Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
Comment: | Enhancement to robot defense. The auto-hyperlink setting can now be 2 (UserAgent only) in which case the UserAgent string is consulted and hyperlinks are generated if and only if the UserAgent looks human. Javascript does not come into play. When auto-hyperlink is 1, the traditional Javascript changes to href= in anchor tags are still used. |
---|---|
Downloads: | Tarball | ZIP archive | SQL archive |
Timelines: | family | ancestors | descendants | both | trunk |
Files: | files | file ages | folders |
SHA3-256: |
df337eb61c8e6327449f315bfd57ec14 |
User & Date: | drh 2022-02-12 20:30:09 |
Context
2022-02-12
| ||
20:53 | Update the defense-against-robots documentation to align with current behavior. ... (check-in: c9082b29 user: drh tags: trunk) | |
20:30 | Enhancement to robot defense. The auto-hyperlink setting can now be 2 (UserAgent only) in which case the UserAgent string is consulted and hyperlinks are generated if and only if the UserAgent looks human. Javascript does not come into play. When auto-hyperlink is 1, the traditional Javascript changes to href= in anchor tags are still used. ... (check-in: df337eb6 user: drh tags: trunk) | |
13:55 | Do not require mouse events for auto-hyperlink if the UserAgent string includes "Android". Describe the Safari visited/unvisited link limitation on the auto-hyperlink setting. ... (check-in: cef15ed3 user: drh tags: trunk) | |
Changes
Changes to src/db.c.
︙ | ︙ | |||
3867 3868 3869 3870 3871 3872 3873 | /* ** SETTING: auto-captcha boolean default=on variable=autocaptcha ** If enabled, the /login page provides a button that will automatically ** fill in the captcha password. This makes things easier for human users, ** at the expense of also making logins easier for malicious robots. */ /* | | > | < | > | > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > | 3867 3868 3869 3870 3871 3872 3873 3874 3875 3876 3877 3878 3879 3880 3881 3882 3883 3884 3885 3886 3887 3888 3889 3890 3891 3892 3893 3894 3895 3896 3897 3898 3899 3900 3901 3902 3903 3904 3905 3906 3907 3908 3909 3910 3911 3912 3913 3914 3915 3916 3917 3918 | /* ** SETTING: auto-captcha boolean default=on variable=autocaptcha ** If enabled, the /login page provides a button that will automatically ** fill in the captcha password. This makes things easier for human users, ** at the expense of also making logins easier for malicious robots. */ /* ** SETTING: auto-hyperlink width=16 default=1 ** ** If non-zero, enable hyperlinks on web pages even for users that lack ** the "h" privilege as long as the UserAgent string in the HTTP request ** (The HTTP_USER_AGENT cgi variable) looks like it comes from a human and ** not a robot. Details depend on the value of the setting. ** ** (0) Off: No adjustments are made to the 'h' privilege based on ** the user agent. ** ** (1) UserAgent and Javascript: The the href= values of hyperlinks ** initially point to /honeypot and are changed to point to the ** correct target by javascript that runs after the page loads. ** The auto-hyperlink-delay and auto-hyperlink-mouseover settings ** influence that javascript. ** ** (2) UserAgent only: If the HTTP_USER_AGENT looks human ** then generate hyperlinks, otherwise do not. ** ** Better robot exclusion is obtained when this setting is 1 versus 2. ** However, a value of 1 causes the visited/unvisited colors of hyperlinks ** to stop working on Safari-derived web browsers. When this setting is 2, ** the hyperlinks work better on Safari, but more robots are able to sneak ** in. */ /* SETTING: auto-hyperlink-delay width=16 default=0 ** ** When the auto-hyperlink setting is 1, the javascript that runs to set ** the href= attributes of hyperlinks delays by this many milliseconds ** after the page load. Suggested values: 50 to 200. */ /* Setting: auto-hyperlink-mouseover boolean default=off ** ** When the auto-hyperlink setting is 1 and this setting is on, the ** javascript that runs to set the href= attributes of hyperlinks waits ** until either a mousedown or mousemove event is seen. This helps ** to distinguish real users from robots. For maximum robot defense, ** the recommended setting is ON. */ /* ** SETTING: auto-shun boolean default=on ** If enabled, automatically pull the shunning list ** from a server to which the client autosyncs. */ /* |
︙ | ︙ |
Changes to src/login.c.
︙ | ︙ | |||
1176 1177 1178 1179 1180 1181 1182 | ** who do not have the "h" permission as long as their UserAgent string ** makes it appear that they are human. Check to see if auto-hyperlink is ** enabled for this repository and make appropriate adjustments to the ** permission flags if it is. This should be done before the permissions ** are (potentially) copied to the anonymous permission set; otherwise, ** those will be out-of-sync. */ | < | < | | > | > | > | 1176 1177 1178 1179 1180 1181 1182 1183 1184 1185 1186 1187 1188 1189 1190 1191 1192 1193 1194 1195 1196 1197 | ** who do not have the "h" permission as long as their UserAgent string ** makes it appear that they are human. Check to see if auto-hyperlink is ** enabled for this repository and make appropriate adjustments to the ** permission flags if it is. This should be done before the permissions ** are (potentially) copied to the anonymous permission set; otherwise, ** those will be out-of-sync. */ if( zCap[0] && !g.perm.Hyperlink && g.isHuman ){ int autoLink = db_get_int("auto-hyperlink",1); if( autoLink==1 ){ g.jsHref = 1; g.perm.Hyperlink = 1; }else if( autoLink==2 ){ g.perm.Hyperlink = 1; } } /* ** At this point, the capabilities for the logged in user are not going ** to be modified anymore; therefore, we can copy them over to the ones ** for the anonymous user. ** |
︙ | ︙ |
Changes to src/main.c.
︙ | ︙ | |||
204 205 206 207 208 209 210 | int fTimeFormat; /* 1 for UTC. 2 for localtime. 0 not yet selected */ int *aCommitFile; /* Array of files to be committed */ int markPrivate; /* All new artifacts are private if true */ char *ckinLockFail; /* Check-in lock failure received from server */ int clockSkewSeen; /* True if clocks on client and server out of sync */ int wikiFlags; /* Wiki conversion flags applied to %W */ char isHTTP; /* True if server/CGI modes, else assume CLI. */ | | | 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 | int fTimeFormat; /* 1 for UTC. 2 for localtime. 0 not yet selected */ int *aCommitFile; /* Array of files to be committed */ int markPrivate; /* All new artifacts are private if true */ char *ckinLockFail; /* Check-in lock failure received from server */ int clockSkewSeen; /* True if clocks on client and server out of sync */ int wikiFlags; /* Wiki conversion flags applied to %W */ char isHTTP; /* True if server/CGI modes, else assume CLI. */ char jsHref; /* If true, set href= using javascript, not HTML */ Blob httpHeader; /* Complete text of the HTTP request header */ UrlData url; /* Information about current URL */ const char *zLogin; /* Login name. NULL or "" if not logged in. */ const char *zCkoutAlias; /* doc/ uses this branch as an alias for "ckout" */ const char *zMainMenuFile; /* --mainmenu FILE from server/ui/cgi */ const char *zSSLIdentity; /* Value of --ssl-identity option, filename of ** SSL client identity */ |
︙ | ︙ |
Changes to src/security_audit.c.
︙ | ︙ | |||
485 486 487 488 489 490 491 | @ robots walking a nearly endless progression of pages on public-facing @ repositories, causing excessive server load and possible DoS. @ Suggested remediation: @ <ol type="a"> @ <li>Remove the 'h' privilege from the @ <a href="%R/setup_uedit?id=%d(nobodyId)">'nobody' user</a> so that @ robots cannot see hyperlinks. | | | | 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 | @ robots walking a nearly endless progression of pages on public-facing @ repositories, causing excessive server load and possible DoS. @ Suggested remediation: @ <ol type="a"> @ <li>Remove the 'h' privilege from the @ <a href="%R/setup_uedit?id=%d(nobodyId)">'nobody' user</a> so that @ robots cannot see hyperlinks. @ <li>Activate <a href="%R/setup_robot">autohyperlink</a> so that @ human readers can still see hyperlinks even if they are not logged in. @ Set the delay to at least 50 milliseconds and require a mouse @ event for maximum robot defense. if( anonId>0 ){ @ <li>Perhaps set the 'h' privilege on the @ <a href="%R/setup_uedit?id=%d(anonId)">'anonymous' user</a> so @ that humans that have javascript disabled in their browsers can @ still see hyperlinks if they will log in as "anonymous". } |
︙ | ︙ |
Changes to src/setup.c.
︙ | ︙ | |||
109 110 111 112 113 114 115 116 117 118 119 120 121 122 | "Control access settings."); setup_menu_entry("Configuration", "setup_config", "Configure the WWW components of the repository"); } setup_menu_entry("Security-Audit", "secaudit0", "Analyze the current configuration for security problems"); if( setup_user ){ setup_menu_entry("Settings", "setup_settings", "Web interface to the \"fossil settings\" command"); } setup_menu_entry("Timeline", "setup_timeline", "Timeline display preferences"); if( setup_user ){ setup_menu_entry("Login-Group", "setup_login_group", | > > | 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 | "Control access settings."); setup_menu_entry("Configuration", "setup_config", "Configure the WWW components of the repository"); } setup_menu_entry("Security-Audit", "secaudit0", "Analyze the current configuration for security problems"); if( setup_user ){ setup_menu_entry("Robot-Defense", "setup_robot", "Settings for configure defense against robots"); setup_menu_entry("Settings", "setup_settings", "Web interface to the \"fossil settings\" command"); } setup_menu_entry("Timeline", "setup_timeline", "Timeline display preferences"); if( setup_user ){ setup_menu_entry("Login-Group", "setup_login_group", |
︙ | ︙ | |||
320 321 322 323 324 325 326 327 328 329 330 331 332 333 | for(i=0; i<nChoice*2; i+=2){ const char *zSel = fossil_strcmp(azChoice[i],z)==0 ? " selected" : ""; @ <option value="%h(azChoice[i])"%s(zSel)>%h(azChoice[i+1])</option> } @ </select> <b>%h(zLabel)</b> } /* ** WEBPAGE: setup_access ** ** The access-control settings page. Requires Setup privileges. */ void setup_access(void){ | > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > | 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 | for(i=0; i<nChoice*2; i+=2){ const char *zSel = fossil_strcmp(azChoice[i],z)==0 ? " selected" : ""; @ <option value="%h(azChoice[i])"%s(zSel)>%h(azChoice[i+1])</option> } @ </select> <b>%h(zLabel)</b> } /* ** Insert code into the current page that allows the user to configure ** auto-hyperlink related robot defense settings. */ static void addAutoHyperlinkSettings(void){ static const char *const azDefenseOpts[] = { "0", "Off", "2", "UserAgent only", "1", "UserAgent and Javascript", }; multiple_choice_attribute( "Enable hyperlinks base on User-Agent and/or Javascript", "auto-hyperlink", "autohyperlink", "1", count(azDefenseOpts)/2, azDefenseOpts); @ <p>Enable hyperlinks (the equivalent of the "h" permission) for all users, @ including user "nobody", as long as the User-Agent string in the @ HTTP header indicates that the request is coming from an actual human @ being. If this setting is "UserAgent only" (2) then the @ UserAgent string is the only factor considered. If the value of this @ setting is "UserAgent And Javascript" (1) then Javascript is added that @ runs after the page loads and fills in the href= values of <a> @ elements. In either case, <a> tags are only generated if the @ UserAgent string indicates that the request is coming from a human and @ not a robot. @ @ <p>This setting is designed to give easy access to humans while @ keeping out robots. @ You do not normally want a robot to walk your entire repository because @ if it does, your server will end up computing diffs and annotations for @ every historical version of every file and creating ZIPs and tarballs of @ every historical check-in, which can use a lot of CPU and bandwidth @ even for relatively small projects.</p> @ @ <p>The "UserAgent and Javascript" value for this setting provides @ superior protection from robots. However, that setting also prevents @ the visited/unvisited colors on hyperlinks from displaying correctly @ on Safara-derived browsers. (Chrome and Firefox work fine.) Since @ Safari is the underlying rendering engine on all iPhones and iPads, @ this means that hyperlink visited/unvisited colors will not operate @ on those platforms when "UserAgent and Javascript" is selected.</p> @ @ <p>Additional parameters that control the behavior of Javascript:</p> @ <blockquote> entry_attribute("Delay in milliseconds before enabling hyperlinks", 5, "auto-hyperlink-delay", "ah-delay", "50", 0); @ <br /> onoff_attribute("Also require a mouse event before enabling hyperlinks", "auto-hyperlink-mouseover", "ahmo", 0, 0); @ </blockquote> @ <p>For maximum robot defense, "Delay" should be at least 50 milliseconds @ and "require a mouse event" should be turned on. These values only come @ into play when the main auto-hyperlink settings is 2 ("UserAgent and @ Javascript").</p> @ @ <p>To see if Javascript-base hyperlink enabling mechanism is working, @ visit the <a href="%R/test_env">/test_env</a> page (from a separate @ web browser that is not logged in, even as "anonymous") and verify @ that the "g.jsHref" value is "1".</p> @ <p>(Properties: "auto-hyperlink", "auto-hyperlink-delay", and @ "auto-hyperlink-mouseover"")</p> } /* ** WEBPAGE: setup_robot ** ** Settings associated with defense against robots. Requires setup privilege. */ void setup_robots(void){ login_check_credentials(); if( !g.perm.Setup ){ login_needed(0); return; } style_set_current_feature("setup"); style_header("Robot Defense Settings"); db_begin_transaction(); @ <p>A Fossil website can have billions of pages in its tree, even for a @ modest project. Many of those pages (examples: diffs and tarballs) @ might be expensive to compute. A robot that tries to walk the entire @ website can present a crippling CPU and bandwidth load. @ @ <p>The settings on this page are intended to help site administrators @ defend the site against robots. @ @ <form action="%R/setup_robot" method="post"><div> login_insert_csrf_secret(); @ <input type="submit" name="submit" value="Apply Changes" /></p> @ <hr /> addAutoHyperlinkSettings(); @ <hr /> @ <p><input type="submit" name="submit" value="Apply Changes" /></p> @ </div></form> db_end_transaction(0); style_finish_page(); } /* ** WEBPAGE: setup_access ** ** The access-control settings page. Requires Setup privileges. */ void setup_access(void){ |
︙ | ︙ | |||
458 459 460 461 462 463 464 | @ computer is too large. Set the threshold for disallowing expensive @ computations here. Set this to 0.0 to disable the load average limit. @ This limit is only enforced on Unix servers. On Linux systems, @ access to the /proc virtual filesystem is required, which means this limit @ might not work inside a chroot() jail. @ (Property: "max-loadavg")</p> | | | | < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < | | 555 556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571 572 573 | @ computer is too large. Set the threshold for disallowing expensive @ computations here. Set this to 0.0 to disable the load average limit. @ This limit is only enforced on Unix servers. On Linux systems, @ access to the /proc virtual filesystem is required, which means this limit @ might not work inside a chroot() jail. @ (Property: "max-loadavg")</p> /* Add the auto-hyperlink settings controls. These same controls ** are also accessible from the /setup_robot page. */ @ <hr /> addAutoHyperlinkSettings(); @ <hr /> onoff_attribute("Require a CAPTCHA if not logged in", "require-captcha", "reqcapt", 1, 0); @ <p>Require a CAPTCHA for edit operations (appending, creating, or @ editing wiki or tickets or adding attachments to wiki or tickets) @ for users who are not logged in. (Property: "require-captcha")</p> |
︙ | ︙ |
Changes to src/sitemap.c.
︙ | ︙ | |||
72 73 74 75 76 77 78 | login_check_credentials(); if( P("popup")!=0 ){ /* The "popup" query parameter ** then disable anti-robot defenses */ isPopup = 1; g.perm.Hyperlink = 1; | | | 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 | login_check_credentials(); if( P("popup")!=0 ){ /* The "popup" query parameter ** then disable anti-robot defenses */ isPopup = 1; g.perm.Hyperlink = 1; g.jsHref = 0; } srchFlags = search_restrict(SRCH_ALL); if( !isPopup ){ style_header("Site Map"); style_adunit_config(ADUNIT_RIGHT_OK); } |
︙ | ︙ | |||
310 311 312 313 314 315 316 | login_check_credentials(); style_set_current_feature("sitemap"); if( P("popup")!=0 && cgi_csrf_safe(0) ){ /* If this is a POST from the same origin with the popup=1 parameter, ** then disable anti-robot defenses */ isPopup = 1; g.perm.Hyperlink = 1; | | | 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 | login_check_credentials(); style_set_current_feature("sitemap"); if( P("popup")!=0 && cgi_csrf_safe(0) ){ /* If this is a POST from the same origin with the popup=1 parameter, ** then disable anti-robot defenses */ isPopup = 1; g.perm.Hyperlink = 1; g.jsHref = 0; } if( !isPopup ){ style_header("Test Page Map"); style_adunit_config(ADUNIT_RIGHT_OK); } @ <ul id="sitemap" class="columns" style="column-width:20em"> if( g.perm.Admin || db_get_boolean("test_env_enable",0) ){ |
︙ | ︙ | |||
362 363 364 365 366 367 368 | login_check_credentials(); style_set_current_feature("sitemap"); if( P("popup")!=0 && cgi_csrf_safe(0) ){ /* If this is a POST from the same origin with the popup=1 parameter, ** then disable anti-robot defenses */ isPopup = 1; g.perm.Hyperlink = 1; | | | 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 | login_check_credentials(); style_set_current_feature("sitemap"); if( P("popup")!=0 && cgi_csrf_safe(0) ){ /* If this is a POST from the same origin with the popup=1 parameter, ** then disable anti-robot defenses */ isPopup = 1; g.perm.Hyperlink = 1; g.jsHref = 0; } if( !isPopup ){ style_header("Timeline Examples"); style_adunit_config(ADUNIT_RIGHT_OK); } @ <ul id="sitemap" class="columns" style="column-width:20em"> @ <li>%z(href("%R/timeline?ymd"))Current day</a></li> |
︙ | ︙ |
Changes to src/style.c.
︙ | ︙ | |||
104 105 106 107 108 109 110 | /* ** Generate and return a anchor tag like this: ** ** <a href="URL"> ** or <a id="ID"> ** | | | | | | | | | | | | | 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 | /* ** Generate and return a anchor tag like this: ** ** <a href="URL"> ** or <a id="ID"> ** ** The form of the anchor tag is determined by the g.jsHref ** and g.perm.Hyperlink variables. ** ** g.perm.Hyperlink g.jsHref Returned anchor format ** ---------------- -------- ------------------------ ** 0 0 (empty string) ** 0 1 (empty string) ** 1 0 <a href="URL"> ** 1 1 <a data-href="URL"> ** ** No anchor tag is generated if g.perm.Hyperlink is false. ** The href="URL" form is used if g.jsHref is false. ** If g.jsHref is true then the data-href="URL" and ** href="/honeypot" is generated and javascript is added to the footer ** to cause data-href values to be inserted into href ** after the page has loaded. The use of the data-href="URL" form ** instead of href="URL" is a defense against bots. ** ** If the user lacks the Hyperlink (h) property and the "auto-hyperlink" ** setting is true, then g.perm.Hyperlink is changed from 0 to 1 and ** g.jsHref is set to 1 by login_check_credentials(). Thus ** the g.perm.Hyperlink property will be true even if the user does not ** have the "h" privilege if the "auto-hyperlink" setting is true. ** ** User has "h" auto-hyperlink g.perm.Hyperlink g.jsHref ** ------------ -------------- ---------------- --------------------- ** 0 0 0 0 ** 1 0 1 0 ** 0 1 1 1 ** 1 1 1 0 ** ** So, in other words, tracing input configuration to final actions we have: |
︙ | ︙ | |||
171 172 173 174 175 176 177 | char *xhref(const char *zExtra, const char *zFormat, ...){ char *zUrl; va_list ap; if( !g.perm.Hyperlink ) return fossil_strdup(""); va_start(ap, zFormat); zUrl = vmprintf(zFormat, ap); va_end(ap); | | | 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 | char *xhref(const char *zExtra, const char *zFormat, ...){ char *zUrl; va_list ap; if( !g.perm.Hyperlink ) return fossil_strdup(""); va_start(ap, zFormat); zUrl = vmprintf(zFormat, ap); va_end(ap); if( !g.jsHref ){ char *zHUrl; if( zExtra ){ zHUrl = mprintf("<a %s href=\"%h\">", zExtra, zUrl); }else{ zHUrl = mprintf("<a href=\"%h\">", zUrl); } fossil_free(zUrl); |
︙ | ︙ | |||
196 197 198 199 200 201 202 | char *chref(const char *zExtra, const char *zFormat, ...){ char *zUrl; va_list ap; if( !g.perm.Hyperlink ) return fossil_strdup(""); va_start(ap, zFormat); zUrl = vmprintf(zFormat, ap); va_end(ap); | | | | | | | | | | | 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 | char *chref(const char *zExtra, const char *zFormat, ...){ char *zUrl; va_list ap; if( !g.perm.Hyperlink ) return fossil_strdup(""); va_start(ap, zFormat); zUrl = vmprintf(zFormat, ap); va_end(ap); if( !g.jsHref ){ char *zHUrl = mprintf("<a class=\"%s\" href=\"%h\">", zExtra, zUrl); fossil_free(zUrl); return zHUrl; } needHrefJs = 1; return mprintf("<a class='%s' data-href='%z' href='%R/honeypot'>", zExtra, zUrl); } char *href(const char *zFormat, ...){ char *zUrl; va_list ap; if( !g.perm.Hyperlink ) return fossil_strdup(""); va_start(ap, zFormat); zUrl = vmprintf(zFormat, ap); va_end(ap); if( !g.jsHref ){ char *zHUrl = mprintf("<a href=\"%h\">", zUrl); fossil_free(zUrl); return zHUrl; } needHrefJs = 1; return mprintf("<a data-href='%s' href='%R/honeypot'>", zUrl); } /* ** Generate <form method="post" action=ARG>. The ARG value is determined ** by the arguments. ** ** As a defense against robots, the action=ARG might instead by data-action=ARG ** and javascript (href.js) added to the page so that the data-action= is ** changed into action= after the page loads. Whether or not this happens ** depends on if the user has the "h" privilege and whether or not the ** auto-hyperlink setting is on. These setings determine the values of ** variables g.perm.Hyperlink and g.jsHref. ** ** User has "h" auto-hyperlink g.perm.Hyperlink g.jsHref ** ------------ -------------- ---------------- -------- ** 1: 0 0 0 0 ** 2: 1 0 1 0 ** 3: 0 1 1 1 ** 4: 1 1 1 0 ** ** The data-action=ARG form is used for cases 1 and 3. In case 1, the href.js ** javascript is omitted and so the form is effectively disabled. */ void form_begin(const char *zOtherArgs, const char *zAction, ...){ char *zLink; va_list ap; |
︙ | ︙ | |||
1386 1387 1388 1389 1390 1391 1392 | @ g.zBaseURL = %h(g.zBaseURL)<br /> @ g.zHttpsURL = %h(g.zHttpsURL)<br /> @ g.zTop = %h(g.zTop)<br /> @ g.zPath = %h(g.zPath)<br /> @ g.userUid = %d(g.userUid)<br /> @ g.zLogin = %h(g.zLogin)<br /> @ g.isHuman = %d(g.isHuman)<br /> | | | 1386 1387 1388 1389 1390 1391 1392 1393 1394 1395 1396 1397 1398 1399 1400 | @ g.zBaseURL = %h(g.zBaseURL)<br /> @ g.zHttpsURL = %h(g.zHttpsURL)<br /> @ g.zTop = %h(g.zTop)<br /> @ g.zPath = %h(g.zPath)<br /> @ g.userUid = %d(g.userUid)<br /> @ g.zLogin = %h(g.zLogin)<br /> @ g.isHuman = %d(g.isHuman)<br /> @ g.jsHref = %d(g.jsHref)<br /> if( g.nRequest ){ @ g.nRequest = %d(g.nRequest)<br /> } if( g.nPendingRequest>1 ){ @ g.nPendingRequest = %d(g.nPendingRequest)<br /> } @ capabilities = %s(find_capabilities(zCap))<br /> |
︙ | ︙ |