Fossil SCM
Improvements to robot detection in the robot_restrict() function.
Commit
e5b00c610dee894d73193761e2057c1eab87ff04aa2f95cd1608026ac192c8bb
Parent
06937668056841b…
2 files changed
+3
+28
-22
+3
| --- src/default.css | ||
| +++ src/default.css | ||
| @@ -1,10 +1,13 @@ | ||
| 1 | 1 | /* This CSS file holds the default implementations for all of fossil's |
| 2 | 2 | CSS classes. When /style.css is requested, the rules in this file |
| 3 | 3 | are emitted first, followed by (1) page-specific CSS (if any) and |
| 4 | 4 | (2) skin-specific CSS. |
| 5 | 5 | */ |
| 6 | +body { | |
| 7 | + z-index: 0 /* part of robot.c:robot_proofofwork() */; | |
| 8 | +} | |
| 6 | 9 | div.sidebox { |
| 7 | 10 | float: right; |
| 8 | 11 | background-color: white; |
| 9 | 12 | border-width: medium; |
| 10 | 13 | border-style: double; |
| 11 | 14 |
| --- src/default.css | |
| +++ src/default.css | |
| @@ -1,10 +1,13 @@ | |
| 1 | /* This CSS file holds the default implementations for all of fossil's |
| 2 | CSS classes. When /style.css is requested, the rules in this file |
| 3 | are emitted first, followed by (1) page-specific CSS (if any) and |
| 4 | (2) skin-specific CSS. |
| 5 | */ |
| 6 | div.sidebox { |
| 7 | float: right; |
| 8 | background-color: white; |
| 9 | border-width: medium; |
| 10 | border-style: double; |
| 11 |
| --- src/default.css | |
| +++ src/default.css | |
| @@ -1,10 +1,13 @@ | |
| 1 | /* This CSS file holds the default implementations for all of fossil's |
| 2 | CSS classes. When /style.css is requested, the rules in this file |
| 3 | are emitted first, followed by (1) page-specific CSS (if any) and |
| 4 | (2) skin-specific CSS. |
| 5 | */ |
| 6 | body { |
| 7 | z-index: 0 /* part of robot.c:robot_proofofwork() */; |
| 8 | } |
| 9 | div.sidebox { |
| 10 | float: right; |
| 11 | background-color: white; |
| 12 | border-width: medium; |
| 13 | border-style: double; |
| 14 |
+28
-22
| --- src/robot.c | ||
| +++ src/robot.c | ||
| @@ -71,11 +71,11 @@ | ||
| 71 | 71 | /* If there is already a proof-of-work cookie with this value |
| 72 | 72 | ** that means that the user agent has already authenticated. |
| 73 | 73 | */ |
| 74 | 74 | z = P(ROBOT_COOKIE); |
| 75 | 75 | if( z |
| 76 | - && (atoi(z)==h1 || atoi(z)==h2) | |
| 76 | + && (atoi(z)==h1 || atoi(z)==h2) | |
| 77 | 77 | && !cgi_is_qp(ROBOT_COOKIE) ){ |
| 78 | 78 | return 0; |
| 79 | 79 | } |
| 80 | 80 | |
| 81 | 81 | /* Check for a proof query parameter. If found, that means that |
| @@ -94,34 +94,40 @@ | ||
| 94 | 94 | /* Ask the client to present proof-of-work */ |
| 95 | 95 | cgi_reset_content(); |
| 96 | 96 | cgi_set_content_type("text/html"); |
| 97 | 97 | style_header("Browser Verification"); |
| 98 | 98 | @ <h1 id="x1">Checking to see if you are a robot<span id="x2"></span></h1> |
| 99 | - @ <form method="GET" id="x6"> | |
| 100 | - @ <p id="x3" style="visibility:hidden;">\ | |
| 101 | - @ Press <input type="submit" id="x5" value="Ok" focus> to continue</p> | |
| 99 | + @ <form method="GET" id="x6"><p> | |
| 100 | + @ <span id="x3" style="visibility:hidden;">\ | |
| 101 | + @ Press <input type="submit" id="x5" value="Ok" focus> to continue</span> | |
| 102 | + @ <span id="x7" style="visibility:hidden;">You appear to be a robot.</span></p> | |
| 102 | 103 | cgi_query_parameters_to_hidden(); |
| 103 | 104 | @ <input id="x4" type="hidden" name="proof" value="0"> |
| 104 | 105 | @ </form> |
| 105 | 106 | @ <script nonce='%s(style_nonce())'> |
| 106 | 107 | @ function aaa(x){return document.getElementById(x);} |
| 107 | - @ function bbb(h,a){ | |
| 108 | - @ aaa("x4").value=h | |
| 109 | - @ if((a%%75)==0){ | |
| 110 | - @ aaa("x2").textContent=aaa("x2").textContent+"."; | |
| 111 | - @ } | |
| 112 | - @ if(a>0){ | |
| 113 | - @ setTimeout(bbb,1,h+a,a-1); | |
| 114 | - @ }else{ | |
| 115 | - @ aaa("x3").style.visibility="visible"; | |
| 116 | - @ aaa("x2").textContent=""; | |
| 117 | - @ aaa("x1").textContent="All clear"; | |
| 118 | - @ aaa("x6").onsubmit=function(){aaa("x3").style.visibility="hidden";}; | |
| 119 | - @ aaa("x5").focus(); | |
| 120 | - @ } | |
| 121 | - @ } | |
| 122 | - k = 800 + h2%99; | |
| 108 | + @ function bbb(h,a){\ | |
| 109 | + @ aaa("x4").value=h;\ | |
| 110 | + @ if((a%%75)==0){\ | |
| 111 | + @ aaa("x2").textContent=aaa("x2").textContent+".";\ | |
| 112 | + @ } | |
| 113 | + @ if(a>0){\ | |
| 114 | + @ setTimeout(bbb,1,h+a,a-1);\ | |
| 115 | + @ }else if(window.getComputedStyle(document.body).zIndex==='0'){\ | |
| 116 | + @ aaa("x3").style.visibility="visible";\ | |
| 117 | + @ aaa("x2").textContent="";\ | |
| 118 | + @ aaa("x1").textContent="All clear";\ | |
| 119 | + @ aaa("x6").onsubmit=function(){aaa("x3").style.visibility="hidden";};\ | |
| 120 | + @ aaa("x5").focus();\ | |
| 121 | + @ }else{\ | |
| 122 | + @ aaa("x7").style.visibility="visible";\ | |
| 123 | + @ aaa("x2").textContent="";\ | |
| 124 | + @ aaa("x3").style.display="none";\ | |
| 125 | + @ aaa("x1").textContent="Access Denied";\ | |
| 126 | + @ }\ | |
| 127 | + @ } | |
| 128 | + k = 400 + h2%299; | |
| 123 | 129 | h2 = (k*k + k)/2; |
| 124 | 130 | @ setTimeout(function(){bbb(%u(h1-h2),%u(k));},10); |
| 125 | 131 | @ </script> |
| 126 | 132 | style_finish_page(); |
| 127 | 133 | return 1; |
| @@ -131,14 +137,14 @@ | ||
| 131 | 137 | ** SETTING: robot-restrict width=40 block-text |
| 132 | 138 | ** The VALUE of this setting is a list of GLOB patterns that match |
| 133 | 139 | ** pages for which complex HTTP requests from unauthenicated clients |
| 134 | 140 | ** should be disallowed. "Unauthenticated" means the user is "nobody". |
| 135 | 141 | ** The recommended value for this setting is: |
| 136 | -** | |
| 142 | +** | |
| 137 | 143 | ** timelineX,diff,annotate,zip,fileage,file |
| 138 | 144 | ** |
| 139 | -** The "diff" tag covers all diffing pages such as /vdiff, /fdiff, and | |
| 145 | +** The "diff" tag covers all diffing pages such as /vdiff, /fdiff, and | |
| 140 | 146 | ** /vpatch. The "annotate" tag also covers /blame and /praise. "zip" |
| 141 | 147 | ** also covers /tarball and /sqlar. If a tag has an "X" character appended, |
| 142 | 148 | ** then it only applies if query parameters are such that the page is |
| 143 | 149 | ** particularly difficult to compute. |
| 144 | 150 | ** |
| 145 | 151 |
| --- src/robot.c | |
| +++ src/robot.c | |
| @@ -71,11 +71,11 @@ | |
| 71 | /* If there is already a proof-of-work cookie with this value |
| 72 | ** that means that the user agent has already authenticated. |
| 73 | */ |
| 74 | z = P(ROBOT_COOKIE); |
| 75 | if( z |
| 76 | && (atoi(z)==h1 || atoi(z)==h2) |
| 77 | && !cgi_is_qp(ROBOT_COOKIE) ){ |
| 78 | return 0; |
| 79 | } |
| 80 | |
| 81 | /* Check for a proof query parameter. If found, that means that |
| @@ -94,34 +94,40 @@ | |
| 94 | /* Ask the client to present proof-of-work */ |
| 95 | cgi_reset_content(); |
| 96 | cgi_set_content_type("text/html"); |
| 97 | style_header("Browser Verification"); |
| 98 | @ <h1 id="x1">Checking to see if you are a robot<span id="x2"></span></h1> |
| 99 | @ <form method="GET" id="x6"> |
| 100 | @ <p id="x3" style="visibility:hidden;">\ |
| 101 | @ Press <input type="submit" id="x5" value="Ok" focus> to continue</p> |
| 102 | cgi_query_parameters_to_hidden(); |
| 103 | @ <input id="x4" type="hidden" name="proof" value="0"> |
| 104 | @ </form> |
| 105 | @ <script nonce='%s(style_nonce())'> |
| 106 | @ function aaa(x){return document.getElementById(x);} |
| 107 | @ function bbb(h,a){ |
| 108 | @ aaa("x4").value=h |
| 109 | @ if((a%%75)==0){ |
| 110 | @ aaa("x2").textContent=aaa("x2").textContent+"."; |
| 111 | @ } |
| 112 | @ if(a>0){ |
| 113 | @ setTimeout(bbb,1,h+a,a-1); |
| 114 | @ }else{ |
| 115 | @ aaa("x3").style.visibility="visible"; |
| 116 | @ aaa("x2").textContent=""; |
| 117 | @ aaa("x1").textContent="All clear"; |
| 118 | @ aaa("x6").onsubmit=function(){aaa("x3").style.visibility="hidden";}; |
| 119 | @ aaa("x5").focus(); |
| 120 | @ } |
| 121 | @ } |
| 122 | k = 800 + h2%99; |
| 123 | h2 = (k*k + k)/2; |
| 124 | @ setTimeout(function(){bbb(%u(h1-h2),%u(k));},10); |
| 125 | @ </script> |
| 126 | style_finish_page(); |
| 127 | return 1; |
| @@ -131,14 +137,14 @@ | |
| 131 | ** SETTING: robot-restrict width=40 block-text |
| 132 | ** The VALUE of this setting is a list of GLOB patterns that match |
| 133 | ** pages for which complex HTTP requests from unauthenicated clients |
| 134 | ** should be disallowed. "Unauthenticated" means the user is "nobody". |
| 135 | ** The recommended value for this setting is: |
| 136 | ** |
| 137 | ** timelineX,diff,annotate,zip,fileage,file |
| 138 | ** |
| 139 | ** The "diff" tag covers all diffing pages such as /vdiff, /fdiff, and |
| 140 | ** /vpatch. The "annotate" tag also covers /blame and /praise. "zip" |
| 141 | ** also covers /tarball and /sqlar. If a tag has an "X" character appended, |
| 142 | ** then it only applies if query parameters are such that the page is |
| 143 | ** particularly difficult to compute. |
| 144 | ** |
| 145 |
| --- src/robot.c | |
| +++ src/robot.c | |
| @@ -71,11 +71,11 @@ | |
| 71 | /* If there is already a proof-of-work cookie with this value |
| 72 | ** that means that the user agent has already authenticated. |
| 73 | */ |
| 74 | z = P(ROBOT_COOKIE); |
| 75 | if( z |
| 76 | && (atoi(z)==h1 || atoi(z)==h2) |
| 77 | && !cgi_is_qp(ROBOT_COOKIE) ){ |
| 78 | return 0; |
| 79 | } |
| 80 | |
| 81 | /* Check for a proof query parameter. If found, that means that |
| @@ -94,34 +94,40 @@ | |
| 94 | /* Ask the client to present proof-of-work */ |
| 95 | cgi_reset_content(); |
| 96 | cgi_set_content_type("text/html"); |
| 97 | style_header("Browser Verification"); |
| 98 | @ <h1 id="x1">Checking to see if you are a robot<span id="x2"></span></h1> |
| 99 | @ <form method="GET" id="x6"><p> |
| 100 | @ <span id="x3" style="visibility:hidden;">\ |
| 101 | @ Press <input type="submit" id="x5" value="Ok" focus> to continue</span> |
| 102 | @ <span id="x7" style="visibility:hidden;">You appear to be a robot.</span></p> |
| 103 | cgi_query_parameters_to_hidden(); |
| 104 | @ <input id="x4" type="hidden" name="proof" value="0"> |
| 105 | @ </form> |
| 106 | @ <script nonce='%s(style_nonce())'> |
| 107 | @ function aaa(x){return document.getElementById(x);} |
| 108 | @ function bbb(h,a){\ |
| 109 | @ aaa("x4").value=h;\ |
| 110 | @ if((a%%75)==0){\ |
| 111 | @ aaa("x2").textContent=aaa("x2").textContent+".";\ |
| 112 | @ } |
| 113 | @ if(a>0){\ |
| 114 | @ setTimeout(bbb,1,h+a,a-1);\ |
| 115 | @ }else if(window.getComputedStyle(document.body).zIndex==='0'){\ |
| 116 | @ aaa("x3").style.visibility="visible";\ |
| 117 | @ aaa("x2").textContent="";\ |
| 118 | @ aaa("x1").textContent="All clear";\ |
| 119 | @ aaa("x6").onsubmit=function(){aaa("x3").style.visibility="hidden";};\ |
| 120 | @ aaa("x5").focus();\ |
| 121 | @ }else{\ |
| 122 | @ aaa("x7").style.visibility="visible";\ |
| 123 | @ aaa("x2").textContent="";\ |
| 124 | @ aaa("x3").style.display="none";\ |
| 125 | @ aaa("x1").textContent="Access Denied";\ |
| 126 | @ }\ |
| 127 | @ } |
| 128 | k = 400 + h2%299; |
| 129 | h2 = (k*k + k)/2; |
| 130 | @ setTimeout(function(){bbb(%u(h1-h2),%u(k));},10); |
| 131 | @ </script> |
| 132 | style_finish_page(); |
| 133 | return 1; |
| @@ -131,14 +137,14 @@ | |
| 137 | ** SETTING: robot-restrict width=40 block-text |
| 138 | ** The VALUE of this setting is a list of GLOB patterns that match |
| 139 | ** pages for which complex HTTP requests from unauthenicated clients |
| 140 | ** should be disallowed. "Unauthenticated" means the user is "nobody". |
| 141 | ** The recommended value for this setting is: |
| 142 | ** |
| 143 | ** timelineX,diff,annotate,zip,fileage,file |
| 144 | ** |
| 145 | ** The "diff" tag covers all diffing pages such as /vdiff, /fdiff, and |
| 146 | ** /vpatch. The "annotate" tag also covers /blame and /praise. "zip" |
| 147 | ** also covers /tarball and /sqlar. If a tag has an "X" character appended, |
| 148 | ** then it only applies if query parameters are such that the page is |
| 149 | ** particularly difficult to compute. |
| 150 | ** |
| 151 |