Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
70 check-ins using file src/dispatch.c version 490e92b0e2
|
2023-09-19
| ||
| 11:19 | Updates to the change log. check-in: 5afa42e4ec user: drh tags: trunk | |
| 10:42 | Fix a harmless compiler warning in SQLite. This is a direct edit to the imported sqlite3.c file, which will be overwritten the next time we update SQLite. But that's ok since the warning is fixed in the SQLite tree too. check-in: ead5a95b47 user: drh tags: trunk | |
|
2023-09-18
| ||
| 22:27 | Whitespace fix in previous check-in: f8bec8f74c user: wyoung tags: trunk | |
| 22:26 | Removal of the Tcl example in §5.5 of the containers doc left hanging references in the Python example in a few places. check-in: 40e537e94d user: wyoung tags: trunk | |
| 22:10 | Added §5.6 to the containers doc, "Email Alerts," explaining how to get email alerts out by use of the included tools/email-sender.tcl script and the "write mail to DB" feature since the default option (sendmail -ti) won't work by default and it wouldn't be appropriate to make it work besides. This then obviated the earlier half-baked advice on i... check-in: 616a37f4f7 user: wyoung tags: trunk | |
| 20:43 | Merge the CSRF-defense enhancements into trunk. check-in: 920ace1739 user: drh tags: trunk | |
| 17:13 | Omit the SameSite=strict specifier for the login cookie, since that prevents users from clicking a hyperlink on an email notification and then going directly to the relevant page and getting logged in. Closed-Leaf check-in: fc5b49e990 user: drh tags: csrf-defense-enhancement | |
| 15:36 | Set the "SameSite=strict" value on cookies (used for authentication) as a further defense-in-depth against CSRF attacks. check-in: bc643c32f8 user: drh tags: csrf-defense-enhancement | |
| 15:24 | Fix forum-post approval buttons so that they send the CSRF token. check-in: bf9974cf8d user: drh tags: csrf-defense-enhancement | |
| 15:10 | More intensive use of the Synchronizer Token Pattern for CSRF defense. check-in: 0a66be2b75 user: drh tags: csrf-defense-enhancement | |
| 14:32 | Strengthen CSRF requirements for the skin editor. check-in: 6912636dc3 user: drh tags: csrf-defense-enhancement | |
| 14:29 | Cleanup forms on the skin editor page. check-in: 5feae3fd75 user: drh tags: csrf-defense-enhancement | |
| 14:13 | Stronger CSRF token based on a SHA1 hash of the login cookie. check-in: ff3746c4c2 user: drh tags: csrf-defense-enhancement | |
| 13:18 | Try to simplify and rationalize the defenses against cross-site request forgery attacks. A hodgepodge of techniques have been used in the past. This changes attempts to make everything work more alike and to centralize CSRF defenses for easier auditing. check-in: 88a402fe2a user: drh tags: csrf-defense-enhancement | |
|
2023-09-14
| ||
| 08:25 | Add the ability for 'branch list' to filter the branches that have/have not been merged into the current branch. check-in: 8ff63db2e6 user: danield tags: trunk | |
| 08:04 | Update the built-in SQLite to version 3.43.1. check-in: 1fea5c2ce9 user: danield tags: trunk | |
|
2023-09-11
| ||
| 21:42 | Untangled some awkward grammar in the new doc section check-in: 383f6d4f1a user: wyoung tags: trunk | |
| 21:39 | Backed off on the strength of the disapprobation in the new "Converting Repositories on Windows" doc section, being both unnecessary and possibly wrong. check-in: 3e464b0265 user: wyoung tags: trunk | |
| 08:16 | Added the "Converting Repositories on Windows" section to the inout doc to cover a problem case involving PowerShell and to give solutions. check-in: 19c347b460 user: wyoung tags: trunk | |
|
2023-09-10
| ||
| 17:34 | Fix a bug in [1ef6499a9af8] which caused resolution of certain builtin symbolic names to not resolve. check-in: 7faa1f4e23 user: stephan tags: trunk | |
| 12:46 | Help text typo fix from [forum:987bf1b023|forum post 987bf1b023]. check-in: 0fd4bde736 user: stephan tags: trunk | |
|
2023-09-09
| ||
| 15:09 | Add missing mention of forum search in fts-config command. Reported in [forum:6eb7cec6aa|forum post 6eb7cec6aa]. check-in: 71b591af26 user: stephan tags: trunk | |
| 15:05 | Correct inability to use certain commands after doing (open --empty), as reported in [forum:04f86a038c|forum post 04f86a038c] and caused by [4d8c30265b]. check-in: 1ef6499a9a user: stephan tags: trunk | |
|
2023-09-08
| ||
| 11:43 | test-delta-apply help test fix reported in [forum:4c3f5658eb|forum post 4c3f5658eb]. check-in: dd62094499 user: stephan tags: trunk | |
|
2023-09-01
| ||
| 11:36 | Eliminate duplicate folders on the /dir page when using the Ardoise skin, caused by [32297dde2bee23] and reported by Martin G. in /chat. check-in: dedfb13bf6 user: stephan tags: trunk | |
| 05:48 | Eliminate duplicate folders on the /dir page when using the Blitz skin, caused by [32297dde2bee23] and reported by Martin G. in /chat. check-in: b6bb4a62be user: stephan tags: trunk | |
|
2023-08-31
| ||
| 12:20 | Show the complete CGI environment in the error log on a 418 hack attempt error. check-in: 0204f4aab5 user: drh tags: trunk | |
|
2023-08-30
| ||
| 19:42 | Improvements to the tools/codecheck1.c injection-attack static analyzer tool. check-in: 2afff83e7e user: drh tags: trunk | |
| 19:21 | Add new example pikchr to /pikchrshow. check-in: ff1c48a9bf user: stephan tags: trunk | |
|
2023-08-29
| ||
| 09:15 | On the /dir page, move the file/dir icons so that they are clickable, per request in [forum:65a3bd20f98980b2|forum post 65a3bd20f98980b2]. check-in: 32297dde2b user: stephan tags: trunk | |
|
2023-08-27
| ||
| 19:01 | On the /docdir page, omit the submenu and other page decorations. check-in: 0313f0f90d user: drh tags: trunk | |
| 18:42 | Add the /docdir page which is an alias for /dir with the "dx" query parameter. check-in: 5d7e153ff7 user: drh tags: trunk | |
| 18:15 | Add the "dx" query parameter to the "dir" page, which if present causes links to file to use /doc instead of /file. check-in: d4d10c0165 user: drh tags: trunk | |
|
2023-08-23
| ||
| 15:57 | New Pikchr that fixes text positioning on negative thickness lines. check-in: 2bdd36e4ad user: drh tags: trunk | |
| 15:36 | Update Pikchr to support zero-thickness objects. check-in: 8ed25a31b4 user: drh tags: trunk | |
|
2023-08-20
| ||
| 18:07 | Update the built-in zlib library to version 1.3. check-in: f1f1d6c4eb user: drh tags: trunk | |
| 10:00 | Carry forward [368d97869b] to the zlib 1.3 update. (The upstream ticket for [368d97869b] is commented as "Incorporated" and closed, see https://github.com/madler/zlib/issues/684, but doesn't seem to have landed in the zlib release package.) Closed-Leaf check-in: d8f4247b13 user: florian tags: zlib-update | |
| 09:58 | Carry forward [0f8bae079e] to the zlib 1.3 update. check-in: 65583e5b74 user: florian tags: zlib-update | |
| 09:42 | Update the built-in zlib to version 1.3, released on August 18, 2023. According to check-ins [eea86cee3a] and [511ad59ae3], all files from the doc/ and contrib/ada/ subdirectories are excluded. check-in: 97016e7e8a user: florian tags: zlib-update | |
|
2023-08-18
| ||
| 14:15 | Update the built-in SQLite to the latest 3.43.0 beta for testing. check-in: b5aa9f8ab4 user: drh tags: trunk | |
| 13:03 | Added "unicode61" to search setup usage message check-in: 9965e1d86f user: wyoung tags: trunk | |
| 12:17 | Add fts-config tokenizer unicode61 option. Prompted by [forum:a4bfcff66548a1ff|forum post a4bfcff66548a1ff]. check-in: e180dbb455 user: stephan tags: trunk | |
|
2023-08-14
| ||
| 21:09 | Make sure the EmailEvent object is completely zeroed whenever it is allocated. check-in: 33877fa50b user: drh tags: trunk | |
|
2023-08-12
| ||
| 19:24 | Update the built-in Pikchr to fix the "same" operator flow-control bug reported on the Pikchr forum. check-in: c21423eb69 user: drh tags: trunk | |
| 12:24 | Update the built-in SQLite to the latest 3.43.0 beta for testing. check-in: 16ee39539a user: drh tags: trunk | |
|
2023-08-08
| ||
| 11:26 | Disable rc_reload in the example rc(8) script in the OpenBSD docs. Reloading is unsupported by Fossil such that 'rcctl reload fossil' kills the process. Suggested by James Cook: [forum:73520532dd]. check-in: f0e1d0c958 user: mark tags: trunk | |
|
2023-08-05
| ||
| 21:18 | Two new notification options: "n" means to be notified for new forum threads only and "r" means to be notified for forum posts that are a reply to a post made by the user. check-in: d4361f6a94 user: drh tags: trunk | |
| 17:40 | Disallow user-choosen UserIDs that begin with "anonymous" or other reserved names. check-in: a7e9dd53ef user: drh tags: trunk | |
| 16:55 | Fix a typo in a comment. check-in: 19e6905cd2 user: drh tags: trunk | |
| 16:09 | Minor wording changes on the /unsubscribe page. check-in: 37f929e3ae user: drh tags: trunk | |
|
2023-08-04
| ||
| 13:27 | Update the built-in SQLite to fix a bug in json_remove(). This probably does not affect Fossil, but better safe than sorry. check-in: d3c850cf52 user: drh tags: trunk | |
|
2023-08-03
| ||
| 14:34 | Remove an overly aggressive call to cgi_check_for_malice() on the /login page. check-in: 57d3dbb11b user: drh tags: trunk | |
| 12:23 | Update to the change log. check-in: 928bac9934 user: drh tags: trunk | |
| 11:50 | Update the built-in SQLite to the latest code from the SQLite trunk, as a beta test of SQLite. check-in: 23cb537399 user: drh tags: trunk | |
|
2023-07-31
| ||
| 15:20 | Update the stale metrics at the bottom of www/aboutdownload.wiki. check-in: c9614f1b08 user: stephan tags: trunk | |
|
2023-07-28
| ||
| 16:18 | Avoid a potential 32-bit integer overflow when doing a diff on large files with large differences. check-in: 5882e9e878 user: drh tags: trunk | |
|
2023-07-25
| ||
| 12:35 | Updates to the change log. Various spelling and grammar fixes. check-in: e6569d3f63 user: danield tags: trunk | |
|
2023-07-24
| ||
| 11:58 | Deal with two C++-style comments. No functional changes. check-in: 99ab5cd8d6 user: danield tags: trunk | |
|
2023-07-23
| ||
| 20:28 | Show file sizes the the treeview. Other file browser enhancements. check-in: 73fe442a25 user: drh tags: trunk | |
| 20:27 | Improved CSS for the size field of tree-view. Closed-Leaf check-in: 06ab6d9c8b user: drh tags: filesize-listings | |
| 19:57 | Use the files_of_checkin virtual table to generate the file listings on the /dir page, instead of a bunch of C code that was written before files_of_checkin was invented. check-in: 15d9d5b097 user: drh tags: filesize-listings | |
|
2023-07-22
| ||
| 14:29 | Add the option to sort files by size in the tree-view. check-in: dedae5a123 user: drh tags: filesize-listings | |
|
2023-07-21
| ||
| 23:02 | Display file sizes in /dir and /tree, as per request in [forum:2a0cd67e77|forum post 2a0cd67e77]. check-in: fb0b7fe140 user: danield tags: filesize-listings | |
|
2023-07-18
| ||
| 13:36 | Improved defense against denial-of-service caused by hackers pounding Fossil with repeated requests that contain SQL injection attempts. If SQL injection is attempted, return a "Begone, Knave!" page with status code 418. check-in: 57f1e87254 user: drh tags: trunk | |
|
2023-07-17
| ||
| 12:31 | Fix should have gone on the verify-options-cgi branch, not on trunk. Closed-Leaf check-in: d276fd9b77 user: drh tags: verify-options-cgi | |
| 12:18 | In /raw and /secureraw, ensure that the "m" and "at" vars are fetched before the malice check. Typo fix in cgi.c. check-in: 83015b0d9a user: stephan tags: verify-options-cgi | |
| 12:13 | Improvements to the algorithm for detecting likely SQL injection text. check-in: 5d6efeee47 user: drh tags: verify-options-cgi | |
| 11:44 | Improve the error log message for 418 responses so that it includes the name of the offending query parameter. Require whitespace around keywords when trying to detect SQL. check-in: ef1702fde3 user: drh tags: verify-options-cgi | |
|
2023-07-16
| ||
| 20:55 | Fix typo on the 418 status code name. check-in: f39c878fe1 user: drh tags: verify-options-cgi | |
| 20:47 | Add calls to cgi_check_for_malice() on many more web pages. Log all 418 responses to the error log. check-in: 40266bf9b2 user: drh tags: verify-options-cgi | |