From: Fabian Keil Date: Sat, 1 Mar 2008 14:00:47 +0000 (+0000) Subject: Let the block action take the reason for the block X-Git-Tag: v_3_0_9~222 X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=commitdiff_plain;h=6201d6d332ba8b69a49a7798b27cf9af7ac330ed Let the block action take the reason for the block as argument and show it on the "blocked" page. --- diff --git a/ChangeLog b/ChangeLog index 5c89b084..10275f88 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,6 +4,8 @@ ChangeLog for Privoxy *** Since 3.0.8 *** - Added SOCKS5 support. Patch provided by Eric M. Hopper. +- The "blocked" CGI pages include a block reason that was + provided as argument to the last-applying block action. - If enable-edit-actions is disabled (the default since 3.0.7 beta) the show-status page hides the edit buttons and explains why. Previously the user would get the "this feature has been disabled" diff --git a/actionlist.h b/actionlist.h index 16721fe5..929b73d0 100644 --- a/actionlist.h +++ b/actionlist.h @@ -12,7 +12,7 @@ * DEFINE_ACTION_BOOL() * DEFINE_ACTION_ALIAS * - * Copyright : Written by and Copyright (C) 2001 the SourceForge + * Copyright : Written by and Copyright (C) 2001-2008 the SourceForge * Privoxy team. http://www.privoxy.org/ * * Based on the Internet Junkbuster originally written @@ -39,6 +39,10 @@ * * Revisions : * $Log: actionlist.h,v $ + * Revision 1.28 2007/12/11 21:08:29 fabiankeil + * Let the CGI editor suggest a forward-override + * parameter whose syntax is actually valid. + * * Revision 1.27 2007/11/10 15:04:08 fabiankeil * Tell the CGI editor about +hide-referrer{conditional-forge}. * @@ -166,7 +170,8 @@ #endif /* ndef DEFINE_CGI_PARAM_RADIO */ DEFINE_ACTION_MULTI ("add-header", ACTION_MULTI_ADD_HEADER) -DEFINE_ACTION_BOOL ("block", ACTION_BLOCK) +DEFINE_ACTION_STRING ("block", ACTION_BLOCK, ACTION_STRING_BLOCK) +DEFINE_CGI_PARAM_NO_RADIO("block", ACTION_BLOCK, ACTION_STRING_BLOCK, "No reason specified.") DEFINE_ACTION_MULTI ("client-header-filter", ACTION_MULTI_CLIENT_HEADER_FILTER) DEFINE_ACTION_MULTI ("client-header-tagger", ACTION_MULTI_CLIENT_HEADER_TAGGER) DEFINE_ACTION_STRING ("content-type-overwrite", ACTION_CONTENT_TYPE_OVERWRITE, ACTION_STRING_CONTENT_TYPE) diff --git a/actions.c b/actions.c index d530b4e8..d5c02c48 100644 --- a/actions.c +++ b/actions.c @@ -1,4 +1,4 @@ -const char actions_rcs[] = "$Id: actions.c,v 1.41 2008/01/28 20:17:40 fabiankeil Exp $"; +const char actions_rcs[] = "$Id: actions.c,v 1.42 2008/02/09 15:15:38 fabiankeil Exp $"; /********************************************************************* * * File : $Source: /cvsroot/ijbswa/current/actions.c,v $ @@ -6,7 +6,7 @@ const char actions_rcs[] = "$Id: actions.c,v 1.41 2008/01/28 20:17:40 fabiankeil * Purpose : Declares functions to work with actions files * Functions declared include: FIXME * - * Copyright : Written by and Copyright (C) 2001-2007 the SourceForge + * Copyright : Written by and Copyright (C) 2001-2008 the SourceForge * Privoxy team. http://www.privoxy.org/ * * Based on the Internet Junkbuster originally written @@ -33,6 +33,11 @@ const char actions_rcs[] = "$Id: actions.c,v 1.41 2008/01/28 20:17:40 fabiankeil * * Revisions : * $Log: actions.c,v $ + * Revision 1.42 2008/02/09 15:15:38 fabiankeil + * List active and inactive actions in the show-url-info's + * "Final results" section separately. Patch submitted by Lee + * in #1830056, modified to list active actions first. + * * Revision 1.41 2008/01/28 20:17:40 fabiankeil * - Mark some parameters as immutable. * - Hide update_action_bits_for_all_tags() while it's unused. @@ -664,7 +669,25 @@ jb_err get_actions(char *line, if ((value == NULL) || (*value == '\0')) { - return JB_ERR_PARSE; + if (0 != strcmpic(action->name, "block")) + { + /* + * XXX: Temporary backwards compatibility hack. + */ + static int complaint_shown = 0; + value = "No reason specified."; + if (!complaint_shown) + { + log_error(LOG_LEVEL_ERROR, "At least one block " + "without reason found. This may become a fatal " + "error in future versions."); + complaint_shown = 1; + } + } + else + { + return JB_ERR_PARSE; + } } /* FIXME: should validate option string here */ freez (cur_action->string[action->index]); diff --git a/default.action.master b/default.action.master index cae8960f..eee1e81b 100644 --- a/default.action.master +++ b/default.action.master @@ -9,9 +9,9 @@ # # File : $Source: /cvsroot/ijbswa/current/default.action.master,v $ # -# $Id: default.action.master,v 1.111 2008/02/09 20:34:31 fabiankeil Exp $ +# $Id: default.action.master,v 1.112 2008/02/19 18:52:02 fabiankeil Exp $ # -# Requires : This version requires Privoxy v3.0.7 or later due to +# Requires : This version requires Privoxy v3.0.9 or later due to # syntax changes. # # Purpose : Default actions file, see @@ -19,7 +19,7 @@ # This file is subject to periodic updating. Local exceptions # and enhancements are better placed in user.action. # -# Copyright : Written by and Copyright (C) 2001 - 2007 the +# Copyright : Written by and Copyright (C) 2001-2008 the # Privoxy team. http://www.privoxy.org/ # # Note: Updated versions of this file will be made available from time @@ -168,7 +168,7 @@ # # There are 3 kinds of actions: # -# Boolean (e.g. "block"): +# Boolean (e.g. "handle-as-image"): # +name # enable # -name # disable # @@ -198,9 +198,9 @@ # Adds the specified HTTP header, which is not checked for validity. # You may specify this many times to specify many headers. # -# +block -# Block this URL. Privoxy will ignore this URL completely, and not request -# it. +# +block{reason} +# Block this URL. Instead of forwarding the request, Privoxy will +# send a "block" page containing the specified reason. # # +client-header-filter{name} # All client headers to which this action applies are filtered on-the-fly @@ -211,7 +211,7 @@ # hide-tor-exit-notation: Removes the Tor exit node notation in Host and Referer headers # # +client-header-tagger{string} -# Block requests based on their headers. Client headers to which this +# Tag requests based on their headers. Client headers to which this # action applies are filtered on-the-fly through the specified regular # expression based substitutions, the result is used as a tag. # Client-header taggers are the first actions that are executed and their @@ -510,7 +510,7 @@ {{settings}} ############################################################################# #MASTER# COMMENT: The minimum Privoxy version: -for-privoxy-version=3.0.7 +for-privoxy-version=3.0.9 ############################################################################# # Aliases @@ -541,7 +541,7 @@ for-privoxy-version=3.0.7 -crunch-all-cookies = -crunch-incoming-cookies -crunch-outgoing-cookies allow-all-cookies = -crunch-all-cookies -session-cookies-only allow-popups = -filter{all-popups} -kill-popups -filter{unsolicited-popups} -+block-as-image = +block +handle-as-image ++block-as-image = +block{Blocked image request.} +handle-as-image -block-as-image = -block # These aliases define combinations of actions @@ -585,7 +585,7 @@ allow-ads = -block -filter{banners-by-size} -filter{banners-by-link} ############################################################################# # Generic block patterns by host: ############################################################################# -{+block} +{+block{Host matches generic block pattern.}} #MASTER# DONT-VERIFY (generic) ad*. .*ads. @@ -632,7 +632,7 @@ countr*. ############################################################################# # Generic block patterns by path: ############################################################################# -{+block} +{+block{Path matches generic block pattern.}} #MASTER# DONT-VERIFY (generic) /(.*/)?ad(\?|/|s|v|_?(image|se?rv|box)|cycle|rotate|mentor|click|f[ra]m|script|stream|fetch|log|space) /phpads(new)?/ @@ -672,7 +672,7 @@ support./(.*/)?track ############################################################################# # Catch-all for false-positives that are just TOO obvious to let go ############################################################################# -{+block} +{+block{Catch-all block for false-positives.}} #MASTER# PROBLEM URL: http://ads.facebook.com/ads/spreadshirt/banner120x600.jpg #MASTER# REMARKS: Going for adsrv, adserve, adserver*. .ads[erv][rv]*. @@ -686,6 +686,7 @@ support./(.*/)?track ############################################################################# # Site-specific block patterns; ############################################################################# +{+block{Site-specific block pattern matches.}} #MASTER# BLOCK-REFERRER: http://www.brooksbrothers.com/ 10/18/06 #MASTER# BLOCK-REFERRER: http://www.autodesk.com/ .hitbox.com @@ -808,7 +809,7 @@ linuxinsider.com/images/sda/ #---------------------------------------------------------------------------- # Misc Web-bugs, JS and just plain Junk. Images here aren't normal images. #---------------------------------------------------------------------------- -{+block +handle-as-empty-document -handle-as-image} +{+block{Might be a web-bug.} +handle-as-empty-document -handle-as-image} #MASTER# REMARKS: signature for user tracking nytimes, cnn.com,latimes.com and many others. 10/06/06 /b/ss/.+ #MASTER# BLOCK-REFERRER: http://www.thesun.co.uk/article/0,,11071-10784,00.html @@ -1858,7 +1859,7 @@ dw.com.com/ .bloglines.com/r\? www.skweezer.net/bloglines -{+block} +{+block{Looks like an anti-leech trigger URL.}} #MASTER# COMMENTS: This section not checked 10/17/06 HB. Still out there? #MASTER# PROBLEM-URL: http://www.anti-leech.com/theft_example.html #MASTER# REMARKS: Lame attempt at banning ad-blockers. Used by other websites as well. diff --git a/filters.c b/filters.c index 5ccd78ea..cfa5b777 100644 --- a/filters.c +++ b/filters.c @@ -1,4 +1,4 @@ -const char filters_rcs[] = "$Id: filters.c,v 1.100 2008/02/23 16:33:43 fabiankeil Exp $"; +const char filters_rcs[] = "$Id: filters.c,v 1.101 2008/02/23 16:57:12 fabiankeil Exp $"; /********************************************************************* * * File : $Source: /cvsroot/ijbswa/current/filters.c,v $ @@ -13,7 +13,7 @@ const char filters_rcs[] = "$Id: filters.c,v 1.100 2008/02/23 16:33:43 fabiankei * `jpeg_inspect_response', `execute_single_pcrs_command', * `rewrite_url', `get_last_url' * - * Copyright : Written by and Copyright (C) 2001, 2004-2007 the SourceForge + * Copyright : Written by and Copyright (C) 2001, 2004-2008 the SourceForge * Privoxy team. http://www.privoxy.org/ * * Based on the Internet Junkbuster originally written @@ -40,6 +40,10 @@ const char filters_rcs[] = "$Id: filters.c,v 1.100 2008/02/23 16:33:43 fabiankei * * Revisions : * $Log: filters.c,v $ + * Revision 1.101 2008/02/23 16:57:12 fabiankeil + * Rename url_actions() to get_url_actions() and let it + * use the standard parameter ordering. + * * Revision 1.100 2008/02/23 16:33:43 fabiankeil * Let forward_url() use the standard parameter ordering * and mark its second parameter immutable. @@ -818,6 +822,28 @@ int acl_addr(const char *aspec, struct access_control_addr *aca) #endif /* def FEATURE_ACL */ +/********************************************************************* + * + * Function : connect_port_is_forbidden + * + * Description : Check to see if CONNECT requests to the destination + * port of this request are forbidden. The check is + * independend of the actual request method. + * + * Parameters : + * 1 : csp = Current client state (buffers, headers, etc...) + * + * Returns : True if yes, false otherwise. + * + *********************************************************************/ +int connect_port_is_forbidden(const struct client_state *csp) +{ + return ((!(csp->action->flags & ACTION_LIMIT_CONNECT) && csp->http->port != 443) + || (csp->action->flags & ACTION_LIMIT_CONNECT && + !match_portlist(csp->action->string[ACTION_STRING_LIMIT_CONNECT], csp->http->port))); +} + + /********************************************************************* * * Function : block_url @@ -1050,7 +1076,20 @@ struct http_response *block_url(struct client_state *csp) if (!err) err = map(exports, "hostport", 1, html_encode(csp->http->hostport), 0); if (!err) err = map(exports, "path", 1, html_encode(csp->http->path), 0); if (!err) err = map(exports, "path-ue", 1, url_encode(csp->http->path), 0); - + if (!err) + { + const char *block_reason; + if (csp->action->string[ACTION_STRING_BLOCK] != NULL) + { + block_reason = csp->action->string[ACTION_STRING_BLOCK]; + } + else + { + assert(connect_port_is_forbidden(csp)); + block_reason = "Forbidden CONNECT port."; + } + err = map(exports, "block-reason", 1, html_encode(block_reason), 0); + } if (err) { free_map(exports); diff --git a/project.h b/project.h index fb067e72..a01b5bfa 100644 --- a/project.h +++ b/project.h @@ -1,7 +1,7 @@ #ifndef PROJECT_H_INCLUDED #define PROJECT_H_INCLUDED /** Version string. */ -#define PROJECT_H_VERSION "$Id: project.h,v 1.101 2007/12/07 18:29:23 fabiankeil Exp $" +#define PROJECT_H_VERSION "$Id: project.h,v 1.102 2008/02/03 13:46:14 fabiankeil Exp $" /********************************************************************* * * File : $Source: /cvsroot/ijbswa/current/project.h,v $ @@ -10,7 +10,7 @@ * project. Does not define any variables or functions * (though it does declare some macros). * - * Copyright : Written by and Copyright (C) 2001 - 2007 the SourceForge + * Copyright : Written by and Copyright (C) 2001-2008 the SourceForge * Privoxy team. http://www.privoxy.org/ * * Based on the Internet Junkbuster originally written @@ -37,6 +37,9 @@ * * Revisions : * $Log: project.h,v $ + * Revision 1.102 2008/02/03 13:46:14 fabiankeil + * Add SOCKS5 support. Patch #1862863 by Eric M. Hopper with minor changes. + * * Revision 1.101 2007/12/07 18:29:23 fabiankeil * Remove now-obsolete csp member x_forwarded. * @@ -1090,8 +1093,10 @@ struct iob #define ACTION_STRING_FAST_REDIRECTS 14 /** Action string index: Overriding forward rule. */ #define ACTION_STRING_FORWARD_OVERRIDE 15 +/** Action string index: Reason for the block. */ +#define ACTION_STRING_BLOCK 16 /** Number of string actions. */ -#define ACTION_STRING_COUNT 16 +#define ACTION_STRING_COUNT 17 /* To make the ugly hack in sed easier to understand */ diff --git a/templates/blocked b/templates/blocked index fdc86d77..3ebc22ee 100644 --- a/templates/blocked +++ b/templates/blocked @@ -146,10 +146,15 @@ { document.write('\

\ - Privoxy blocked @protocol@@hostport@@path@. \ -
See why \ + Request blocked by Privoxy: @block-reason@ \ +
See why this block applies \ \ - or go there anyway. \ + or go \ + \ + to @protocol@@hostport@@path@ \ + \ + anyway. \ \

\ '); @@ -189,8 +194,10 @@ \

Request for blocked URL

\

Your request for @protocol@@hostport@@path@ was blocked. \ -
See why \ - \ +
Block reason: @block-reason@ \ +
See why this block applies \ + \ or go there anyway. \ \

\ @@ -263,10 +270,15 @@ diff --git a/templates/edit-actions-for-url b/templates/edit-actions-for-url index 6e5e55db..145ad50c 100644 --- a/templates/edit-actions-for-url +++ b/templates/edit-actions-for-url @@ -6,7 +6,7 @@ # particular section in an actions file. # # -# Copyright : Written by and Copyright (C) 2001-2007 the SourceForge +# Copyright : Written by and Copyright (C) 2001-2008 the SourceForge # Privoxy team. http://www.privoxy.org/ # # Original Author: Copyright (C) 2001 Jonathan Foster @@ -32,6 +32,9 @@ # # Revisions : # $Log: edit-actions-for-url,v $ +# Revision 1.48 2007/12/11 21:18:55 fabiankeil +# Make forward-override accessible through the CGI editor. +# # Revision 1.47 2007/12/06 18:21:55 fabiankeil # Update hide-forwarded-for-headers description. # @@ -532,6 +535,15 @@ function show_send_wafer_opts(tf) block Block the request. + +   +   +   +   + Block reason to tell the user:
+ + + @client-header-filter-params@ @client-header-tagger-params@