Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
100 most recent check-ins
|
2023-09-19
| ||
| 22:03 | Correction of simple typos in patch usage text. ... (Leaf check-in: 9b10bf45 user: mgagnon tags: trunk) | |
| 11:59 | Fix formatting for the help text of the 'branch' command. ... (check-in: 132af984 user: danield tags: trunk) | |
| 11:41 | Improvements to documentation for the "patch" command. ... (check-in: 14ebbe9d user: drh tags: trunk) | |
| 11:31 | Improvements to help-text HTML formatting. ... (check-in: ccc780f5 user: drh tags: trunk) | |
| 11:19 | Updates to the change log. ... (check-in: 5afa42e4 user: drh tags: trunk) | |
| 10:42 | Fix a harmless compiler warning in SQLite. This is a direct edit to the imported sqlite3.c file, which will be overwritten the next time we update SQLite. But that's ok since the warning is fixed in the SQLite tree too. ... (check-in: ead5a95b user: drh tags: trunk) | |
|
2023-09-18
| ||
| 22:27 | Whitespace fix in previous ... (check-in: f8bec8f7 user: wyoung tags: trunk) | |
| 22:26 | Removal of the Tcl example in §5.5 of the containers doc left hanging references in the Python example in a few places. ... (check-in: 40e537e9 user: wyoung tags: trunk) | |
| 22:10 | Added §5.6 to the containers doc, "Email Alerts," explaining how to get email alerts out by use of the included tools/email-sender.tcl script and the "write mail to DB" feature since the default option (sendmail -ti) won't work by default and it wouldn't be appropriate to make it work besides. This then obviated the earlier half-baked advice on injecting a Tcl environment into the container; the essential point is adequately made by the Python example, so there is no point trying to rescue this plan. ... (check-in: 616a37f4 user: wyoung tags: trunk) | |
| 20:43 | Merge the CSRF-defense enhancements into trunk. ... (check-in: 920ace17 user: drh tags: trunk) | |
| 17:13 | Omit the SameSite=strict specifier for the login cookie, since that prevents users from clicking a hyperlink on an email notification and then going directly to the relevant page and getting logged in. ... (Closed-Leaf check-in: fc5b49e9 user: drh tags: csrf-defense-enhancement) | |
| 15:36 | Set the "SameSite=strict" value on cookies (used for authentication) as a further defense-in-depth against CSRF attacks. ... (check-in: bc643c32 user: drh tags: csrf-defense-enhancement) | |
| 15:24 | Fix forum-post approval buttons so that they send the CSRF token. ... (check-in: bf9974cf user: drh tags: csrf-defense-enhancement) | |
| 15:10 | More intensive use of the Synchronizer Token Pattern for CSRF defense. ... (check-in: 0a66be2b user: drh tags: csrf-defense-enhancement) | |
| 14:32 | Strengthen CSRF requirements for the skin editor. ... (check-in: 6912636d user: drh tags: csrf-defense-enhancement) | |
| 14:29 | Cleanup forms on the skin editor page. ... (check-in: 5feae3fd user: drh tags: csrf-defense-enhancement) | |
| 14:13 | Stronger CSRF token based on a SHA1 hash of the login cookie. ... (check-in: ff3746c4 user: drh tags: csrf-defense-enhancement) | |
| 13:18 | Try to simplify and rationalize the defenses against cross-site request forgery attacks. A hodgepodge of techniques have been used in the past. This changes attempts to make everything work more alike and to centralize CSRF defenses for easier auditing. ... (check-in: 88a402fe user: drh tags: csrf-defense-enhancement) | |
|
2023-09-14
| ||
| 08:25 | Add the ability for 'branch list' to filter the branches that have/have not been merged into the current branch. ... (check-in: 8ff63db2 user: danield tags: trunk) | |
| 08:04 | Update the built-in SQLite to version 3.43.1. ... (check-in: 1fea5c2c user: danield tags: trunk) | |
|
2023-09-11
| ||
| 21:42 | Untangled some awkward grammar in the new doc section ... (check-in: 383f6d4f user: wyoung tags: trunk) | |
| 21:39 | Backed off on the strength of the disapprobation in the new "Converting Repositories on Windows" doc section, being both unnecessary and possibly wrong. ... (check-in: 3e464b02 user: wyoung tags: trunk) | |
| 08:16 | Added the "Converting Repositories on Windows" section to the inout doc to cover a problem case involving PowerShell and to give solutions. ... (check-in: 19c347b4 user: wyoung tags: trunk) | |
|
2023-09-10
| ||
| 17:34 | Fix a bug in [1ef6499a9af8] which caused resolution of certain builtin symbolic names to not resolve. ... (check-in: 7faa1f4e user: stephan tags: trunk) | |
| 12:46 | Help text typo fix from forum post 987bf1b023. ... (check-in: 0fd4bde7 user: stephan tags: trunk) | |
|
2023-09-09
| ||
| 15:09 | Add missing mention of forum search in fts-config command. Reported in forum post 6eb7cec6aa. ... (check-in: 71b591af user: stephan tags: trunk) | |
| 15:05 | Correct inability to use certain commands after doing (open --empty), as reported in forum post 04f86a038c and caused by [4d8c30265b]. ... (check-in: 1ef6499a user: stephan tags: trunk) | |
|
2023-09-08
| ||
| 11:43 | test-delta-apply help test fix reported in forum post 4c3f5658eb. ... (check-in: dd620944 user: stephan tags: trunk) | |
|
2023-09-01
| ||
| 11:36 | Eliminate duplicate folders on the /dir page when using the Ardoise skin, caused by [32297dde2bee23] and reported by Martin G. in /chat. ... (check-in: dedfb13b user: stephan tags: trunk) | |
| 05:48 | Eliminate duplicate folders on the /dir page when using the Blitz skin, caused by [32297dde2bee23] and reported by Martin G. in /chat. ... (check-in: b6bb4a62 user: stephan tags: trunk) | |
|
2023-08-31
| ||
| 12:20 | Show the complete CGI environment in the error log on a 418 hack attempt error. ... (check-in: 0204f4aa user: drh tags: trunk) | |
|
2023-08-30
| ||
| 19:42 | Improvements to the tools/codecheck1.c injection-attack static analyzer tool. ... (check-in: 2afff83e user: drh tags: trunk) | |
| 19:21 | Add new example pikchr to /pikchrshow. ... (check-in: ff1c48a9 user: stephan tags: trunk) | |
|
2023-08-29
| ||
| 09:15 | On the /dir page, move the file/dir icons so that they are clickable, per request in forum post 65a3bd20f98980b2. ... (check-in: 32297dde user: stephan tags: trunk) | |
|
2023-08-27
| ||
| 19:01 | On the /docdir page, omit the submenu and other page decorations. ... (check-in: 0313f0f9 user: drh tags: trunk) | |
| 18:42 | Add the /docdir page which is an alias for /dir with the "dx" query parameter. ... (check-in: 5d7e153f user: drh tags: trunk) | |
| 18:15 | Add the "dx" query parameter to the "dir" page, which if present causes links to file to use /doc instead of /file. ... (check-in: d4d10c01 user: drh tags: trunk) | |
|
2023-08-23
| ||
| 15:57 | New Pikchr that fixes text positioning on negative thickness lines. ... (check-in: 2bdd36e4 user: drh tags: trunk) | |
| 15:36 | Update Pikchr to support zero-thickness objects. ... (check-in: 8ed25a31 user: drh tags: trunk) | |
|
2023-08-20
| ||
| 18:07 | Update the built-in zlib library to version 1.3. ... (check-in: f1f1d6c4 user: drh tags: trunk) | |
| 10:00 | Carry forward [368d97869b] to the zlib 1.3 update. (The upstream ticket for [368d97869b] is commented as "Incorporated" and closed, see https://github.com/madler/zlib/issues/684, but doesn't seem to have landed in the zlib release package.) ... (Closed-Leaf check-in: d8f4247b user: florian tags: zlib-update) | |
| 09:58 | Carry forward [0f8bae079e] to the zlib 1.3 update. ... (check-in: 65583e5b user: florian tags: zlib-update) | |
| 09:42 | Update the built-in zlib to version 1.3, released on August 18, 2023. According to check-ins [eea86cee3a] and [511ad59ae3], all files from the doc/ and contrib/ada/ subdirectories are excluded. ... (check-in: 97016e7e user: florian tags: zlib-update) | |
|
2023-08-18
| ||
| 14:15 | Update the built-in SQLite to the latest 3.43.0 beta for testing. ... (check-in: b5aa9f8a user: drh tags: trunk) | |
| 13:03 | Added "unicode61" to search setup usage message ... (check-in: 9965e1d8 user: wyoung tags: trunk) | |
| 12:17 | Add fts-config tokenizer unicode61 option. Prompted by forum post a4bfcff66548a1ff. ... (check-in: e180dbb4 user: stephan tags: trunk) | |
|
2023-08-14
| ||
| 21:09 | Make sure the EmailEvent object is completely zeroed whenever it is allocated. ... (check-in: 33877fa5 user: drh tags: trunk) | |
|
2023-08-12
| ||
| 19:24 | Update the built-in Pikchr to fix the "same" operator flow-control bug reported on the Pikchr forum. ... (check-in: c21423eb user: drh tags: trunk) | |
| 12:24 | Update the built-in SQLite to the latest 3.43.0 beta for testing. ... (check-in: 16ee3953 user: drh tags: trunk) | |
|
2023-08-08
| ||
| 11:26 | Disable rc_reload in the example rc(8) script in the OpenBSD docs. Reloading is unsupported by Fossil such that 'rcctl reload fossil' kills the process. Suggested by James Cook: 73520532dd. ... (check-in: f0e1d0c9 user: mark tags: trunk) | |
|
2023-08-05
| ||
| 21:18 | Two new notification options: "n" means to be notified for new forum threads only and "r" means to be notified for forum posts that are a reply to a post made by the user. ... (check-in: d4361f6a user: drh tags: trunk) | |
| 17:40 | Disallow user-choosen UserIDs that begin with "anonymous" or other reserved names. ... (check-in: a7e9dd53 user: drh tags: trunk) | |
| 16:55 | Fix a typo in a comment. ... (check-in: 19e6905c user: drh tags: trunk) | |
| 16:09 | Minor wording changes on the /unsubscribe page. ... (check-in: 37f929e3 user: drh tags: trunk) | |
|
2023-08-04
| ||
| 13:27 | Update the built-in SQLite to fix a bug in json_remove(). This probably does not affect Fossil, but better safe than sorry. ... (check-in: d3c850cf user: drh tags: trunk) | |
|
2023-08-03
| ||
| 14:34 | Remove an overly aggressive call to cgi_check_for_malice() on the /login page. ... (check-in: 57d3dbb1 user: drh tags: trunk) | |
| 12:23 | Update to the change log. ... (check-in: 928bac99 user: drh tags: trunk) | |
| 11:50 | Update the built-in SQLite to the latest code from the SQLite trunk, as a beta test of SQLite. ... (check-in: 23cb5373 user: drh tags: trunk) | |
|
2023-07-31
| ||
| 15:20 | Update the stale metrics at the bottom of www/aboutdownload.wiki. ... (check-in: c9614f1b user: stephan tags: trunk) | |
|
2023-07-28
| ||
| 16:18 | Avoid a potential 32-bit integer overflow when doing a diff on large files with large differences. ... (check-in: 5882e9e8 user: drh tags: trunk) | |
|
2023-07-25
| ||
| 12:35 | Updates to the change log. Various spelling and grammar fixes. ... (check-in: e6569d3f user: danield tags: trunk) | |
|
2023-07-24
| ||
| 11:58 | Deal with two C++-style comments. No functional changes. ... (check-in: 99ab5cd8 user: danield tags: trunk) | |
|
2023-07-23
| ||
| 20:28 | Show file sizes the the treeview. Other file browser enhancements. ... (check-in: 73fe442a user: drh tags: trunk) | |
| 20:27 | Improved CSS for the size field of tree-view. ... (Closed-Leaf check-in: 06ab6d9c user: drh tags: filesize-listings) | |
| 19:57 | Use the files_of_checkin virtual table to generate the file listings on the /dir page, instead of a bunch of C code that was written before files_of_checkin was invented. ... (check-in: 15d9d5b0 user: drh tags: filesize-listings) | |
|
2023-07-22
| ||
| 14:29 | Add the option to sort files by size in the tree-view. ... (check-in: dedae5a1 user: drh tags: filesize-listings) | |
|
2023-07-21
| ||
| 23:02 | Display file sizes in /dir and /tree, as per request in forum post 2a0cd67e77. ... (check-in: fb0b7fe1 user: danield tags: filesize-listings) | |
|
2023-07-18
| ||
| 13:36 | Improved defense against denial-of-service caused by hackers pounding Fossil with repeated requests that contain SQL injection attempts. If SQL injection is attempted, return a "Begone, Knave!" page with status code 418. ... (check-in: 57f1e872 user: drh tags: trunk) | |
|
2023-07-17
| ||
| 12:31 | Fix should have gone on the verify-options-cgi branch, not on trunk. ... (Closed-Leaf check-in: d276fd9b user: drh tags: verify-options-cgi) | |
| 12:28 | Make sure query parameter "t" is marked as isFetched even if it is renamed from "r". ... (check-in: 2b72f337 user: drh tags: trunk) | |
| 12:18 | In /raw and /secureraw, ensure that the "m" and "at" vars are fetched before the malice check. Typo fix in cgi.c. ... (check-in: 83015b0d user: stephan tags: verify-options-cgi) | |
| 12:13 | Improvements to the algorithm for detecting likely SQL injection text. ... (check-in: 5d6efeee user: drh tags: verify-options-cgi) | |
| 11:44 | Improve the error log message for 418 responses so that it includes the name of the offending query parameter. Require whitespace around keywords when trying to detect SQL. ... (check-in: ef1702fd user: drh tags: verify-options-cgi) | |
|
2023-07-16
| ||
| 20:55 | Fix typo on the 418 status code name. ... (check-in: f39c878f user: drh tags: verify-options-cgi) | |
| 20:47 | Add calls to cgi_check_for_malice() on many more web pages. Log all 418 responses to the error log. ... (check-in: 40266bf9 user: drh tags: verify-options-cgi) | |
| 10:35 | Rename verify_all_options_cgi() to cgi_check_for_malice(). Add more comments explaining what the function is intended for. Add calls to cgi_check_for_malice() to a few new webpages. ... (check-in: 5a8063a8 user: drh tags: verify-options-cgi) | |
|
2023-07-15
| ||
| 13:57 | Add verify_all_options_cgi(), which works similarly to verify_all_options() but only fails if it finds CGI GET/POST arguments which (A) have not been fetched via P(), PD(), or similar, and (B) fail cgi_value_spider_check(). Currently only applied on the /ci page. ... (check-in: a065940a user: stephan tags: verify-options-cgi) | |
|
2023-07-13
| ||
| 12:13 | Reconcile a test in the FTS search with its original intent in [196dfedf7fc]; reported in forum post fa13ae06d. ... (check-in: e8821162 user: danield tags: trunk) | |
|
2023-07-10
| ||
| 12:59 | The "fossil repack" command should run VACUUM if either new compression opportunities were found *or* if the freelist count is positive. ... (check-in: 4d9ede80 user: drh tags: trunk) | |
| 12:50 | In the fts-config command and on the /srchsetup page, show how much space is used by the full-text index. ... (check-in: 5c5e5492 user: drh tags: trunk) | |
|
2023-07-09
| ||
| 03:13 | Show default value of settings that have a default in 'fossil help SETTING' output. These values are otherwise only documented in the source code. ok stephan, danield ... (check-in: 1e1a319e user: mark tags: trunk) | |
|
2023-07-08
| ||
| 18:22 | Remove some now-stale auto.def documentation. ... (check-in: bb66461f user: stephan tags: trunk) | |
| 18:13 | Resolve inadvertent fork caused by two exact-same-second check-ins. ... (check-in: 5cf0da6e user: stephan tags: trunk) | |
| 18:11 | Update the built-in SQLite to a new version that includes proper "LL" suffixes on all 64-bit integer literals. ... (check-in: 06fb3f81 user: drh tags: trunk) | |
| 18:11 | Replace --no-compile-commands configure flag with --compile-commands. i.e. make the feature explicitly opt-in, as the automatic guess is breaking builds on some platforms. ... (check-in: 7e9a242b user: stephan tags: trunk) | |
| 18:08 | Replace --no-compile-commands configure flag with --compile-commands. i.e. make the feature explicitly opt-in, as the automatic guess is breaking builds on some platforms. (Edit: rolling back - contains inadvertent test edits.) ... (Closed-Leaf check-in: fb116a20 user: stephan tags: mistake) | |
| 14:36 | Update the built-in SQLite to the latest 3.43.0 alpha for testing. ... (check-in: 65c6bda8 user: drh tags: trunk) | |
|
2023-07-07
| ||
| 18:23 | The cpnode table used for cherrypick timelines should be a TEMP table. ... (check-in: 2478837b user: drh tags: trunk) | |
| 11:55 |
JSON API: mention 'priorName' of renamed files in status report
As discussed with Stephan in /chat. File objects in the renamed case possess a 'priorName' property in addition to the 'name' reported in all cases. ... (check-in: f8d6e8c1 user: mark tags: trunk) | |
| 03:17 | URL fixes in recent sync.wiki edit ... (check-in: 6fd7e00d user: wyoung tags: trunk) | |
|
2023-07-04
| ||
| 18:00 | Updates to the sync protocol documentation. ... (check-in: e57613dc user: drh tags: trunk) | |
|
2023-07-01
| ||
| 16:51 | Update (json status) docs for [771e592b4c59]. ... (check-in: 2868a0ec user: stephan tags: trunk) | |
| 16:06 |
give 'json status' the same rename treatment as recent status work
As reported by larrybr on the forum: 9e9778f2e6, 'fossil json status' reports renamed _and_ edited files as only renamed. This change reports such cases as both edited and renamed, and displays the filename prior to being renamed as well as the renamed path. We now also update the vfile table before generating the status report to ensure the current checkout state is reported. ... (check-in: 771e592b user: mark tags: trunk) | |
|
2023-06-30
| ||
| 07:28 | Update documentation: check-in name 'start:' can be chained as well. ... (check-in: 36adf66b user: danield tags: trunk) | |
|
2023-06-28
| ||
| 12:40 |
report renamed state when file is both edited and renamed
In `fossil {changes,status}` and the commit description shown in the editor with `fossil commit`, show the original and renamed path annotation if the file has been renamed and edited. Prior to this, the file was only reported as edited, which can be confusing. Reported by James Cook 5a4c530e6b. Discussed with stephan@ and danield@, plus some forum members. While here, make sure we honour the relative-paths setting/option when displaying the original pathname in the renamed case. ... (check-in: ca9d0ddf user: mark tags: trunk) | |
|
2023-06-23
| ||
| 22:15 | Check-in [bdde964e06128a02] got the test for text/html exactly backwards. ... (check-in: c6115dbf user: drh tags: trunk) | |
| 17:40 | Unconditionally disable compile_commands.json generation for out-of-tree builds, in an attempt to work around a problem reported in forum post d19061d09a8179. ... (check-in: 35f3e5bf user: stephan tags: trunk) | |
| 16:34 | Do not show the Close button on forum posts which are pending moderation. ... (check-in: 355a81be user: stephan tags: trunk) | |
| 12:29 | Use the new octet_length() SQL function in place of length() where it is appropriate to do so. ... (check-in: 604e1a67 user: drh tags: trunk) | |
| 11:43 | Update the built-in SQLite to the first check-in that supports the octet_length() SQL function so that we can use that function in the Fossil implementation. ... (check-in: 9f8e9cbd user: drh tags: trunk) | |