f22dbc842a873deddcd0118623f90babc81990c8
galt
  Mon Mar 10 12:15:16 2014 -0700
Adding bottleneck delay call to cartDump to discourage hackers from abusing cartDump to snoop on carts.
diff --git src/hg/cartDump/cartDump.c src/hg/cartDump/cartDump.c
index 2fabc88..6e57241 100644
--- src/hg/cartDump/cartDump.c
+++ src/hg/cartDump/cartDump.c
@@ -1,39 +1,43 @@
 /* cartDump - Dump contents of cart. */
 #include "common.h"
 #include "linefile.h"
 #include "hash.h"
 #include "cheapcgi.h"
 #include "cart.h"
 #include "hdb.h"
 #include "jsHelper.h"
 #include "hui.h"
+#include "botDelay.h"
 
 
 #define CART_DUMP_REMOVE_VAR "n/a"
 struct hash *oldVars = NULL;
 
 void doMiddle(struct cart *cart)
 /* cartDump - Dump contents of cart. */
 {
 #define MATCH_VAR  "match"
 
 char *vName = "cartDump.varName";
 char *vVal = "cartDump.newValue";
 char *wildcard;
 boolean asTable = cartVarExists(cart,CART_DUMP_AS_TABLE);
 
+// To discourage hacking, call bottleneck
+hgBotDelay();
+
 if (cgiVarExists("submit"))
     {
     char *varName = cgiOptionalString(vName);
     char *newValue = cgiOptionalString(vVal);
     if (isNotEmpty(varName) && isNotEmpty(newValue))
         {
 	varName = skipLeadingSpaces(varName);
 	eraseTrailingSpaces(varName);
         if (sameString(newValue, CART_DUMP_REMOVE_VAR) || sameString(newValue, CART_VAR_EMPTY))
 	    cartRemove(cart, varName);
 	else
 	    cartSetString(cart, varName, newValue);
 	}
     cartRemove(cart, vVal);
     cartRemove(cart, "submit");