Fossil SCM
New spider-control logic: Optionally delay enabling hyperlinks or requiring mouse movement before enabling hyperlinks, controlled by the Setup/Access screen and the auto-hyperlink-delay and auto-hyperlink-mouseover settings.
Commit
96f3e8392275dc2dad5092e0e8b423d186ae3c91
Parent
e501d7d0a6820ca…
3 files changed
+9
-1
+16
-3
+14
-1
+9
-1
| --- src/login.c | ||
| +++ src/login.c | ||
| @@ -911,13 +911,21 @@ | ||
| 911 | 911 | } |
| 912 | 912 | |
| 913 | 913 | /* Set the capabilities */ |
| 914 | 914 | login_replace_capabilities(zCap, 0); |
| 915 | 915 | login_set_anon_nobody_capabilities(); |
| 916 | + | |
| 917 | + /* The auto-hyperlink setting allows hyperlinks to be displayed for users | |
| 918 | + ** who do not have the "h" permission as long as their UserAgent string | |
| 919 | + ** makes it appear that they are human. Check to see if auto-hyperlink is | |
| 920 | + ** enabled for this repository and make appropriate adjustments to the | |
| 921 | + ** permission flags if it is. | |
| 922 | + */ | |
| 916 | 923 | if( zCap[0] && !g.perm.Hyperlink |
| 917 | 924 | && db_get_boolean("auto-hyperlink",1) |
| 918 | - && isHuman(P("HTTP_USER_AGENT")) ){ | |
| 925 | + && isHuman(P("HTTP_USER_AGENT")) | |
| 926 | + ){ | |
| 919 | 927 | g.perm.Hyperlink = 1; |
| 920 | 928 | g.javascriptHyperlink = 1; |
| 921 | 929 | } |
| 922 | 930 | |
| 923 | 931 | /* If the public-pages glob pattern is defined and REQUEST_URI matches |
| 924 | 932 |
| --- src/login.c | |
| +++ src/login.c | |
| @@ -911,13 +911,21 @@ | |
| 911 | } |
| 912 | |
| 913 | /* Set the capabilities */ |
| 914 | login_replace_capabilities(zCap, 0); |
| 915 | login_set_anon_nobody_capabilities(); |
| 916 | if( zCap[0] && !g.perm.Hyperlink |
| 917 | && db_get_boolean("auto-hyperlink",1) |
| 918 | && isHuman(P("HTTP_USER_AGENT")) ){ |
| 919 | g.perm.Hyperlink = 1; |
| 920 | g.javascriptHyperlink = 1; |
| 921 | } |
| 922 | |
| 923 | /* If the public-pages glob pattern is defined and REQUEST_URI matches |
| 924 |
| --- src/login.c | |
| +++ src/login.c | |
| @@ -911,13 +911,21 @@ | |
| 911 | } |
| 912 | |
| 913 | /* Set the capabilities */ |
| 914 | login_replace_capabilities(zCap, 0); |
| 915 | login_set_anon_nobody_capabilities(); |
| 916 | |
| 917 | /* The auto-hyperlink setting allows hyperlinks to be displayed for users |
| 918 | ** who do not have the "h" permission as long as their UserAgent string |
| 919 | ** makes it appear that they are human. Check to see if auto-hyperlink is |
| 920 | ** enabled for this repository and make appropriate adjustments to the |
| 921 | ** permission flags if it is. |
| 922 | */ |
| 923 | if( zCap[0] && !g.perm.Hyperlink |
| 924 | && db_get_boolean("auto-hyperlink",1) |
| 925 | && isHuman(P("HTTP_USER_AGENT")) |
| 926 | ){ |
| 927 | g.perm.Hyperlink = 1; |
| 928 | g.javascriptHyperlink = 1; |
| 929 | } |
| 930 | |
| 931 | /* If the public-pages glob pattern is defined and REQUEST_URI matches |
| 932 |
+16
-3
| --- src/setup.c | ||
| +++ src/setup.c | ||
| @@ -935,19 +935,32 @@ | ||
| 935 | 935 | @ <p>Enable hyperlinks (the equivalent of the "h" permission) for all users |
| 936 | 936 | @ including user "nobody", as long as (1) the User-Agent string in the |
| 937 | 937 | @ HTTP header indicates that the request is coming from an actual human |
| 938 | 938 | @ being and not a a robot or spider and (2) the user agent is able to |
| 939 | 939 | @ run Javascript in order to set the href= attribute of hyperlinks. Bots |
| 940 | - @ and spiders can specify whatever User-Agent string they that want and | |
| 941 | - @ they can run javascript just like browsers. But most bots don't go to | |
| 942 | - @ that much trouble so this is normally an effective defense.</p> | |
| 940 | + @ and spiders can forge a User-Agent string that makes them seem to be a | |
| 941 | + @ normal browser and they can run javascript just like browsers. But most | |
| 942 | + @ bots do not go to that much trouble so this is normally an effective defense.</p> | |
| 943 | 943 | @ |
| 944 | 944 | @ <p>You do not normally want a bot to walk your entire repository because |
| 945 | 945 | @ if it does, your server will end up computing diffs and annotations for |
| 946 | 946 | @ every historical version of every file and creating ZIPs and tarballs of |
| 947 | 947 | @ every historical check-in, which can use a lot of CPU and bandwidth |
| 948 | 948 | @ even for relatively small projects.</p> |
| 949 | + @ | |
| 950 | + @ <p>Additional parameters that control this behavior:</p> | |
| 951 | + @ <blockquote> | |
| 952 | + onoff_attribute("Require mouse movement before enabling hyperlinks", | |
| 953 | + "auto-hyperlink-mouseover", "ahmo", 0); | |
| 954 | + @ <br> | |
| 955 | + entry_attribute("Delay before enabling hyperlinks (milliseconds)", 5, | |
| 956 | + "auto-hyperlink-delay", "ah-delay", "0"); | |
| 957 | + @ </blockquote> | |
| 958 | + @ <p>Hyperlinks for user "nobody" are normally enabled as soon as the page | |
| 959 | + @ finishes loading. But the first check-box below can be set to require mouse | |
| 960 | + @ movement before enabling the links. One can also set a delay prior to enabling | |
| 961 | + @ links by enter a positive number of milliseconds in the entry box above.</p> | |
| 949 | 962 | |
| 950 | 963 | @ <hr /> |
| 951 | 964 | onoff_attribute("Require a CAPTCHA if not logged in", |
| 952 | 965 | "require-captcha", "reqcapt", 1); |
| 953 | 966 | @ <p>Require a CAPTCHA for edit operations (appending, creating, or |
| 954 | 967 |
| --- src/setup.c | |
| +++ src/setup.c | |
| @@ -935,19 +935,32 @@ | |
| 935 | @ <p>Enable hyperlinks (the equivalent of the "h" permission) for all users |
| 936 | @ including user "nobody", as long as (1) the User-Agent string in the |
| 937 | @ HTTP header indicates that the request is coming from an actual human |
| 938 | @ being and not a a robot or spider and (2) the user agent is able to |
| 939 | @ run Javascript in order to set the href= attribute of hyperlinks. Bots |
| 940 | @ and spiders can specify whatever User-Agent string they that want and |
| 941 | @ they can run javascript just like browsers. But most bots don't go to |
| 942 | @ that much trouble so this is normally an effective defense.</p> |
| 943 | @ |
| 944 | @ <p>You do not normally want a bot to walk your entire repository because |
| 945 | @ if it does, your server will end up computing diffs and annotations for |
| 946 | @ every historical version of every file and creating ZIPs and tarballs of |
| 947 | @ every historical check-in, which can use a lot of CPU and bandwidth |
| 948 | @ even for relatively small projects.</p> |
| 949 | |
| 950 | @ <hr /> |
| 951 | onoff_attribute("Require a CAPTCHA if not logged in", |
| 952 | "require-captcha", "reqcapt", 1); |
| 953 | @ <p>Require a CAPTCHA for edit operations (appending, creating, or |
| 954 |
| --- src/setup.c | |
| +++ src/setup.c | |
| @@ -935,19 +935,32 @@ | |
| 935 | @ <p>Enable hyperlinks (the equivalent of the "h" permission) for all users |
| 936 | @ including user "nobody", as long as (1) the User-Agent string in the |
| 937 | @ HTTP header indicates that the request is coming from an actual human |
| 938 | @ being and not a a robot or spider and (2) the user agent is able to |
| 939 | @ run Javascript in order to set the href= attribute of hyperlinks. Bots |
| 940 | @ and spiders can forge a User-Agent string that makes them seem to be a |
| 941 | @ normal browser and they can run javascript just like browsers. But most |
| 942 | @ bots do not go to that much trouble so this is normally an effective defense.</p> |
| 943 | @ |
| 944 | @ <p>You do not normally want a bot to walk your entire repository because |
| 945 | @ if it does, your server will end up computing diffs and annotations for |
| 946 | @ every historical version of every file and creating ZIPs and tarballs of |
| 947 | @ every historical check-in, which can use a lot of CPU and bandwidth |
| 948 | @ even for relatively small projects.</p> |
| 949 | @ |
| 950 | @ <p>Additional parameters that control this behavior:</p> |
| 951 | @ <blockquote> |
| 952 | onoff_attribute("Require mouse movement before enabling hyperlinks", |
| 953 | "auto-hyperlink-mouseover", "ahmo", 0); |
| 954 | @ <br> |
| 955 | entry_attribute("Delay before enabling hyperlinks (milliseconds)", 5, |
| 956 | "auto-hyperlink-delay", "ah-delay", "0"); |
| 957 | @ </blockquote> |
| 958 | @ <p>Hyperlinks for user "nobody" are normally enabled as soon as the page |
| 959 | @ finishes loading. But the first check-box below can be set to require mouse |
| 960 | @ movement before enabling the links. One can also set a delay prior to enabling |
| 961 | @ links by enter a positive number of milliseconds in the entry box above.</p> |
| 962 | |
| 963 | @ <hr /> |
| 964 | onoff_attribute("Require a CAPTCHA if not logged in", |
| 965 | "require-captcha", "reqcapt", 1); |
| 966 | @ <p>Require a CAPTCHA for edit operations (appending, creating, or |
| 967 |
+14
-1
| --- src/style.c | ||
| +++ src/style.c | ||
| @@ -160,22 +160,35 @@ | ||
| 160 | 160 | /* |
| 161 | 161 | ** Generate javascript that will set the href= attribute on all anchors. |
| 162 | 162 | */ |
| 163 | 163 | void style_resolve_href(void){ |
| 164 | 164 | int i; |
| 165 | + int nDelay = db_get_int("auto-hyperlink-delay",0); | |
| 165 | 166 | if( !g.perm.Hyperlink ) return; |
| 166 | 167 | if( nHref==0 && nFormAction==0 ) return; |
| 167 | 168 | @ <script type="text/JavaScript"> |
| 168 | 169 | @ /* <![CDATA[ */ |
| 170 | + @ function setAllHrefs(){ | |
| 169 | 171 | if( g.javascriptHyperlink ){ |
| 170 | 172 | for(i=0; i<nHref; i++){ |
| 171 | 173 | @ gebi("a%d(i+1)").href="%s(aHref[i])"; |
| 172 | 174 | } |
| 173 | 175 | } |
| 174 | 176 | for(i=0; i<nFormAction; i++){ |
| 175 | 177 | @ gebi("form%d(i+1)").action="%s(aFormAction[i])"; |
| 176 | 178 | } |
| 179 | + @ } | |
| 180 | + if( db_get_boolean("auto-hyperlink-mouseover",0) ){ | |
| 181 | + /* Require mouse movement prior to activating hyperlinks */ | |
| 182 | + @ document.getElementsByTagName("body")[0].onmousemove=function(){ | |
| 183 | + @ setTimeout("setAllHrefs();",%d(nDelay)); | |
| 184 | + @ this.onmousemove = null; | |
| 185 | + @ } | |
| 186 | + }else{ | |
| 187 | + /* Active hyperlinks right away */ | |
| 188 | + @ setTimeout("setAllHrefs();",%d(nDelay)); | |
| 189 | + } | |
| 177 | 190 | @ /* ]]> */ |
| 178 | 191 | @ </script> |
| 179 | 192 | } |
| 180 | 193 | |
| 181 | 194 | /* |
| @@ -906,11 +919,11 @@ | ||
| 906 | 919 | @ ** 2. change the default hash adding behaviour to ON |
| 907 | 920 | @ ** or change the class defition of element identified by id="clrcust" |
| 908 | 921 | @ ** to a standard jscolor definition with java script in the footer. */ |
| 909 | 922 | }, |
| 910 | 923 | { "div.endContent", |
| 911 | - "format for end of content area, to be used to clear page flow(sidebox on branch,..", | |
| 924 | + "format for end of content area, to be used to clear page flow.", | |
| 912 | 925 | @ clear: both; |
| 913 | 926 | }, |
| 914 | 927 | { "p.generalError", |
| 915 | 928 | "format for general errors", |
| 916 | 929 | @ color: red; |
| 917 | 930 |
| --- src/style.c | |
| +++ src/style.c | |
| @@ -160,22 +160,35 @@ | |
| 160 | /* |
| 161 | ** Generate javascript that will set the href= attribute on all anchors. |
| 162 | */ |
| 163 | void style_resolve_href(void){ |
| 164 | int i; |
| 165 | if( !g.perm.Hyperlink ) return; |
| 166 | if( nHref==0 && nFormAction==0 ) return; |
| 167 | @ <script type="text/JavaScript"> |
| 168 | @ /* <![CDATA[ */ |
| 169 | if( g.javascriptHyperlink ){ |
| 170 | for(i=0; i<nHref; i++){ |
| 171 | @ gebi("a%d(i+1)").href="%s(aHref[i])"; |
| 172 | } |
| 173 | } |
| 174 | for(i=0; i<nFormAction; i++){ |
| 175 | @ gebi("form%d(i+1)").action="%s(aFormAction[i])"; |
| 176 | } |
| 177 | @ /* ]]> */ |
| 178 | @ </script> |
| 179 | } |
| 180 | |
| 181 | /* |
| @@ -906,11 +919,11 @@ | |
| 906 | @ ** 2. change the default hash adding behaviour to ON |
| 907 | @ ** or change the class defition of element identified by id="clrcust" |
| 908 | @ ** to a standard jscolor definition with java script in the footer. */ |
| 909 | }, |
| 910 | { "div.endContent", |
| 911 | "format for end of content area, to be used to clear page flow(sidebox on branch,..", |
| 912 | @ clear: both; |
| 913 | }, |
| 914 | { "p.generalError", |
| 915 | "format for general errors", |
| 916 | @ color: red; |
| 917 |
| --- src/style.c | |
| +++ src/style.c | |
| @@ -160,22 +160,35 @@ | |
| 160 | /* |
| 161 | ** Generate javascript that will set the href= attribute on all anchors. |
| 162 | */ |
| 163 | void style_resolve_href(void){ |
| 164 | int i; |
| 165 | int nDelay = db_get_int("auto-hyperlink-delay",0); |
| 166 | if( !g.perm.Hyperlink ) return; |
| 167 | if( nHref==0 && nFormAction==0 ) return; |
| 168 | @ <script type="text/JavaScript"> |
| 169 | @ /* <![CDATA[ */ |
| 170 | @ function setAllHrefs(){ |
| 171 | if( g.javascriptHyperlink ){ |
| 172 | for(i=0; i<nHref; i++){ |
| 173 | @ gebi("a%d(i+1)").href="%s(aHref[i])"; |
| 174 | } |
| 175 | } |
| 176 | for(i=0; i<nFormAction; i++){ |
| 177 | @ gebi("form%d(i+1)").action="%s(aFormAction[i])"; |
| 178 | } |
| 179 | @ } |
| 180 | if( db_get_boolean("auto-hyperlink-mouseover",0) ){ |
| 181 | /* Require mouse movement prior to activating hyperlinks */ |
| 182 | @ document.getElementsByTagName("body")[0].onmousemove=function(){ |
| 183 | @ setTimeout("setAllHrefs();",%d(nDelay)); |
| 184 | @ this.onmousemove = null; |
| 185 | @ } |
| 186 | }else{ |
| 187 | /* Active hyperlinks right away */ |
| 188 | @ setTimeout("setAllHrefs();",%d(nDelay)); |
| 189 | } |
| 190 | @ /* ]]> */ |
| 191 | @ </script> |
| 192 | } |
| 193 | |
| 194 | /* |
| @@ -906,11 +919,11 @@ | |
| 919 | @ ** 2. change the default hash adding behaviour to ON |
| 920 | @ ** or change the class defition of element identified by id="clrcust" |
| 921 | @ ** to a standard jscolor definition with java script in the footer. */ |
| 922 | }, |
| 923 | { "div.endContent", |
| 924 | "format for end of content area, to be used to clear page flow.", |
| 925 | @ clear: both; |
| 926 | }, |
| 927 | { "p.generalError", |
| 928 | "format for general errors", |
| 929 | @ color: red; |
| 930 |