Fossil SCM
New g.isHuman global variable is set if we believe an HTTP request is coming a real human being, rather than a spider or bot.
Commit
e065d5b7f193b8804f24cbbd53aefb24e9ffd8a3
Parent
b86fb096c6c6531…
3 files changed
+18
-12
+1
+1
+18
-12
| --- src/login.c | ||
| +++ src/login.c | ||
| @@ -391,24 +391,24 @@ | ||
| 391 | 391 | for(i=0; zAgent[i]; i++){ |
| 392 | 392 | if( prefix_match("bot", zAgent+i) ) return 0; |
| 393 | 393 | if( prefix_match("spider", zAgent+i) ) return 0; |
| 394 | 394 | if( prefix_match("crawl", zAgent+i) ) return 0; |
| 395 | 395 | /* If a URI appears in the User-Agent, it is probably a bot */ |
| 396 | - if( memcmp("http", zAgent+i,4)==0 ) return 0; | |
| 396 | + if( strncmp("http", zAgent+i,4)==0 ) return 0; | |
| 397 | 397 | } |
| 398 | - if( memcmp(zAgent, "Mozilla/", 8)==0 ){ | |
| 398 | + if( strncmp(zAgent, "Mozilla/", 8)==0 ){ | |
| 399 | 399 | if( atoi(&zAgent[8])<4 ) return 0; /* Many bots advertise as Mozilla/3 */ |
| 400 | 400 | if( strglob("*Firefox/[1-9]*", zAgent) ) return 1; |
| 401 | 401 | if( strglob("*Chrome/[1-9]*", zAgent) ) return 1; |
| 402 | 402 | if( strglob("*(compatible;?MSIE?[1789]*", zAgent) ) return 1; |
| 403 | 403 | if( strglob("*AppleWebKit/[1-9]*(KHTML*", zAgent) ) return 1; |
| 404 | 404 | return 0; |
| 405 | 405 | } |
| 406 | - if( memcmp(zAgent, "Opera/", 6)==0 ) return 1; | |
| 407 | - if( memcmp(zAgent, "Safari/", 7)==0 ) return 1; | |
| 408 | - if( memcmp(zAgent, "Lynx/", 5)==0 ) return 1; | |
| 409 | - if( memcmp(zAgent, "NetSurf/", 8)==0 ) return 1; | |
| 406 | + if( strncmp(zAgent, "Opera/", 6)==0 ) return 1; | |
| 407 | + if( strncmp(zAgent, "Safari/", 7)==0 ) return 1; | |
| 408 | + if( strncmp(zAgent, "Lynx/", 5)==0 ) return 1; | |
| 409 | + if( strncmp(zAgent, "NetSurf/", 8)==0 ) return 1; | |
| 410 | 410 | return 0; |
| 411 | 411 | } |
| 412 | 412 | |
| 413 | 413 | /* |
| 414 | 414 | ** COMMAND: test-ishuman |
| @@ -598,11 +598,11 @@ | ||
| 598 | 598 | @ </table> |
| 599 | 599 | @ <script type="text/JavaScript"> |
| 600 | 600 | @ gebi('u').focus() |
| 601 | 601 | @ function chngAction(form){ |
| 602 | 602 | if( g.sslNotAvailable==0 |
| 603 | - && memcmp(g.zBaseURL,"https:",6)!=0 | |
| 603 | + && strncmp(g.zBaseURL,"https:",6)!=0 | |
| 604 | 604 | && db_get_boolean("https-login",0) |
| 605 | 605 | ){ |
| 606 | 606 | char *zSSL = mprintf("https:%s", &g.zBaseURL[5]); |
| 607 | 607 | @ if( form.u.value!="anonymous" ){ |
| 608 | 608 | @ form.action = "%h(zSSL)/login"; |
| @@ -763,14 +763,17 @@ | ||
| 763 | 763 | } |
| 764 | 764 | |
| 765 | 765 | /* |
| 766 | 766 | ** This routine examines the login cookie to see if it exists and |
| 767 | 767 | ** is valid. If the login cookie checks out, it then sets global |
| 768 | -** variables appropriately. Global variables set include g.userUid | |
| 769 | -** and g.zLogin and the g.perm family of permission booleans. | |
| 768 | +** variables appropriately. | |
| 770 | 769 | ** |
| 771 | -** If the | |
| 770 | +** g.userUid Database USER.UID value. Might be -1 for "nobody" | |
| 771 | +** g.zLogin Database USER.LOGIN value. NULL for user "nobody" | |
| 772 | +** g.perm Permissions granted to this user | |
| 773 | +** g.isHuman True if the user is human, not a spider or robot | |
| 774 | +** | |
| 772 | 775 | */ |
| 773 | 776 | void login_check_credentials(void){ |
| 774 | 777 | int uid = 0; /* User id */ |
| 775 | 778 | const char *zCookie; /* Text of the login cookie */ |
| 776 | 779 | const char *zIpAddr; /* Raw IP address of the requestor */ |
| @@ -799,10 +802,11 @@ | ||
| 799 | 802 | ){ |
| 800 | 803 | uid = db_int(0, "SELECT uid FROM user WHERE cap LIKE '%%s%%'"); |
| 801 | 804 | g.zLogin = db_text("?", "SELECT login FROM user WHERE uid=%d", uid); |
| 802 | 805 | zCap = "sx"; |
| 803 | 806 | g.noPswd = 1; |
| 807 | + g.isHuman = 1; | |
| 804 | 808 | sqlite3_snprintf(sizeof(g.zCsrfToken), g.zCsrfToken, "localhost"); |
| 805 | 809 | } |
| 806 | 810 | |
| 807 | 811 | /* Check the login cookie to see if it matches a known valid user. |
| 808 | 812 | */ |
| @@ -907,10 +911,11 @@ | ||
| 907 | 911 | */ |
| 908 | 912 | g.userUid = uid; |
| 909 | 913 | if( fossil_strcmp(g.zLogin,"nobody")==0 ){ |
| 910 | 914 | g.zLogin = 0; |
| 911 | 915 | } |
| 916 | + g.isHuman = g.zLogin==0 ? isHuman(P("HTTP_USER_AGENT")) : 1; | |
| 912 | 917 | |
| 913 | 918 | /* Set the capabilities */ |
| 914 | 919 | login_replace_capabilities(zCap, 0); |
| 915 | 920 | login_set_anon_nobody_capabilities(); |
| 916 | 921 | |
| @@ -918,13 +923,14 @@ | ||
| 918 | 923 | ** who do not have the "h" permission as long as their UserAgent string |
| 919 | 924 | ** makes it appear that they are human. Check to see if auto-hyperlink is |
| 920 | 925 | ** enabled for this repository and make appropriate adjustments to the |
| 921 | 926 | ** permission flags if it is. |
| 922 | 927 | */ |
| 923 | - if( zCap[0] && !g.perm.Hyperlink | |
| 928 | + if( zCap[0] | |
| 929 | + && !g.perm.Hyperlink | |
| 930 | + && g.isHuman | |
| 924 | 931 | && db_get_boolean("auto-hyperlink",1) |
| 925 | - && isHuman(P("HTTP_USER_AGENT")) | |
| 926 | 932 | ){ |
| 927 | 933 | g.perm.Hyperlink = 1; |
| 928 | 934 | g.javascriptHyperlink = 1; |
| 929 | 935 | } |
| 930 | 936 | |
| 931 | 937 |
| --- src/login.c | |
| +++ src/login.c | |
| @@ -391,24 +391,24 @@ | |
| 391 | for(i=0; zAgent[i]; i++){ |
| 392 | if( prefix_match("bot", zAgent+i) ) return 0; |
| 393 | if( prefix_match("spider", zAgent+i) ) return 0; |
| 394 | if( prefix_match("crawl", zAgent+i) ) return 0; |
| 395 | /* If a URI appears in the User-Agent, it is probably a bot */ |
| 396 | if( memcmp("http", zAgent+i,4)==0 ) return 0; |
| 397 | } |
| 398 | if( memcmp(zAgent, "Mozilla/", 8)==0 ){ |
| 399 | if( atoi(&zAgent[8])<4 ) return 0; /* Many bots advertise as Mozilla/3 */ |
| 400 | if( strglob("*Firefox/[1-9]*", zAgent) ) return 1; |
| 401 | if( strglob("*Chrome/[1-9]*", zAgent) ) return 1; |
| 402 | if( strglob("*(compatible;?MSIE?[1789]*", zAgent) ) return 1; |
| 403 | if( strglob("*AppleWebKit/[1-9]*(KHTML*", zAgent) ) return 1; |
| 404 | return 0; |
| 405 | } |
| 406 | if( memcmp(zAgent, "Opera/", 6)==0 ) return 1; |
| 407 | if( memcmp(zAgent, "Safari/", 7)==0 ) return 1; |
| 408 | if( memcmp(zAgent, "Lynx/", 5)==0 ) return 1; |
| 409 | if( memcmp(zAgent, "NetSurf/", 8)==0 ) return 1; |
| 410 | return 0; |
| 411 | } |
| 412 | |
| 413 | /* |
| 414 | ** COMMAND: test-ishuman |
| @@ -598,11 +598,11 @@ | |
| 598 | @ </table> |
| 599 | @ <script type="text/JavaScript"> |
| 600 | @ gebi('u').focus() |
| 601 | @ function chngAction(form){ |
| 602 | if( g.sslNotAvailable==0 |
| 603 | && memcmp(g.zBaseURL,"https:",6)!=0 |
| 604 | && db_get_boolean("https-login",0) |
| 605 | ){ |
| 606 | char *zSSL = mprintf("https:%s", &g.zBaseURL[5]); |
| 607 | @ if( form.u.value!="anonymous" ){ |
| 608 | @ form.action = "%h(zSSL)/login"; |
| @@ -763,14 +763,17 @@ | |
| 763 | } |
| 764 | |
| 765 | /* |
| 766 | ** This routine examines the login cookie to see if it exists and |
| 767 | ** is valid. If the login cookie checks out, it then sets global |
| 768 | ** variables appropriately. Global variables set include g.userUid |
| 769 | ** and g.zLogin and the g.perm family of permission booleans. |
| 770 | ** |
| 771 | ** If the |
| 772 | */ |
| 773 | void login_check_credentials(void){ |
| 774 | int uid = 0; /* User id */ |
| 775 | const char *zCookie; /* Text of the login cookie */ |
| 776 | const char *zIpAddr; /* Raw IP address of the requestor */ |
| @@ -799,10 +802,11 @@ | |
| 799 | ){ |
| 800 | uid = db_int(0, "SELECT uid FROM user WHERE cap LIKE '%%s%%'"); |
| 801 | g.zLogin = db_text("?", "SELECT login FROM user WHERE uid=%d", uid); |
| 802 | zCap = "sx"; |
| 803 | g.noPswd = 1; |
| 804 | sqlite3_snprintf(sizeof(g.zCsrfToken), g.zCsrfToken, "localhost"); |
| 805 | } |
| 806 | |
| 807 | /* Check the login cookie to see if it matches a known valid user. |
| 808 | */ |
| @@ -907,10 +911,11 @@ | |
| 907 | */ |
| 908 | g.userUid = uid; |
| 909 | if( fossil_strcmp(g.zLogin,"nobody")==0 ){ |
| 910 | g.zLogin = 0; |
| 911 | } |
| 912 | |
| 913 | /* Set the capabilities */ |
| 914 | login_replace_capabilities(zCap, 0); |
| 915 | login_set_anon_nobody_capabilities(); |
| 916 | |
| @@ -918,13 +923,14 @@ | |
| 918 | ** who do not have the "h" permission as long as their UserAgent string |
| 919 | ** makes it appear that they are human. Check to see if auto-hyperlink is |
| 920 | ** enabled for this repository and make appropriate adjustments to the |
| 921 | ** permission flags if it is. |
| 922 | */ |
| 923 | if( zCap[0] && !g.perm.Hyperlink |
| 924 | && db_get_boolean("auto-hyperlink",1) |
| 925 | && isHuman(P("HTTP_USER_AGENT")) |
| 926 | ){ |
| 927 | g.perm.Hyperlink = 1; |
| 928 | g.javascriptHyperlink = 1; |
| 929 | } |
| 930 | |
| 931 |
| --- src/login.c | |
| +++ src/login.c | |
| @@ -391,24 +391,24 @@ | |
| 391 | for(i=0; zAgent[i]; i++){ |
| 392 | if( prefix_match("bot", zAgent+i) ) return 0; |
| 393 | if( prefix_match("spider", zAgent+i) ) return 0; |
| 394 | if( prefix_match("crawl", zAgent+i) ) return 0; |
| 395 | /* If a URI appears in the User-Agent, it is probably a bot */ |
| 396 | if( strncmp("http", zAgent+i,4)==0 ) return 0; |
| 397 | } |
| 398 | if( strncmp(zAgent, "Mozilla/", 8)==0 ){ |
| 399 | if( atoi(&zAgent[8])<4 ) return 0; /* Many bots advertise as Mozilla/3 */ |
| 400 | if( strglob("*Firefox/[1-9]*", zAgent) ) return 1; |
| 401 | if( strglob("*Chrome/[1-9]*", zAgent) ) return 1; |
| 402 | if( strglob("*(compatible;?MSIE?[1789]*", zAgent) ) return 1; |
| 403 | if( strglob("*AppleWebKit/[1-9]*(KHTML*", zAgent) ) return 1; |
| 404 | return 0; |
| 405 | } |
| 406 | if( strncmp(zAgent, "Opera/", 6)==0 ) return 1; |
| 407 | if( strncmp(zAgent, "Safari/", 7)==0 ) return 1; |
| 408 | if( strncmp(zAgent, "Lynx/", 5)==0 ) return 1; |
| 409 | if( strncmp(zAgent, "NetSurf/", 8)==0 ) return 1; |
| 410 | return 0; |
| 411 | } |
| 412 | |
| 413 | /* |
| 414 | ** COMMAND: test-ishuman |
| @@ -598,11 +598,11 @@ | |
| 598 | @ </table> |
| 599 | @ <script type="text/JavaScript"> |
| 600 | @ gebi('u').focus() |
| 601 | @ function chngAction(form){ |
| 602 | if( g.sslNotAvailable==0 |
| 603 | && strncmp(g.zBaseURL,"https:",6)!=0 |
| 604 | && db_get_boolean("https-login",0) |
| 605 | ){ |
| 606 | char *zSSL = mprintf("https:%s", &g.zBaseURL[5]); |
| 607 | @ if( form.u.value!="anonymous" ){ |
| 608 | @ form.action = "%h(zSSL)/login"; |
| @@ -763,14 +763,17 @@ | |
| 763 | } |
| 764 | |
| 765 | /* |
| 766 | ** This routine examines the login cookie to see if it exists and |
| 767 | ** is valid. If the login cookie checks out, it then sets global |
| 768 | ** variables appropriately. |
| 769 | ** |
| 770 | ** g.userUid Database USER.UID value. Might be -1 for "nobody" |
| 771 | ** g.zLogin Database USER.LOGIN value. NULL for user "nobody" |
| 772 | ** g.perm Permissions granted to this user |
| 773 | ** g.isHuman True if the user is human, not a spider or robot |
| 774 | ** |
| 775 | */ |
| 776 | void login_check_credentials(void){ |
| 777 | int uid = 0; /* User id */ |
| 778 | const char *zCookie; /* Text of the login cookie */ |
| 779 | const char *zIpAddr; /* Raw IP address of the requestor */ |
| @@ -799,10 +802,11 @@ | |
| 802 | ){ |
| 803 | uid = db_int(0, "SELECT uid FROM user WHERE cap LIKE '%%s%%'"); |
| 804 | g.zLogin = db_text("?", "SELECT login FROM user WHERE uid=%d", uid); |
| 805 | zCap = "sx"; |
| 806 | g.noPswd = 1; |
| 807 | g.isHuman = 1; |
| 808 | sqlite3_snprintf(sizeof(g.zCsrfToken), g.zCsrfToken, "localhost"); |
| 809 | } |
| 810 | |
| 811 | /* Check the login cookie to see if it matches a known valid user. |
| 812 | */ |
| @@ -907,10 +911,11 @@ | |
| 911 | */ |
| 912 | g.userUid = uid; |
| 913 | if( fossil_strcmp(g.zLogin,"nobody")==0 ){ |
| 914 | g.zLogin = 0; |
| 915 | } |
| 916 | g.isHuman = g.zLogin==0 ? isHuman(P("HTTP_USER_AGENT")) : 1; |
| 917 | |
| 918 | /* Set the capabilities */ |
| 919 | login_replace_capabilities(zCap, 0); |
| 920 | login_set_anon_nobody_capabilities(); |
| 921 | |
| @@ -918,13 +923,14 @@ | |
| 923 | ** who do not have the "h" permission as long as their UserAgent string |
| 924 | ** makes it appear that they are human. Check to see if auto-hyperlink is |
| 925 | ** enabled for this repository and make appropriate adjustments to the |
| 926 | ** permission flags if it is. |
| 927 | */ |
| 928 | if( zCap[0] |
| 929 | && !g.perm.Hyperlink |
| 930 | && g.isHuman |
| 931 | && db_get_boolean("auto-hyperlink",1) |
| 932 | ){ |
| 933 | g.perm.Hyperlink = 1; |
| 934 | g.javascriptHyperlink = 1; |
| 935 | } |
| 936 | |
| 937 |
+1
| --- src/main.c | ||
| +++ src/main.c | ||
| @@ -184,10 +184,11 @@ | ||
| 184 | 184 | const char *zSSLIdentity; /* Value of --ssl-identity option, filename of |
| 185 | 185 | ** SSL client identity */ |
| 186 | 186 | int useLocalauth; /* No login required if from 127.0.0.1 */ |
| 187 | 187 | int noPswd; /* Logged in without password (on 127.0.0.1) */ |
| 188 | 188 | int userUid; /* Integer user id */ |
| 189 | + int isHuman; /* True if access by a human, not a spider or bot */ | |
| 189 | 190 | |
| 190 | 191 | /* Information used to populate the RCVFROM table */ |
| 191 | 192 | int rcvid; /* The rcvid. 0 if not yet defined. */ |
| 192 | 193 | char *zIpAddr; /* The remote IP address */ |
| 193 | 194 | char *zNonce; /* The nonce used for login */ |
| 194 | 195 |
| --- src/main.c | |
| +++ src/main.c | |
| @@ -184,10 +184,11 @@ | |
| 184 | const char *zSSLIdentity; /* Value of --ssl-identity option, filename of |
| 185 | ** SSL client identity */ |
| 186 | int useLocalauth; /* No login required if from 127.0.0.1 */ |
| 187 | int noPswd; /* Logged in without password (on 127.0.0.1) */ |
| 188 | int userUid; /* Integer user id */ |
| 189 | |
| 190 | /* Information used to populate the RCVFROM table */ |
| 191 | int rcvid; /* The rcvid. 0 if not yet defined. */ |
| 192 | char *zIpAddr; /* The remote IP address */ |
| 193 | char *zNonce; /* The nonce used for login */ |
| 194 |
| --- src/main.c | |
| +++ src/main.c | |
| @@ -184,10 +184,11 @@ | |
| 184 | const char *zSSLIdentity; /* Value of --ssl-identity option, filename of |
| 185 | ** SSL client identity */ |
| 186 | int useLocalauth; /* No login required if from 127.0.0.1 */ |
| 187 | int noPswd; /* Logged in without password (on 127.0.0.1) */ |
| 188 | int userUid; /* Integer user id */ |
| 189 | int isHuman; /* True if access by a human, not a spider or bot */ |
| 190 | |
| 191 | /* Information used to populate the RCVFROM table */ |
| 192 | int rcvid; /* The rcvid. 0 if not yet defined. */ |
| 193 | char *zIpAddr; /* The remote IP address */ |
| 194 | char *zNonce; /* The nonce used for login */ |
| 195 |
+1
| --- src/style.c | ||
| +++ src/style.c | ||
| @@ -1176,10 +1176,11 @@ | ||
| 1176 | 1176 | if( login_has_capability(&c, 1) ) zCap[i++] = c; |
| 1177 | 1177 | } |
| 1178 | 1178 | zCap[i] = 0; |
| 1179 | 1179 | @ g.userUid = %d(g.userUid)<br /> |
| 1180 | 1180 | @ g.zLogin = %h(g.zLogin)<br /> |
| 1181 | + @ g.isHuman = %d(g.isHuman)<br /> | |
| 1181 | 1182 | @ capabilities = %s(zCap)<br /> |
| 1182 | 1183 | @ <hr> |
| 1183 | 1184 | P("HTTP_USER_AGENT"); |
| 1184 | 1185 | cgi_print_all(showAll); |
| 1185 | 1186 | if( showAll && blob_size(&g.httpHeader)>0 ){ |
| 1186 | 1187 |
| --- src/style.c | |
| +++ src/style.c | |
| @@ -1176,10 +1176,11 @@ | |
| 1176 | if( login_has_capability(&c, 1) ) zCap[i++] = c; |
| 1177 | } |
| 1178 | zCap[i] = 0; |
| 1179 | @ g.userUid = %d(g.userUid)<br /> |
| 1180 | @ g.zLogin = %h(g.zLogin)<br /> |
| 1181 | @ capabilities = %s(zCap)<br /> |
| 1182 | @ <hr> |
| 1183 | P("HTTP_USER_AGENT"); |
| 1184 | cgi_print_all(showAll); |
| 1185 | if( showAll && blob_size(&g.httpHeader)>0 ){ |
| 1186 |
| --- src/style.c | |
| +++ src/style.c | |
| @@ -1176,10 +1176,11 @@ | |
| 1176 | if( login_has_capability(&c, 1) ) zCap[i++] = c; |
| 1177 | } |
| 1178 | zCap[i] = 0; |
| 1179 | @ g.userUid = %d(g.userUid)<br /> |
| 1180 | @ g.zLogin = %h(g.zLogin)<br /> |
| 1181 | @ g.isHuman = %d(g.isHuman)<br /> |
| 1182 | @ capabilities = %s(zCap)<br /> |
| 1183 | @ <hr> |
| 1184 | P("HTTP_USER_AGENT"); |
| 1185 | cgi_print_all(showAll); |
| 1186 | if( showAll && blob_size(&g.httpHeader)>0 ){ |
| 1187 |