98cc5206529… — Fossil SCM

M src/cgi.c

+2 -3

		--- src/cgi.c
		+++ src/cgi.c
		@@ -1056,18 +1056,17 @@
1056	1056	cgi_setenv("HTTP_HOST", zVal);
1057	1057	}else if( fossil_strcmp(zFieldName,"if-none-match:")==0 ){
1058	1058	cgi_setenv("HTTP_IF_NONE_MATCH", zVal);
1059	1059	}else if( fossil_strcmp(zFieldName,"if-modified-since:")==0 ){
1060	1060	cgi_setenv("HTTP_IF_MODIFIED_SINCE", zVal);
1061		- }
1062	1061	#if 0
1063		- else if( fossil_strcmp(zFieldName,"referer:")==0 ){
	1062	+ }else if( fossil_strcmp(zFieldName,"referer:")==0 ){
1064	1063	cgi_setenv("HTTP_REFERER", zVal);
	1064	+#endif
1065	1065	}else if( fossil_strcmp(zFieldName,"user-agent:")==0 ){
1066	1066	cgi_setenv("HTTP_USER_AGENT", zVal);
1067	1067	}
1068		-#endif
1069	1068	}
1070	1069
1071	1070	cgi_init();
1072	1071	}
1073	1072
1074	1073

	--- src/cgi.c
	+++ src/cgi.c
	@@ -1056,18 +1056,17 @@
1056	cgi_setenv("HTTP_HOST", zVal);
1057	}else if( fossil_strcmp(zFieldName,"if-none-match:")==0 ){
1058	cgi_setenv("HTTP_IF_NONE_MATCH", zVal);
1059	}else if( fossil_strcmp(zFieldName,"if-modified-since:")==0 ){
1060	cgi_setenv("HTTP_IF_MODIFIED_SINCE", zVal);
1061	}
1062	#if 0
1063	else if( fossil_strcmp(zFieldName,"referer:")==0 ){
1064	cgi_setenv("HTTP_REFERER", zVal);

1065	}else if( fossil_strcmp(zFieldName,"user-agent:")==0 ){
1066	cgi_setenv("HTTP_USER_AGENT", zVal);
1067	}
1068	#endif
1069	}
1070
1071	cgi_init();
1072	}
1073
1074

	--- src/cgi.c
	+++ src/cgi.c
	@@ -1056,18 +1056,17 @@
1056	cgi_setenv("HTTP_HOST", zVal);
1057	}else if( fossil_strcmp(zFieldName,"if-none-match:")==0 ){
1058	cgi_setenv("HTTP_IF_NONE_MATCH", zVal);
1059	}else if( fossil_strcmp(zFieldName,"if-modified-since:")==0 ){
1060	cgi_setenv("HTTP_IF_MODIFIED_SINCE", zVal);

1061	#if 0
1062	}else if( fossil_strcmp(zFieldName,"referer:")==0 ){
1063	cgi_setenv("HTTP_REFERER", zVal);
1064	#endif
1065	}else if( fossil_strcmp(zFieldName,"user-agent:")==0 ){
1066	cgi_setenv("HTTP_USER_AGENT", zVal);
1067	}

1068	}
1069
1070	cgi_init();
1071	}
1072
1073

M src/login.c

+2 -1

		--- src/login.c
		+++ src/login.c
		@@ -746,11 +746,12 @@
746	746	}
747	747
748	748	/* Set the capabilities */
749	749	login_set_capabilities(zCap, 0);
750	750	login_set_anon_nobody_capabilities();
751		- if( zCap[0] && !g.perm.History && isHuman() ){
	751	+ if( zCap[0] && !g.perm.History && db_get_boolean("auto-enable-hyperlinks",1)
	752	+ && isHuman() ){
752	753	g.perm.History = 1;
753	754	}
754	755	}
755	756
756	757	/*
757	758

	--- src/login.c
	+++ src/login.c
	@@ -746,11 +746,12 @@
746	}
747
748	/* Set the capabilities */
749	login_set_capabilities(zCap, 0);
750	login_set_anon_nobody_capabilities();
751	if( zCap[0] && !g.perm.History && isHuman() ){

752	g.perm.History = 1;
753	}
754	}
755
756	/*
757

	--- src/login.c
	+++ src/login.c
	@@ -746,11 +746,12 @@
746	}
747
748	/* Set the capabilities */
749	login_set_capabilities(zCap, 0);
750	login_set_anon_nobody_capabilities();
751	if( zCap[0] && !g.perm.History && db_get_boolean("auto-enable-hyperlinks",1)
752	&& isHuman() ){
753	g.perm.History = 1;
754	}
755	}
756
757	/*
758

M src/setup.c

+11

		--- src/setup.c
		+++ src/setup.c
		@@ -886,10 +886,21 @@
886	886	@ <p>Fossil tries to limit out-bound sync, clone, and pull packets
887	887	@ to this many bytes, uncompressed. If the client requires more data
888	888	@ than this, then the client will issue multiple HTTP requests.
889	889	@ Values below 1 million are not recommended. 5 million is a
890	890	@ reasonable number.</p>
	891	+
	892	+ @ <hr />
	893	+ onoff_attribute("Enable hyperlinks for \"nobody\" based on User-Agent",
	894	+ "auto-enable-hyperlinks", "autohyperlink", 1);
	895	+ @ <p>Enable hyperlinks (the equivalent of the "h" permission) for all users
	896	+ @ including user "nobody", as long as the User-Agent string in the HTTP header
	897	+ @ indicates that the request is coming from an actual human being and not a
	898	+ @ a robot or script. Note: Bots can specify whatever User-Agent string they
	899	+ @ that want. So a bot that wants to impersonate a human can easily do so.
	900	+ @ Hence, this technique does not necessarily exclude malicious bots.
	901	+ @ </p>
891	902
892	903	@ <hr />
893	904	onoff_attribute("Allow users to register themselves",
894	905	"self-register", "selfregister", 0);
895	906	@ <p>Allow users to register themselves through the HTTP UI.
896	907

	--- src/setup.c
	+++ src/setup.c
	@@ -886,10 +886,21 @@
886	@ <p>Fossil tries to limit out-bound sync, clone, and pull packets
887	@ to this many bytes, uncompressed. If the client requires more data
888	@ than this, then the client will issue multiple HTTP requests.
889	@ Values below 1 million are not recommended. 5 million is a
890	@ reasonable number.</p>











891
892	@ <hr />
893	onoff_attribute("Allow users to register themselves",
894	"self-register", "selfregister", 0);
895	@ <p>Allow users to register themselves through the HTTP UI.
896

	--- src/setup.c
	+++ src/setup.c
	@@ -886,10 +886,21 @@
886	@ <p>Fossil tries to limit out-bound sync, clone, and pull packets
887	@ to this many bytes, uncompressed. If the client requires more data
888	@ than this, then the client will issue multiple HTTP requests.
889	@ Values below 1 million are not recommended. 5 million is a
890	@ reasonable number.</p>
891
892	@ <hr />
893	onoff_attribute("Enable hyperlinks for \"nobody\" based on User-Agent",
894	"auto-enable-hyperlinks", "autohyperlink", 1);
895	@ <p>Enable hyperlinks (the equivalent of the "h" permission) for all users
896	@ including user "nobody", as long as the User-Agent string in the HTTP header
897	@ indicates that the request is coming from an actual human being and not a
898	@ a robot or script. Note: Bots can specify whatever User-Agent string they
899	@ that want. So a bot that wants to impersonate a human can easily do so.
900	@ Hence, this technique does not necessarily exclude malicious bots.
901	@ </p>
902
903	@ <hr />
904	onoff_attribute("Allow users to register themselves",
905	"self-register", "selfregister", 0);
906	@ <p>Allow users to register themselves through the HTTP UI.
907

Fossil SCM