Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
11 check-ins related to "verify-options-cgi"
|
2023-07-18
| ||
| 13:36 | Improved defense against denial-of-service caused by hackers pounding Fossil with repeated requests that contain SQL injection attempts. If SQL injection is attempted, return a "Begone, Knave!" page with status code 418. check-in: 57f1e87254 user: drh tags: trunk | |
|
2023-07-17
| ||
| 12:31 | Fix should have gone on the verify-options-cgi branch, not on trunk. Closed-Leaf check-in: d276fd9b77 user: drh tags: verify-options-cgi | |
| 12:28 | Make sure query parameter "t" is marked as isFetched even if it is renamed from "r". check-in: 2b72f337be user: drh tags: trunk | |
| 12:18 | In /raw and /secureraw, ensure that the "m" and "at" vars are fetched before the malice check. Typo fix in cgi.c. check-in: 83015b0d9a user: stephan tags: verify-options-cgi | |
| 12:13 | Improvements to the algorithm for detecting likely SQL injection text. check-in: 5d6efeee47 user: drh tags: verify-options-cgi | |
| 11:44 | Improve the error log message for 418 responses so that it includes the name of the offending query parameter. Require whitespace around keywords when trying to detect SQL. check-in: ef1702fde3 user: drh tags: verify-options-cgi | |
|
2023-07-16
| ||
| 20:55 | Fix typo on the 418 status code name. check-in: f39c878fe1 user: drh tags: verify-options-cgi | |
| 20:47 | Add calls to cgi_check_for_malice() on many more web pages. Log all 418 responses to the error log. check-in: 40266bf9b2 user: drh tags: verify-options-cgi | |
| 10:35 | Rename verify_all_options_cgi() to cgi_check_for_malice(). Add more comments explaining what the function is intended for. Add calls to cgi_check_for_malice() to a few new webpages. check-in: 5a8063a8cb user: drh tags: verify-options-cgi | |
|
2023-07-15
| ||
| 13:57 | Add verify_all_options_cgi(), which works similarly to verify_all_options() but only fails if it finds CGI GET/POST arguments which (A) have not been fetched via P(), PD(), or similar, and (B) fail cgi_value_spider_check(). Currently only applied on the /ci page. check-in: a065940a74 user: stephan tags: verify-options-cgi | |
|
2023-07-13
| ||
| 12:13 | Reconcile a test in the FTS search with its original intent in [196dfedf7fc]; reported in [forum:fa13ae06d|forum post fa13ae06d]. check-in: e88211628b user: danield tags: trunk | |