Fossil

static int seqQP = 0;    /* Sequence numbers */
static struct QParam {   /* One entry for each query parameter or cookie */
  const char *zName;        /* Parameter or cookie name */
  const char *zValue;       /* Value of the query parameter or cookie */
  int seq;                  /* Order of insertion */
  char isQP;                /* True for query parameters */
  char cTag;                /* Tag on query parameters */
  char isFetched;           /* 1 if the var is requested via P/PD() */
} *aParamQP;             /* An array of all parameters and cookies */

/*
** Add another query parameter or cookie to the parameter set.
** zName is the name of the query parameter or cookie and zValue
** is its fully decoded value.
**

  aParamQP[nUsedQP].zValue = zValue;
  if( g.fHttpTrace ){
    fprintf(stderr, "# cgi: %s = [%s]\n", zName, zValue);
  }
  aParamQP[nUsedQP].seq = seqQP++;
  aParamQP[nUsedQP].isQP = isQP;
  aParamQP[nUsedQP].cTag = 0;
  aParamQP[nUsedQP].isFetched = 0;
  nUsedQP++;
  sortQP = 1;
}

/*
** Add another query parameter or cookie to the parameter set.
** zName is the name of the query parameter or cookie and zValue

  lo = 0;
  hi = nUsedQP-1;
  while( lo<=hi ){
    mid = (lo+hi)/2;
    c = fossil_strcmp(aParamQP[mid].zName, zName);
    if( c==0 ){
      CGIDEBUG(("mem-match [%s] = [%s]\n", zName, aParamQP[mid].zValue));
      aParamQP[mid].isFetched = 1;
      return aParamQP[mid].zValue;
    }else if( c>0 ){
      hi = mid-1;
    }else{
      lo = mid+1;
    }
  }

  style_header("Malicious Query Detected");
  @ <h2>Begone, Fiend!</h2>
  @ <p>This page was generated because Fossil believes it has
  @ detected an SQL injection attack. If you believe you are seeing
  @ this in error, contact the developers on the Fossil-SCM Forum.  Type
  @ "fossil-scm forum" into any search engine to locate the Fossil-SCM Forum.
  style_finish_page();
  cgi_set_status(418,"Robot Attack Detected");
  cgi_reply();
  exit(0);
}

/*
** If looks_like_sql_injection() returns true for the given string, calls
** cgi_begone_spider() and does not return, else this function has no

      if( fossil_strnicmp("fossil-",zName,7)==0 ) continue;
    }
    switch( eDest ){
      case 0: {
        cgi_printf("%h = %h  <br>\n", zName, aParamQP[i].zValue);
        break;
      }
      case 1: {
        fossil_trace("%s = %s\n", zName, aParamQP[i].zValue);
        break;
      }
      case 2: {
        cgi_debug("%s = %s\n", zName, aParamQP[i].zValue);
        break;
      }

*/
int cgi_from_mobile(void){
  const char *zAgent = P("HTTP_USER_AGENT");
  if( zAgent==0 ) return 0;
  if( sqlite3_strglob("*iPad*", zAgent)==0 ) return 0;
  return sqlite3_strlike("%mobile%", zAgent, 0)==0;
}

/*
** If the CGI environment contains any parameters which were not
** fetched via P(), PD(), or equivalent, its value is passed to
** cgi_value_spider_check(), fatally failing if the value looks to be
** malicious. The intent is to block attempts at attacks which post
** apparent SQL injection attempts using arbitrary query parameter
** names.
*/
void verify_all_options_cgi(void){
  struct QParam * pParam;
  int i;
  for(i = 0; i < nUsedQP; ++i){
    pParam = &aParamQP[i];
    if(0 == pParam->isFetched
       && fossil_islower(pParam->zName[0])){
      cgi_value_spider_check(pParam->zValue);
    }
  }
}