1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
|
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
|
-
+
-
+
|
*/
static void cgi_begone_spider(void){
Blob content = empty_blob;
cgi_set_content(&content);
style_set_current_feature("test");
style_header("Malicious Query Detected");
@ <h2>Begone, Hacker!</h2>
@ <h2>Begone, Fiend!</h2>
@ <p>This page was generated because Fossil believes it has
@ detected an SQL injection attack. If you believe you are seeing
@ this in error, contact the developers on the Fossil-SCM Forum. Type
@ "fossil-scm forum" into any search engine to locate the Fossil-SCM Forum.
style_finish_page();
cgi_set_status(404,"Robot Attack Detected");
cgi_reply();
exit(0);
}
/*
** If looks_like_sql_injection() returns true for the given string, calls
** cgi_begin_spider() and does not return, else this function has no
** cgi_begone_spider() and does not return, else this function has no
** side effects. The range of checks performed by this function may
** be extended in the future.
**
** Checks are omitted for any logged-in user.
**
** This is NOT a defense against SQL injection. Fossil should easily be
** proof against SQL injection without this routine. Rather, this is an
|