Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Difference From d21e3c5a3ad30525 To 025a007249d38962
2021-03-03
| ||
17:28 | The various diff-rendering pages now have toggles to show/hide individual diffs, as discussed in 0f751ad9c8. ... (check-in: 877246cf user: stephan tags: trunk) | |
17:24 | leaves command now shows the branch point of each leaf, as discussed in 5e52d31d2e. ... (check-in: d21e3c5a user: stephan tags: trunk) | |
17:21 | Further adjustments to the default CSP to allow in-line images. ... (check-in: c184d646 user: drh tags: trunk) | |
16:41 | Relax the built-in CSP to remove all restrictions on the source of images. ... (check-in: 025a0072 user: drh tags: trunk) | |
12:31 | Change Quick Start to store the repository file outside the working directory. ... (check-in: 1ce4fd2f user: danield tags: trunk) | |
2021-03-01
| ||
03:00 | Merged in trunk. ... (Closed-Leaf check-in: ab047b62 user: stephan tags: leaves-command-branched-from) | |
Changes to src/checkin.c.
︙ | ︙ | |||
1737 1738 1739 1740 1741 1742 1743 | db_prepare(&q, "SELECT merge FROM vmerge WHERE id=0 OR id<-2"); while( db_step(&q)==SQLITE_ROW ){ char *zMergeUuid; int mid = db_column_int(&q, 0); if( (!g.markPrivate && content_is_private(mid)) || (mid == vid) ){ continue; } | | | 1737 1738 1739 1740 1741 1742 1743 1744 1745 1746 1747 1748 1749 1750 1751 | db_prepare(&q, "SELECT merge FROM vmerge WHERE id=0 OR id<-2"); while( db_step(&q)==SQLITE_ROW ){ char *zMergeUuid; int mid = db_column_int(&q, 0); if( (!g.markPrivate && content_is_private(mid)) || (mid == vid) ){ continue; } zMergeUuid = db_text(0, "SELECT uuid FROM blob WHERE rid=%d", mid); if( zMergeUuid ){ blob_appendf(pOut, " %s", zMergeUuid); if( p->verifyDate ) checkin_verify_younger(mid, zMergeUuid, zDate); free(zMergeUuid); } } db_finalize(&q); |
︙ | ︙ |
Changes to src/db.c.
︙ | ︙ | |||
4216 4217 4218 4219 4220 4221 4222 | ** ** If this setting is an empty string or is omitted, then ** the following default Content Security Policy is used: ** ** default-src 'self' data:; ** script-src 'self' 'nonce-$nonce'; ** style-src 'self' 'unsafe-inline'; | | | 4216 4217 4218 4219 4220 4221 4222 4223 4224 4225 4226 4227 4228 4229 4230 | ** ** If this setting is an empty string or is omitted, then ** the following default Content Security Policy is used: ** ** default-src 'self' data:; ** script-src 'self' 'nonce-$nonce'; ** style-src 'self' 'unsafe-inline'; ** img-src *; ** ** The default CSP is recommended. The main reason to change ** this setting would be to add CDNs from which it is safe to ** load additional content. */ /* ** SETTING: uv-sync boolean default=off |
︙ | ︙ |
Changes to src/descendants.c.
︙ | ︙ | |||
420 421 422 423 424 425 426 | int recomputeFlag = find_option("recompute",0,0)!=0; int byBranch = find_option("bybranch",0,0)!=0; int multipleFlag = find_option("multiple","m",0)!=0; const char *zWidth = find_option("width","W",1); char *zLastBr = 0; int n, width; char zLineNo[10]; | < | 420 421 422 423 424 425 426 427 428 429 430 431 432 433 | int recomputeFlag = find_option("recompute",0,0)!=0; int byBranch = find_option("bybranch",0,0)!=0; int multipleFlag = find_option("multiple","m",0)!=0; const char *zWidth = find_option("width","W",1); char *zLastBr = 0; int n, width; char zLineNo[10]; if( multipleFlag ) byBranch = 1; if( zWidth ){ width = atoi(zWidth); if( (width!=0) && (width<=39) ){ fossil_fatal("-W|--width value must be >39 or 0"); } |
︙ | ︙ | |||
490 491 492 493 494 495 496 | blob_reset(&sql); n = 0; while( db_step(&q)==SQLITE_ROW ){ const char *zId = db_column_text(&q, 1); const char *zDate = db_column_text(&q, 2); const char *zCom = db_column_text(&q, 3); const char *zBr = db_column_text(&q, 7); | | < < < < < < < < < < < | < < < | 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 | blob_reset(&sql); n = 0; while( db_step(&q)==SQLITE_ROW ){ const char *zId = db_column_text(&q, 1); const char *zDate = db_column_text(&q, 2); const char *zCom = db_column_text(&q, 3); const char *zBr = db_column_text(&q, 7); char *z; if( byBranch && fossil_strcmp(zBr, zLastBr)!=0 ){ fossil_print("*** %s ***\n", zBr); fossil_free(zLastBr); zLastBr = fossil_strdup(zBr); if( multipleFlag ) n = 0; } n++; sqlite3_snprintf(sizeof(zLineNo), zLineNo, "(%d)", n); fossil_print("%6s ", zLineNo); z = mprintf("%s [%S] %s", zDate, zId, zCom); comment_print(z, zCom, 7, width, get_comment_format()); fossil_free(z); } fossil_free(zLastBr); db_finalize(&q); } /* ** WEBPAGE: leaves ** |
︙ | ︙ |
Changes to src/style.c.
︙ | ︙ | |||
545 546 547 548 549 550 551 | ** The CSP comes from the "default-csp" setting if it exists and ** is non-empty. If that setting is an empty string, then the following ** default is used instead: ** ** default-src 'self' data:; ** script-src 'self' 'nonce-$nonce'; ** style-src 'self' 'unsafe-inline'; | | | | 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571 572 | ** The CSP comes from the "default-csp" setting if it exists and ** is non-empty. If that setting is an empty string, then the following ** default is used instead: ** ** default-src 'self' data:; ** script-src 'self' 'nonce-$nonce'; ** style-src 'self' 'unsafe-inline'; ** img-src *; ** ** The text '$nonce' is replaced by style_nonce() if and whereever it ** occurs in the input string. ** ** The string returned is obtained from fossil_malloc() and ** should be released by the caller. */ char *style_csp(int toHeader){ static const char zBackupCSP[] = "default-src 'self' data:; " "script-src 'self' 'nonce-$nonce'; " "style-src 'self' 'unsafe-inline'; " "img-src *"; const char *zFormat; Blob csp; char *zNonce; char *zCsp; int i; if( disableCSP ) return fossil_strdup(""); zFormat = db_get("default-csp",""); |
︙ | ︙ |
Changes to www/changes.wiki.
︙ | ︙ | |||
49 50 51 52 53 54 55 | default built-in skin has been made generic so that it is usable by a variety of skins, and promoted to an ordinary built-in javascript file. * New TH1 commands: "[/doc/trunk/www/th1.md#bireqjs|builtin_request_js]", "[/doc/trunk/www/th1.md#capexpr|capexpr]", "foreach", "lappend", and "string match" | < < | 49 50 51 52 53 54 55 56 57 58 59 60 61 62 | default built-in skin has been made generic so that it is usable by a variety of skins, and promoted to an ordinary built-in javascript file. * New TH1 commands: "[/doc/trunk/www/th1.md#bireqjs|builtin_request_js]", "[/doc/trunk/www/th1.md#capexpr|capexpr]", "foreach", "lappend", and "string match" <a name='v2_14'></a> <h2>Changes for Version 2.14 (2021-01-20)</h2> * <b>Schema Update Notice #1:</b> This release drops a trigger from the database schema (replacing it with a TEMP trigger that is created as needed). This |
︙ | ︙ |
Changes to www/defcsp.md.
︙ | ︙ | |||
24 25 26 27 28 29 30 | The default CSP used by Fossil is as follows: <pre> default-src 'self' data:; script-src 'self' 'nonce-$nonce'; style-src 'self' 'unsafe-inline'; | | | 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 | The default CSP used by Fossil is as follows: <pre> default-src 'self' data:; script-src 'self' 'nonce-$nonce'; style-src 'self' 'unsafe-inline'; img-src *; </pre> The default is recommended for most installations. However, the site administrators can overwrite this default DSP using the [default-csp setting](/help?cmd=default-csp). For example, CSP restrictions can be completely disabled by setting the default-csp to: |
︙ | ︙ |