Fossil

Diff
Login
Home Timeline Docs Branches Tickets Wiki DownloadMore...
Annotate Patch Unified Diff

Differences From Artifact [5baa19a379]:

To Artifact [bb9754f8b8]:

1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541

*/
static void cgi_begone_spider(void){
  Blob content = empty_blob;

  cgi_set_content(&content);
  style_set_current_feature("test");
  style_header("Malicious Query Detected");
  @ <h2>Begone, Hacker!</h2>
  @ <p>This page was generated because Fossil believes it has
  @ detected an SQL injection attack. If you believe you are seeing
  @ this in error, contact the developers on the Fossil-SCM Forum.  Type
  @ "fossil-scm forum" into any search engine to locate the Fossil-SCM Forum.
  style_finish_page();
  cgi_set_status(404,"Robot Attack Detected");
  cgi_reply();
  exit(0);
}

/*
** If looks_like_sql_injection() returns true for the given string, calls
** cgi_begin_spider() and does not return, else this function has no
** side effects. The range of checks performed by this function may
** be extended in the future.
**
** Checks are omitted for any logged-in user.
**
** This is NOT a defense against SQL injection.  Fossil should easily be
** proof against SQL injection without this routine.  Rather, this is an








|












|








1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541

*/
static void cgi_begone_spider(void){
  Blob content = empty_blob;

  cgi_set_content(&content);
  style_set_current_feature("test");
  style_header("Malicious Query Detected");
  @ <h2>Begone, Fiend!</h2>
  @ <p>This page was generated because Fossil believes it has
  @ detected an SQL injection attack. If you believe you are seeing
  @ this in error, contact the developers on the Fossil-SCM Forum.  Type
  @ "fossil-scm forum" into any search engine to locate the Fossil-SCM Forum.
  style_finish_page();
  cgi_set_status(404,"Robot Attack Detected");
  cgi_reply();
  exit(0);
}

/*
** If looks_like_sql_injection() returns true for the given string, calls
** cgi_begone_spider() and does not return, else this function has no
** side effects. The range of checks performed by this function may
** be extended in the future.
**
** Checks are omitted for any logged-in user.
**
** This is NOT a defense against SQL injection.  Fossil should easily be
** proof against SQL injection without this routine.  Rather, this is an
This page was generated in about 0.015s by Fossil 2.26 [1205ec86cb] 2025-04-30 16:57:32