Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
50 most recent check-ins
|
2025-04-20
| ||
| 16:54 | Add "taint mode" to TH1. Attempts to output values that are derived from user input as unescaped HTML, or to use such values unescaped in SQL, raises errors. The resolution of these errors depends on the value of the new "vuln-report" setting. ... (Leaf check-in: 2116238e80 user: drh tags: trunk) | |
| 16:13 | New setting "vuln-report" determines what to do when tainted text is misused in a TH1 script. Enhance the /test-warning page to deliberately misuse tainted text in TH1 to verify error handling. Enhance /errorlog to separate out TH1 vulnerability reports as a new category the the error log. ... (Closed-Leaf check-in: 295b814a27 user: drh tags: th1-taint) | |
|
2025-04-19
| ||
| 23:32 | Fix more issues that were already fixed but overwritten by text editor errors and didn't get committed last time. ... (check-in: bd45dc72dd user: drh tags: th1-taint) | |
| 23:24 | More minor fixes resulting from a code audit. ... (check-in: b1711046d9 user: drh tags: th1-taint) | |
| 23:02 | Fix additional problems on the new TH1 implementation. ... (check-in: 2c2b6c68b2 user: drh tags: th1-taint) | |
| 22:30 | Fix an error that occurs while commiting a new ticket. ... (check-in: 17060ca29a user: drh tags: th1-taint) | |
| 22:15 | fix tainted warning in skin headers ... (check-in: de407148e9 user: jkosche tags: th1-taint) | |
| 19:18 | Update the default ticket configuration to avoid sending out text that seems tainted. There are no actual XSS issues here, but these changes do add an extra margin of safety. ... (check-in: 5d17ced68d user: drh tags: th1-taint) | |
| 19:08 | Mark some TH1 inputs that can be controlled by the user as tainted. ... (check-in: 2742682720 user: drh tags: th1-taint) | |
| 18:43 | The taint markings and detection now appears to be working. ... (check-in: d1bb87bcfd user: drh tags: th1-taint) | |
| 16:55 | Experimental changes to TH1 to try to make it resistant to coding errors that could lead to XSS or SQL injection attacks. ... (check-in: b0b4492480 user: drh tags: th1-taint) | |
| 04:20 | Fix a logic error in processing of the FOSSIL_COLOR environment variable. ... (Leaf check-in: 6cb7a7e28d user: florian tags: standard-cli-colors) | |
|
2025-04-18
| ||
| 16:12 | fix bug in /tktview: use relative instead of absolute link for version ... (check-in: f1db9ead1d user: jkosche tags: trunk) | |
| 15:32 | Use db_get_boolean() instead of db_get_int() for the localauth setting, since localauth is a boolean value. ... (check-in: 00638d9a83 user: drh tags: trunk) | |
| 14:59 | Improved error messages from "fossil push" and similar when the push is disallowed over ssh because "localauth" setting is enabled. ... (check-in: 2765f04694 user: drh tags: trunk) | |
| 12:28 | Resolve accidental fork. ... (check-in: b6e029394d user: florian tags: trunk) | |
| 12:25 | Amend [a11d245478]: Fix positioning of 'show/hide' checkboxes for /ci pages. ... (check-in: 2b59fcd475 user: florian tags: trunk) | |
| 12:23 | Rework the cgi_http_server() routine so that it uses two separate sockets, one each for IPv4 and IPv6. ... (check-in: 945e0ae4eb user: drh tags: trunk) | |
| 12:18 | Modify some links that show/ignore diff whitespace to preserve the diff type. ... (check-in: 1c61fcd9d6 user: florian tags: trunk) | |
| 07:20 | Remove documentation of the --highlight option for the search command. The option was broken, anyway, and is now superseded by the global --color option and the FOSSIL_COLOR environment variable. ... (check-in: 5331dfed41 user: florian tags: standard-cli-colors) | |
| 07:19 | Add support for the FOSSIL_COLOR environment variable to define the color VT escape to highlight CLI text, also similar to `ls', `grep' and other utilities. ... (check-in: 50e0931bc7 user: florian tags: standard-cli-colors) | |
| 07:16 | Add the global --color option to control output of color VT escapes to CLI, similar to `ls', `grep' and other utilities. Useful when piping `fossil search' results through a pager utility. ... (check-in: 210b7d2fe0 user: florian tags: standard-cli-colors) | |
| 07:08 | Amend [2b6ad00ea3]: Minor wording improvements to `fossil ssl-config show -v' output. ... (check-in: a9b075af83 user: florian tags: trunk) | |
| 00:00 | Show the FORUMPOST table content associated with a forum thread on the /forumthreadhashlist page (accessible by admins only). ... (check-in: 042a750aa6 user: drh tags: trunk) | |
|
2025-04-17
| ||
| 23:17 | Defend against a possible infinite loop in forumpost_is_closed() that might occur if the forumpost table contains goofy data. ... (check-in: 923aa75345 user: drh tags: trunk) | |
| 20:04 | Add documentation for the FOSSIL_REPOLIST_SHOW environment variable. ... (check-in: fbd77310b6 user: drh tags: trunk) | |
| 19:52 | For the repolist page, if the environment variable FOSSIL_REPOLIST_SHOW contains the substring "description" then show the description column. If it contains the substring "login-group" then show the login-groups column. If the FOSSIL_REPOLIST_SHOW variable exists, it overwrites the show-repolist-desc and show-repolist-lg settings. ... (check-in: aca98b92e2 user: drh tags: trunk) | |
| 18:17 | Attempt to fix repolist so that it works even if the global configuration database is not available, for example when Fossil is being run inside a chroot jail with a restricted environment. ... (check-in: e761c1d6f7 user: drh tags: trunk) | |
| 15:08 | Rework server sockets to work around limitations in OpenBSD's socket implementation. See [forum:/forumpost/7f8d2afe4d8c0ad5|forum thread 7f8d2afe4d8c0ad5]. ... (check-in: 8dd05c52f5 user: drh tags: trunk) | |
| 13:43 | Extend support for the --editor option to "fossil stash save" and "fossil stash snapshot". ... (check-in: b9f569b2c9 user: drh tags: trunk) | |
| 11:00 | different improvements to the ticket system as described in [forum:/forumpost/4756d97a64|forum post 4756d97a64] ... (check-in: fab9f00477 user: jkosche tags: trunk) | |
|
2025-04-16
| ||
| 16:47 | Fix "fossil ui" so that it listens to both 127.0.0.1 and to [::1]. [forum:/forumpost/7f8d2afe4d|Forum post 7f8d2afe4d]. ... (check-in: 264250d670 user: drh tags: trunk) | |
| 16:22 | Add the --editor option to "fossil commit" and "fossil uv edit". ... (check-in: 7675987551 user: drh tags: trunk) | |
| 14:56 | Make the systemd unit files a little easier to read in the www/server/debian/service.md document. ... (check-in: c2b56250c0 user: drh tags: trunk) | |
| 14:31 | Fix [0eeaa6224cdbdbda] so that it compiles on Windows. [forum:/forumpost/3fc7aad2a3|Forum post 3fc7aad2a3]. ... (check-in: ccb4168616 user: drh tags: trunk) | |
| 12:02 | Update the built-in SQLite to the latest trunk version, for testing. ... (check-in: d14a7803d7 user: drh tags: trunk) | |
| 11:40 | Add the test/fake-smtpd.tcl script used for testing. It will likely come in handy someday. See header comments on the file for details. ... (check-in: f031f744f0 user: drh tags: trunk) | |
| 10:20 | Enhance the socket listener logic on unix so that it makes sure the IPV6_V6ONLY socket option is disabled, as we are told that this option is enabled by default on FreeBSD. ... (check-in: 0eeaa6224c user: drh tags: trunk) | |
| 00:58 | Break out SMTP faults as a separate category on the Error Log. ... (check-in: 2d3ace5a9f user: drh tags: trunk) | |
| 00:48 | Automatic retry on an SMTP relay failure. ... (check-in: 2b96941c4c user: drh tags: trunk) | |
|
2025-04-15
| ||
| 23:34 | Attempt to provide improved error message outputs for failures while trying to send notification via relay to an MTA. ... (check-in: e6c27d3dab user: drh tags: trunk) | |
| 15:56 | Two new settings "show-repolist-desc" and "show-repolist-lg" control whether or not the description and the login-group are shown on the repolist, respectively. These settings must be global to be effective. They default to "off". ... (check-in: 1760fa2bf4 user: drh tags: trunk) | |
| 14:54 | For the "fossil ui remote:/" command, consistently use hardcoded IPv4 loopback addresses, to avoid inconsistent implementations of "localhost". Fix a bug in the error message output for the -P option. ... (check-in: af78e282bb user: drh tags: trunk) | |
| 14:37 | Fix possible array-bounds overflow in the timeline graph computation. ... (check-in: 202d3ea2b5 user: drh tags: trunk) | |
| 14:13 | Fix the -P option on "fossil server" so that it once again accepts IPv4 notation while continuing to accept IPv6 notation. [forum:/forumpost/fe4abea393|Forum post fe4abea393]. ... (check-in: 77250c94b0 user: drh tags: trunk) | |
| 11:58 | Rename the "Artifact Log" to the "Xfer Log" which (I think) better reflects it meaning and purpose. ... (check-in: c6754849bb user: drh tags: trunk) | |
| 10:22 | Slightly simplify the previous checkin. ... (check-in: 6a9c71f391 user: stephan tags: trunk) | |
| 10:15 | A proposed solution to the problem of /setup_ulist fails for repos with no subscriber table. Reported in [forum:e2b0008592f6a776|forum post e2b0008592f6a776]. ... (check-in: e50a5aac37 user: stephan tags: trunk) | |
| 01:48 | doc change: add a link to the regexp syntax from the TH1 regexp command ... (check-in: b8351f0cbf user: jkosche tags: trunk) | |
|
2025-04-14
| ||
| 16:53 | Disable the Windows root certificate store on OpenSSL 3.5.0, due to [https://github.com/openssl/openssl/issues/27355|OpenSSL bug #27355]. ... (check-in: 2b6ad00ea3 user: drh tags: trunk) | |