[interchange-cvs] [SCM] Interchange branch, master, updated. REL_5_7_2-38-g3483c64

David Christensen interchange-cvs at icdevgroup.org
Thu Nov 5 19:16:05 UTC 2009 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "Interchange".

The branch, master has been updated
       via  3483c648b653c255587b2778484590465f2afe62 (commit)
       via  1d64590c72dba7360cec890dbf79e741bdc5c50a (commit)
      from  42377c51c4a1ed925a528d0f32d1838e342c8ada (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 3483c648b653c255587b2778484590465f2afe62
Author: David Christensen <david at endpoint.com>
Date:   Wed Oct 7 12:24:52 2009 -0500

    Add BounceRobotSessionURL directive
    
    Add BounceRobotSessionURL directive to 301 redirect robots which
    provide an explicit mv_session_id to the canonical page URL without
    the explicit mv_session_id.  This prevents search engine urls from
    being indexed with an explicit session_id.
    
    This also excludes mv_tmp_session from redirect URLs when the
    BounceReferrals path is taken

commit 1d64590c72dba7360cec890dbf79e741bdc5c50a
Author: David Christensen <david at endpoint.com>
Date:   Wed Oct 7 14:45:52 2009 -0500

    Add new $Vend::Robot variable to track when we're dealing with an actual RobotUA
    
    This allows distinguishing between CGI-provided mv_tmp_session and
    actual robot usage, which just happens to set mv_tmp_session as a
    consequence.

-----------------------------------------------------------------------

Summary of changes and diff:
 WHATSNEW-5.7         |    5 +++++
 lib/Vend/Config.pm   |    4 +++-
 lib/Vend/Dispatch.pm |   12 ++++++++++--
 lib/Vend/Server.pm   |   10 ++++++----
 4 files changed, 24 insertions(+), 7 deletions(-)

diff --git a/WHATSNEW-5.7 b/WHATSNEW-5.7
index 8277e8b..c2fa644 100644
--- a/WHATSNEW-5.7
+++ b/WHATSNEW-5.7
@@ -79,6 +79,11 @@ Interchange 5.7.2 released 2009-09-17.
 Core
 ----
 
+* Add BounceRobotSessionURL directive to 301 redirect robots which
+  provide an explicit mv_session_id to the canonical page URL without
+  the explicit mv_session_id.  This prevents search engine urls from
+  being indexed with an explicit session_id.
+
 * Close remote disclosure security vulnerability, and added new configuration
   option AllowRemoteSearch to selectively re-enable remote searches on "safe"
   tables. Defaults to products, variants and options.
diff --git a/lib/Vend/Config.pm b/lib/Vend/Config.pm
index 1468211..d7c0e6b 100644
--- a/lib/Vend/Config.pm
+++ b/lib/Vend/Config.pm
@@ -713,6 +713,7 @@ sub catalog_directives {
     ['UserTrack',        'yesno',            'no'],
 	['DebugHost',	     'ip_address_regexp',	''],
 	['BounceReferrals',  'yesno',            'no'],
+	['BounceRobotSessionURL',		 'yesno', 'no'],
 	['OrderCleanup',     'routine_array',    ''],
 	['SessionCookieSecure', 'yesno',         'no'],
 	['SessionHashLength', 'integer',         1],
@@ -1347,7 +1348,8 @@ CONFIGLOOP:
 
 	# Set up hash of keys to hide for BounceReferrals
 	$C->{BounceReferrals_hide} = { map { ($_, 1) } grep { !(/^cookie-/ or /^session(?:$|-)/) } @{$C->{SourcePriority}} };
-	@{$C->{BounceReferrals_hide}}{qw(mv_form_charset mv_session_id)} = (1) x 2;
+	my @exclude = qw( mv_form_charset mv_session_id mv_tmp_session );
+	@{$C->{BounceReferrals_hide}}{@exclude} = (1) x @exclude;
 
 	finalize_mapped_code();
 
diff --git a/lib/Vend/Dispatch.pm b/lib/Vend/Dispatch.pm
index 243539a..5cd8375 100644
--- a/lib/Vend/Dispatch.pm
+++ b/lib/Vend/Dispatch.pm
@@ -1244,6 +1244,9 @@ sub dispatch {
 	$sessionid = $CGI::values{mv_session_id} || undef
 		and $sessionid =~ s/\0.*//s;
 
+	# save for robot check with explicit session id
+	my $sessionid_from_cgi = $sessionid;
+
 	$::Instance->{CookieName} = $Vend::Cfg->{CookieName};
 
 	if($CGI::values{mv_tmp_session}) {
@@ -1551,13 +1554,18 @@ EOF
         );
     }
  
-	if ($new_source and $CGI::request_method eq 'GET' and $Vend::Cfg->{BounceReferrals}) {
+	if (
+		($new_source
+		and $CGI::request_method eq 'GET'
+		and $Vend::Cfg->{BounceReferrals}) or
+		($Vend::Robot and $sessionid_from_cgi and $Vend::Cfg->{BounceRobotSessionURL})
+	) {
 		my $path = $CGI::path_info;
 		$path =~ s:^/::;
 		my $form =
 			join '',
 			map { "$_=$CGI::values{$_}\n" }
-		        grep { !$Vend::Cfg->{BounceReferrals_hide}->{$_} }
+			grep { !$Vend::Cfg->{BounceReferrals_hide}->{$_} }
 			sort keys %CGI::values;
 		my $url = vendUrl($path eq '' ? $Vend::Cfg->{DirectoryIndex} : $path, undef, undef, { form => $form, match_security => 1 });
 		my $msg = get_locale_message(
diff --git a/lib/Vend/Server.pm b/lib/Vend/Server.pm
index 888cff6..878b092 100644
--- a/lib/Vend/Server.pm
+++ b/lib/Vend/Server.pm
@@ -288,7 +288,7 @@ EOF
 #::logDebug("Check robot UA=$Global::RobotUA IP=$Global::RobotIP");
 	if ($Global::RobotIP and $CGI::remote_addr =~ $Global::RobotIP) {
 #::logDebug("It is a robot by IP!");
-		$CGI::values{mv_tmp_session} = 1;
+		$Vend::Robot = 1;
 	}
 	elsif ($Global::HostnameLookups && $Global::RobotHost) {
 		if (!$CGI::remote_host && $CGI::remote_addr) {
@@ -297,18 +297,20 @@ EOF
 		}
 		if ($CGI::remote_host && $CGI::remote_host =~ $Global::RobotHost) {
 #::logDebug("It is a robot by host!");
-			$CGI::values{mv_tmp_session} = 1;
+			$Vend::Robot = 1;
 		}
 	}
-	unless ($CGI::values{mv_tmp_session}) { 
+	unless ($Vend::Robot) { 
 		if ($Global::NotRobotUA and $CGI::useragent =~ $Global::NotRobotUA) {
 			# do nothing
 		}
 		elsif ($Global::RobotUA and $CGI::useragent =~ $Global::RobotUA) {
 #::logDebug("It is a robot by UA!");
-			$CGI::values{mv_tmp_session} = 1;
+			$Vend::Robot = 1;
 		}
 	}
+
+	$CGI::values{mv_tmp_session} = 1 if $Vend::Robot;
 }
 
 # This is called by parse_multipart


hooks/post-receive
-- 
Interchange

More information about the interchange-cvs mailing list