Fossil

Diff
Login
Home Timeline Docs Branches Tickets Wiki DownloadMore...
Annotate Patch Unified Diff

Differences From Artifact [bb71f5b44e]:

To Artifact [2627b3909d]:

1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524

1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545

** Renders the "begone, spider" page and exits.
*/
static void cgi_begone_spider(void){
  Blob content = empty_blob;

  cgi_set_content(&content);
  style_set_current_feature("test");
  style_header("Spider Detected");
  @ <h2>Begone, Spider!</h2>
  @ <p>This page was generated because Fossil believes it has
  @ detected a spider-based attack. If you believe you are seeing
  @ this in error, please contact us on the forum: https://fossil-scm.org/forum

  style_finish_page();
  cgi_set_status(404,"Spider Detected");
  cgi_reply();
  exit(0);
}

/*
** If might_be_sql() returns true for the given string, calls
** cgi_begin_spider() and does not return, else this function has no
** side effects. The range of checks performed by this function may
** be extended in the future.
*/
void cgi_value_spider_check(const char *zTxt){
  if( might_be_sql(zTxt) ){
    cgi_begone_spider();
  }
}

/*
** A variant of cgi_parameter() with the same semantics except that if
** cgi_parameter(zName,zDefault) returns a value other than zDefault








|
|

|
|
>

|





|





|








1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546

** Renders the "begone, spider" page and exits.
*/
static void cgi_begone_spider(void){
  Blob content = empty_blob;

  cgi_set_content(&content);
  style_set_current_feature("test");
  style_header("Malicious Query Detected");
  @ <h2>Begone, Hacker!</h2>
  @ <p>This page was generated because Fossil believes it has
  @ detected an SQL injection attack. If you believe you are seeing
  @ this in error, contact the developers on the Fossil-SCM Forum.  Type
  @ "fossil-scm forum" into any search engine to locate the Fossil-SCM Forum.
  style_finish_page();
  cgi_set_status(404,"Robot Attack Detected");
  cgi_reply();
  exit(0);
}

/*
** If looks_like_sql_injection() returns true for the given string, calls
** cgi_begin_spider() and does not return, else this function has no
** side effects. The range of checks performed by this function may
** be extended in the future.
*/
void cgi_value_spider_check(const char *zTxt){
  if( looks_like_sql_injection(zTxt) ){
    cgi_begone_spider();
  }
}

/*
** A variant of cgi_parameter() with the same semantics except that if
** cgi_parameter(zName,zDefault) returns a value other than zDefault
This page was generated in about 0.017s by Fossil 2.26 [1205ec86cb] 2025-04-30 16:57:32