Fossil

Check-in [7c57a20ebd]
Login

Check-in [7c57a20ebd]

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Add a comment explaining why document.body's z-level is explicitly set to 0. Remove some EOL whitespace.
Downloads: Tarball | ZIP archive
Timelines: family | ancestors | descendants | both | robotck-instant
Files: files | file ages | folders
SHA3-256: 7c57a20ebd8e62168055426b6d639a26cc9ed6e51d81d55019202c280893c91d
User & Date: stephan 2025-08-17 13:21:15.573
Context
2025-08-17
15:37
Move the z-level style into default.css, in case the adversaries read inlined STYLE tags (which now, in hindsight, seems more likely to me). Change the HTTP result code from robot_proofofwork() to a non-200 code, the hope being that the adversaries will stop on a non-200 code. ... (check-in: c7ad43638d user: stephan tags: robotck-instant)
13:21
Add a comment explaining why document.body's z-level is explicitly set to 0. Remove some EOL whitespace. ... (check-in: 7c57a20ebd user: stephan tags: robotck-instant)
12:29
Fix the previous checkin to actually compute the work value. This slows it down by a tiny fraction of a second but it's still effectively instant. This calculation can be moved up a level into the C code to turn this back into an instant operation, but leaving it on the client seems like a reasonable choice. ... (check-in: c27cfa9f60 user: stephan tags: robotck-instant)
Changes
Unified Diff Ignore Whitespace Patch
Changes to src/robot.c. 
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83

  h2 = (h2 % 900000000) + 100000000;

  /* If there is already a proof-of-work cookie with this value
  ** that means that the user agent has already authenticated.
  */
  z = P(ROBOT_COOKIE);
  if( z
   && (atoi(z)==h1 || atoi(z)==h2) 
   && !cgi_is_qp(ROBOT_COOKIE) ){
    return 0;
  }

  /* Check for a proof query parameter.  If found, that means that
  ** the captcha has just now passed, so set the proof-of-work cookie
  ** in addition to letting the request through.








|








69
70
71
72
73
74
75
76
77
78
79
80
81
82
83

  h2 = (h2 % 900000000) + 100000000;

  /* If there is already a proof-of-work cookie with this value
  ** that means that the user agent has already authenticated.
  */
  z = P(ROBOT_COOKIE);
  if( z
   && (atoi(z)==h1 || atoi(z)==h2)
   && !cgi_is_qp(ROBOT_COOKIE) ){
    return 0;
  }

  /* Check for a proof query parameter.  If found, that means that
  ** the captcha has just now passed, so set the proof-of-work cookie
  ** in addition to letting the request through.

130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147


/*
** SETTING: robot-restrict                width=40 block-text
** The VALUE of this setting is a list of GLOB patterns that match
** pages for which complex HTTP requests from unauthenicated clients
** should be disallowed.  "Unauthenticated" means the user is "nobody".
** The recommended value for this setting is:
** 
**     timelineX,diff,annotate,zip,fileage,file
**
** The "diff" tag covers all diffing pages such as /vdiff, /fdiff, and 
** /vpatch.  The "annotate" tag also covers /blame and /praise.  "zip"
** also covers /tarball and /sqlar.  If a tag has an "X" character appended,
** then it only applies if query parameters are such that the page is
** particularly difficult to compute.
**
** In all other case, the tag should exactly match the page name.
*/








|


|








130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147


/*
** SETTING: robot-restrict                width=40 block-text
** The VALUE of this setting is a list of GLOB patterns that match
** pages for which complex HTTP requests from unauthenicated clients
** should be disallowed.  "Unauthenticated" means the user is "nobody".
** The recommended value for this setting is:
**
**     timelineX,diff,annotate,zip,fileage,file
**
** The "diff" tag covers all diffing pages such as /vdiff, /fdiff, and
** /vpatch.  The "annotate" tag also covers /blame and /praise.  "zip"
** also covers /tarball and /sqlar.  If a tag has an "X" character appended,
** then it only applies if query parameters are such that the page is
** particularly difficult to compute.
**
** In all other case, the tag should exactly match the page name.
*/
Changes to src/style.c. 
825
826
827
828
829
830
831

832
833
834
835
836
837
838

  sideboxUsed = 0;
  if( g.perm.Debug && P("showqp") ){
    @ <div class="debug">
    cgi_print_all(0, 0, 0);
    @ </div>
  }
  @ <style>body { z-index: 0 }</style>

  fossil_free(zTitle);
}

#if INTERFACE
/* Allowed parameters for style_adunit() */
#define ADUNIT_OFF        0x0001       /* Do not allow ads on this page */
#define ADUNIT_RIGHT_OK   0x0002       /* Right-side vertical ads ok here */








>








825
826
827
828
829
830
831
832
833
834
835
836
837
838
839

  sideboxUsed = 0;
  if( g.perm.Debug && P("showqp") ){
    @ <div class="debug">
    cgi_print_all(0, 0, 0);
    @ </div>
  }
  @ <style>body { z-index: 0 }</style>
  /* ^^^^ part of robot.c:robot_proofofwork() */
  fossil_free(zTitle);
}

#if INTERFACE
/* Allowed parameters for style_adunit() */
#define ADUNIT_OFF        0x0001       /* Do not allow ads on this page */
#define ADUNIT_RIGHT_OK   0x0002       /* Right-side vertical ads ok here */