[interchange-cvs] [SCM] Interchange branch, master, updated. REL_5_7_2-38-g3483c64
David Christensen
interchange-cvs at icdevgroup.org
Thu Nov 5 19:16:05 UTC 2009
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "Interchange".
The branch, master has been updated
via 3483c648b653c255587b2778484590465f2afe62 (commit)
via 1d64590c72dba7360cec890dbf79e741bdc5c50a (commit)
from 42377c51c4a1ed925a528d0f32d1838e342c8ada (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 3483c648b653c255587b2778484590465f2afe62
Author: David Christensen <david at endpoint.com>
Date: Wed Oct 7 12:24:52 2009 -0500
Add BounceRobotSessionURL directive
Add BounceRobotSessionURL directive to 301 redirect robots which
provide an explicit mv_session_id to the canonical page URL without
the explicit mv_session_id. This prevents search engine urls from
being indexed with an explicit session_id.
This also excludes mv_tmp_session from redirect URLs when the
BounceReferrals path is taken
commit 1d64590c72dba7360cec890dbf79e741bdc5c50a
Author: David Christensen <david at endpoint.com>
Date: Wed Oct 7 14:45:52 2009 -0500
Add new $Vend::Robot variable to track when we're dealing with an actual RobotUA
This allows distinguishing between CGI-provided mv_tmp_session and
actual robot usage, which just happens to set mv_tmp_session as a
consequence.
-----------------------------------------------------------------------
Summary of changes and diff:
WHATSNEW-5.7 | 5 +++++
lib/Vend/Config.pm | 4 +++-
lib/Vend/Dispatch.pm | 12 ++++++++++--
lib/Vend/Server.pm | 10 ++++++----
4 files changed, 24 insertions(+), 7 deletions(-)
diff --git a/WHATSNEW-5.7 b/WHATSNEW-5.7
index 8277e8b..c2fa644 100644
--- a/WHATSNEW-5.7
+++ b/WHATSNEW-5.7
@@ -79,6 +79,11 @@ Interchange 5.7.2 released 2009-09-17.
Core
----
+* Add BounceRobotSessionURL directive to 301 redirect robots which
+ provide an explicit mv_session_id to the canonical page URL without
+ the explicit mv_session_id. This prevents search engine urls from
+ being indexed with an explicit session_id.
+
* Close remote disclosure security vulnerability, and added new configuration
option AllowRemoteSearch to selectively re-enable remote searches on "safe"
tables. Defaults to products, variants and options.
diff --git a/lib/Vend/Config.pm b/lib/Vend/Config.pm
index 1468211..d7c0e6b 100644
--- a/lib/Vend/Config.pm
+++ b/lib/Vend/Config.pm
@@ -713,6 +713,7 @@ sub catalog_directives {
['UserTrack', 'yesno', 'no'],
['DebugHost', 'ip_address_regexp', ''],
['BounceReferrals', 'yesno', 'no'],
+ ['BounceRobotSessionURL', 'yesno', 'no'],
['OrderCleanup', 'routine_array', ''],
['SessionCookieSecure', 'yesno', 'no'],
['SessionHashLength', 'integer', 1],
@@ -1347,7 +1348,8 @@ CONFIGLOOP:
# Set up hash of keys to hide for BounceReferrals
$C->{BounceReferrals_hide} = { map { ($_, 1) } grep { !(/^cookie-/ or /^session(?:$|-)/) } @{$C->{SourcePriority}} };
- @{$C->{BounceReferrals_hide}}{qw(mv_form_charset mv_session_id)} = (1) x 2;
+ my @exclude = qw( mv_form_charset mv_session_id mv_tmp_session );
+ @{$C->{BounceReferrals_hide}}{@exclude} = (1) x @exclude;
finalize_mapped_code();
diff --git a/lib/Vend/Dispatch.pm b/lib/Vend/Dispatch.pm
index 243539a..5cd8375 100644
--- a/lib/Vend/Dispatch.pm
+++ b/lib/Vend/Dispatch.pm
@@ -1244,6 +1244,9 @@ sub dispatch {
$sessionid = $CGI::values{mv_session_id} || undef
and $sessionid =~ s/\0.*//s;
+ # save for robot check with explicit session id
+ my $sessionid_from_cgi = $sessionid;
+
$::Instance->{CookieName} = $Vend::Cfg->{CookieName};
if($CGI::values{mv_tmp_session}) {
@@ -1551,13 +1554,18 @@ EOF
);
}
- if ($new_source and $CGI::request_method eq 'GET' and $Vend::Cfg->{BounceReferrals}) {
+ if (
+ ($new_source
+ and $CGI::request_method eq 'GET'
+ and $Vend::Cfg->{BounceReferrals}) or
+ ($Vend::Robot and $sessionid_from_cgi and $Vend::Cfg->{BounceRobotSessionURL})
+ ) {
my $path = $CGI::path_info;
$path =~ s:^/::;
my $form =
join '',
map { "$_=$CGI::values{$_}\n" }
- grep { !$Vend::Cfg->{BounceReferrals_hide}->{$_} }
+ grep { !$Vend::Cfg->{BounceReferrals_hide}->{$_} }
sort keys %CGI::values;
my $url = vendUrl($path eq '' ? $Vend::Cfg->{DirectoryIndex} : $path, undef, undef, { form => $form, match_security => 1 });
my $msg = get_locale_message(
diff --git a/lib/Vend/Server.pm b/lib/Vend/Server.pm
index 888cff6..878b092 100644
--- a/lib/Vend/Server.pm
+++ b/lib/Vend/Server.pm
@@ -288,7 +288,7 @@ EOF
#::logDebug("Check robot UA=$Global::RobotUA IP=$Global::RobotIP");
if ($Global::RobotIP and $CGI::remote_addr =~ $Global::RobotIP) {
#::logDebug("It is a robot by IP!");
- $CGI::values{mv_tmp_session} = 1;
+ $Vend::Robot = 1;
}
elsif ($Global::HostnameLookups && $Global::RobotHost) {
if (!$CGI::remote_host && $CGI::remote_addr) {
@@ -297,18 +297,20 @@ EOF
}
if ($CGI::remote_host && $CGI::remote_host =~ $Global::RobotHost) {
#::logDebug("It is a robot by host!");
- $CGI::values{mv_tmp_session} = 1;
+ $Vend::Robot = 1;
}
}
- unless ($CGI::values{mv_tmp_session}) {
+ unless ($Vend::Robot) {
if ($Global::NotRobotUA and $CGI::useragent =~ $Global::NotRobotUA) {
# do nothing
}
elsif ($Global::RobotUA and $CGI::useragent =~ $Global::RobotUA) {
#::logDebug("It is a robot by UA!");
- $CGI::values{mv_tmp_session} = 1;
+ $Vend::Robot = 1;
}
}
+
+ $CGI::values{mv_tmp_session} = 1 if $Vend::Robot;
}
# This is called by parse_multipart
hooks/post-receive
--
Interchange
More information about the interchange-cvs
mailing list