162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
|
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
|
-
+
|
}
cgi_tag_query_parameter("proof");
}
/* Condition 4: If there is a "token=VALUE" query parameter with a
** valid VALUE argument, then assume that the request is coming from
** either an interactive human session, or an authorized robot that we
** want to treat as human. All it through and also set the robot cookie.
** want to treat as human. Allow it through and also set the robot cookie.
*/
z = P("token");
if( z!=0 ){
if( db_exists("SELECT 1 FROM config"
" WHERE name='token-%q'"
" AND json_valid(value,6)"
" AND value->>'user' IS NOT NULL", z)
|
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
|
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
|
+
-
-
-
-
+
+
+
+
-
-
-
+
+
+
+
+
|
** The VALUE of this setting is a list of GLOB patterns that match
** pages for which complex HTTP requests from unauthenticated clients
** should be disallowed. "Unauthenticated" means the user is "nobody".
** The recommended value for this setting is:
**
** timelineX,diff,annotate,fileage,file,finfo,reports,tree,download,hexdump
**
** Usually the tag should exactly match the page name. The "diff" tag
** The "diff" tag covers all diffing pages such as /vdiff, /fdiff, and
** /vpatch. The "annotate" tag also covers /blame and /praise. "zip"
** also covers /tarball and /sqlar. If a tag has an "X" character appended
** then it only applies if query parameters are such that the page is
** covers all diffing pages such as /vdiff, /fdiff, and /vpatch. The
** "annotate" tag also covers /blame and /praise. "zip" also covers
** /tarball and /sqlar. If a tag has an "X" character appended then it
** only applies if query parameters are such that the page is particularly
** particularly difficult to compute. In all other case, the tag should
** exactly match the page name. Useful "X" tags include "timelineX" and
** "zipX". See the [[robot-zip-leaf]] and [[robot-zip-tag]] settings
|
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
|
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
|
+
+
+
+
+
|
return "timelineX,diff,annotate,fileage,file,finfo,reports,"
"tree,hexdump,download";
}
/*
** Return true if zTag matches one of the tags in the robot-restrict
** setting.
**
** A zTag of "*" matches anything.
*/
static int robot_restrict_has_tag(const char *zTag){
static const char *zGlob = 0;
if( zGlob==0 ){
zGlob = db_get("robot-restrict",robot_restrict_default());
if( zGlob==0 ) zGlob = "";
}
if( zGlob[0]==0 || fossil_strcmp(zGlob, "off")==0 ){
return 0;
}
if( zTag==0 || (zTag[0]=='*' && zTag[1]==0) ){
return 1;
}
return glob_multi_match(zGlob,zTag);
}
/*
** Check the request URI to see if it matches one of the URI
** exceptions listed in the robot-exception setting. Return true
|