Fossil SCM

Move the z-level style into default.css, in case the adversaries read inlined STYLE tags (which now, in hindsight, seems more likely to me). Change the HTTP result code from robot_proofofwork() to a non-200 code, the hope being that the adversaries will stop on a non-200 code.

stephan 2025-08-17 15:37 robotck-instant

Commit c7ad43638da062e1d43ceca01fd5a441e7643286507f582ec99f231b9c9fa9b3

Parent 7c57a20ebd8e621…

3 files changed +3 +1 -2

~ src/default.css ~ src/robot.c ~ src/style.c

M src/default.css

		--- src/default.css
		+++ src/default.css
		@@ -1,10 +1,13 @@
1	1	/* This CSS file holds the default implementations for all of fossil's
2	2	CSS classes. When /style.css is requested, the rules in this file
3	3	are emitted first, followed by (1) page-specific CSS (if any) and
4	4	(2) skin-specific CSS.
5	5	*/
	6	+body {
	7	+ z-index: 0 /* part of robot.c:robot_proofofwork() */;
	8	+}
6	9	div.sidebox {
7	10	float: right;
8	11	background-color: white;
9	12	border-width: medium;
10	13	border-style: double;
11	14

	--- src/default.css
	+++ src/default.css
	@@ -1,10 +1,13 @@
1	/* This CSS file holds the default implementations for all of fossil's
2	CSS classes. When /style.css is requested, the rules in this file
3	are emitted first, followed by (1) page-specific CSS (if any) and
4	(2) skin-specific CSS.
5	*/



6	div.sidebox {
7	float: right;
8	background-color: white;
9	border-width: medium;
10	border-style: double;
11

	--- src/default.css
	+++ src/default.css
	@@ -1,10 +1,13 @@
1	/* This CSS file holds the default implementations for all of fossil's
2	CSS classes. When /style.css is requested, the rules in this file
3	are emitted first, followed by (1) page-specific CSS (if any) and
4	(2) skin-specific CSS.
5	*/
6	body {
7	z-index: 0 /* part of robot.c:robot_proofofwork() */;
8	}
9	div.sidebox {
10	float: right;
11	background-color: white;
12	border-width: medium;
13	border-style: double;
14

M src/robot.c

		--- src/robot.c
		+++ src/robot.c
		@@ -122,10 +122,11 @@
122	122	@ E("x6").onsubmit=function(){E("x3").style.visibility="hidden";};
123	123	@ E("x5").focus();
124	124	@ }
125	125	@ },false);
126	126	@ </script>
	127	+ cgi_set_status(511, "OK for people");
127	128	style_finish_page();
128	129	return 1;
129	130	}
130	131
131	132	/*
132	133

	--- src/robot.c
	+++ src/robot.c
	@@ -122,10 +122,11 @@
122	@ E("x6").onsubmit=function(){E("x3").style.visibility="hidden";};
123	@ E("x5").focus();
124	@ }
125	@ },false);
126	@ </script>

127	style_finish_page();
128	return 1;
129	}
130
131	/*
132

	--- src/robot.c
	+++ src/robot.c
	@@ -122,10 +122,11 @@
122	@ E("x6").onsubmit=function(){E("x3").style.visibility="hidden";};
123	@ E("x5").focus();
124	@ }
125	@ },false);
126	@ </script>
127	cgi_set_status(511, "OK for people");
128	style_finish_page();
129	return 1;
130	}
131
132	/*
133

M src/style.c

-2

		--- src/style.c
		+++ src/style.c
		@@ -826,12 +826,10 @@
826	826	if( g.perm.Debug && P("showqp") ){
827	827	@ <div class="debug">
828	828	cgi_print_all(0, 0, 0);
829	829	@ </div>
830	830	}
831		- @ <style>body { z-index: 0 }</style>
832		- /* ^^^^ part of robot.c:robot_proofofwork() */
833	831	fossil_free(zTitle);
834	832	}
835	833
836	834	#if INTERFACE
837	835	/* Allowed parameters for style_adunit() */
838	836

	--- src/style.c
	+++ src/style.c
	@@ -826,12 +826,10 @@
826	if( g.perm.Debug && P("showqp") ){
827	@ <div class="debug">
828	cgi_print_all(0, 0, 0);
829	@ </div>
830	}
831	@ <style>body { z-index: 0 }</style>
832	/* ^^^^ part of robot.c:robot_proofofwork() */
833	fossil_free(zTitle);
834	}
835
836	#if INTERFACE
837	/* Allowed parameters for style_adunit() */
838

	--- src/style.c
	+++ src/style.c
	@@ -826,12 +826,10 @@
826	if( g.perm.Debug && P("showqp") ){
827	@ <div class="debug">
828	cgi_print_all(0, 0, 0);
829	@ </div>
830	}


831	fossil_free(zTitle);
832	}
833
834	#if INTERFACE
835	/* Allowed parameters for style_adunit() */
836

Fossil SCM

Keyboard Shortcuts