302	1306	if( !isMatch ) return;
1303	1307
1304	1308	/* If we reach this point, it means we have a situation where we
1305	1309

	--- src/login.c
	+++ src/login.c
	@@ -1276,11 +1276,13 @@
1276	**
1277	** This routine believes that this is a complex request is coming from
1278	** a robot if all of the following are true:
1279	**
1280	** * The user is "nobody".
1281	** * The REFERER field of the HTTP header is missing or empty.


1282	** * There are one or more query parameters other than "name".
1283	**
1284	** Robot restrictions are governed by settings.
1285	**
1286	** robot-restrict The value is a list of GLOB patterns for pages
	@@ -1291,14 +1293,16 @@
1291	void login_restrict_robot_access(void){
1292	const char *zReferer;
1293	const char *zGlob;
1294	int isMatch = 1;
1295	if( g.zLogin!=0 ) return;
1296	zReferer = P("HTTP_REFERER");
1297	if( zReferer && zReferer[0]!=0 ) return;
1298	zGlob = db_get("robot-restrict",0);
1299	if( zGlob==0 \|\| zGlob[0]==0 ) return;




1300	if( cgi_qp_count()<1 ) return;
1301	isMatch = glob_multi_match(zGlob, g.zPath);
1302	if( !isMatch ) return;
1303
1304	/* If we reach this point, it means we have a situation where we
1305

	--- src/login.c
	+++ src/login.c
	@@ -1276,11 +1276,13 @@
1276	**
1277	** This routine believes that this is a complex request is coming from
1278	** a robot if all of the following are true:
1279	**
1280	** * The user is "nobody".
1281	** * Either the REFERER field of the HTTP header is missing or empty,
1282	** or the USERAGENT field of the HTTP header suggests that
1283	** the request as coming from a robot.
1284	** * There are one or more query parameters other than "name".
1285	**
1286	** Robot restrictions are governed by settings.
1287	**
1288	** robot-restrict The value is a list of GLOB patterns for pages
	@@ -1291,14 +1293,16 @@
1293	void login_restrict_robot_access(void){
1294	const char *zReferer;
1295	const char *zGlob;
1296	int isMatch = 1;
1297	if( g.zLogin!=0 ) return;


1298	zGlob = db_get("robot-restrict",0);
1299	if( zGlob==0 \|\| zGlob[0]==0 ) return;
1300	if( g.isHuman ){
1301	zReferer = P("HTTP_REFERER");
1302	if( zReferer && zReferer[0]!=0 ) return;
1303	}
1304	if( cgi_qp_count()<1 ) return;
1305	isMatch = glob_multi_match(zGlob, g.zPath);
1306	if( !isMatch ) return;
1307
1308	/* If we reach this point, it means we have a situation where we
1309