Fossil

Check-in Differences
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Difference From 025a007249d38962 To d21e3c5a3ad30525

2021-03-03
17:28
The various diff-rendering pages now have toggles to show/hide individual diffs, as discussed in 0f751ad9c8. ... (check-in: 877246cf user: stephan tags: trunk)
17:24
leaves command now shows the branch point of each leaf, as discussed in 5e52d31d2e. ... (check-in: d21e3c5a user: stephan tags: trunk)
17:21
Further adjustments to the default CSP to allow in-line images. ... (check-in: c184d646 user: drh tags: trunk)
16:41
Relax the built-in CSP to remove all restrictions on the source of images. ... (check-in: 025a0072 user: drh tags: trunk)
12:31
Change Quick Start to store the repository file outside the working directory. ... (check-in: 1ce4fd2f user: danield tags: trunk)
2021-03-01
03:00
Merged in trunk. ... (Closed-Leaf check-in: ab047b62 user: stephan tags: leaves-command-branched-from)

Changes to src/checkin.c.

1737
1738
1739
1740
1741
1742
1743
1744
1745
1746
1747
1748
1749
1750
1751
    db_prepare(&q, "SELECT merge FROM vmerge WHERE id=0 OR id<-2");
    while( db_step(&q)==SQLITE_ROW ){
      char *zMergeUuid;
      int mid = db_column_int(&q, 0);
      if( (!g.markPrivate && content_is_private(mid)) || (mid == vid) ){
        continue;
      }
      zMergeUuid = db_text(0, "SELECT uuid FROM blob WHERE rid=%d", mid);
      if( zMergeUuid ){
        blob_appendf(pOut, " %s", zMergeUuid);
        if( p->verifyDate ) checkin_verify_younger(mid, zMergeUuid, zDate);
        free(zMergeUuid);
      }
    }
    db_finalize(&q);







|







1737
1738
1739
1740
1741
1742
1743
1744
1745
1746
1747
1748
1749
1750
1751
    db_prepare(&q, "SELECT merge FROM vmerge WHERE id=0 OR id<-2");
    while( db_step(&q)==SQLITE_ROW ){
      char *zMergeUuid;
      int mid = db_column_int(&q, 0);
      if( (!g.markPrivate && content_is_private(mid)) || (mid == vid) ){
        continue;
      }
      zMergeUuid = rid_to_uuid(mid);
      if( zMergeUuid ){
        blob_appendf(pOut, " %s", zMergeUuid);
        if( p->verifyDate ) checkin_verify_younger(mid, zMergeUuid, zDate);
        free(zMergeUuid);
      }
    }
    db_finalize(&q);

Changes to src/db.c.

4216
4217
4218
4219
4220
4221
4222
4223
4224
4225
4226
4227
4228
4229
4230
**
** If this setting is an empty string or is omitted, then
** the following default Content Security Policy is used:
**
**     default-src 'self' data:;
**     script-src 'self' 'nonce-$nonce';
**     style-src 'self' 'unsafe-inline';
**     img-src *;
**
** The default CSP is recommended.  The main reason to change
** this setting would be to add CDNs from which it is safe to
** load additional content.
*/
/*
** SETTING: uv-sync          boolean default=off







|







4216
4217
4218
4219
4220
4221
4222
4223
4224
4225
4226
4227
4228
4229
4230
**
** If this setting is an empty string or is omitted, then
** the following default Content Security Policy is used:
**
**     default-src 'self' data:;
**     script-src 'self' 'nonce-$nonce';
**     style-src 'self' 'unsafe-inline';
**     img-src * data:;
**
** The default CSP is recommended.  The main reason to change
** this setting would be to add CDNs from which it is safe to
** load additional content.
*/
/*
** SETTING: uv-sync          boolean default=off

Changes to src/descendants.c.

420
421
422
423
424
425
426

427
428
429
430
431
432
433
  int recomputeFlag = find_option("recompute",0,0)!=0;
  int byBranch = find_option("bybranch",0,0)!=0;
  int multipleFlag = find_option("multiple","m",0)!=0;
  const char *zWidth = find_option("width","W",1);
  char *zLastBr = 0;
  int n, width;
  char zLineNo[10];


  if( multipleFlag ) byBranch = 1;
  if( zWidth ){
    width = atoi(zWidth);
    if( (width!=0) && (width<=39) ){
      fossil_fatal("-W|--width value must be >39 or 0");
    }







>







420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
  int recomputeFlag = find_option("recompute",0,0)!=0;
  int byBranch = find_option("bybranch",0,0)!=0;
  int multipleFlag = find_option("multiple","m",0)!=0;
  const char *zWidth = find_option("width","W",1);
  char *zLastBr = 0;
  int n, width;
  char zLineNo[10];
  char * const zMainBranch = db_get("main-branch","trunk");

  if( multipleFlag ) byBranch = 1;
  if( zWidth ){
    width = atoi(zWidth);
    if( (width!=0) && (width<=39) ){
      fossil_fatal("-W|--width value must be >39 or 0");
    }
489
490
491
492
493
494
495
496

497
498
499
500
501
502
503
504
505
506










507

508
509

510

511
512
513
514
515
516
517
  blob_reset(&sql);
  n = 0;
  while( db_step(&q)==SQLITE_ROW ){
    const char *zId = db_column_text(&q, 1);
    const char *zDate = db_column_text(&q, 2);
    const char *zCom = db_column_text(&q, 3);
    const char *zBr = db_column_text(&q, 7);
    char *z;


    if( byBranch && fossil_strcmp(zBr, zLastBr)!=0 ){
      fossil_print("*** %s ***\n", zBr);
      fossil_free(zLastBr);
      zLastBr = fossil_strdup(zBr);
      if( multipleFlag ) n = 0;
    }
    n++;
    sqlite3_snprintf(sizeof(zLineNo), zLineNo, "(%d)", n);
    fossil_print("%6s ", zLineNo);










    z = mprintf("%s [%S] %s", zDate, zId, zCom);

    comment_print(z, zCom, 7, width, get_comment_format());
    fossil_free(z);

  }

  fossil_free(zLastBr);
  db_finalize(&q);
}

/*
** WEBPAGE: leaves
**







|
>










>
>
>
>
>
>
>
>
>
>
|
>


>

>







490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
  blob_reset(&sql);
  n = 0;
  while( db_step(&q)==SQLITE_ROW ){
    const char *zId = db_column_text(&q, 1);
    const char *zDate = db_column_text(&q, 2);
    const char *zCom = db_column_text(&q, 3);
    const char *zBr = db_column_text(&q, 7);
    char *z = 0;
    char * zBranchPoint = 0;

    if( byBranch && fossil_strcmp(zBr, zLastBr)!=0 ){
      fossil_print("*** %s ***\n", zBr);
      fossil_free(zLastBr);
      zLastBr = fossil_strdup(zBr);
      if( multipleFlag ) n = 0;
    }
    n++;
    sqlite3_snprintf(sizeof(zLineNo), zLineNo, "(%d)", n);
    fossil_print("%6s ", zLineNo);
    if(0!=fossil_strcmp(zBr,zMainBranch)){
      int ridOfRoot;
      z = mprintf("root:%s", zId);
      ridOfRoot = symbolic_name_to_rid(z, "ci");
      if(ridOfRoot>0){
        zBranchPoint = mprintf(" (branched from: [%.*z])", hash_digits(0),
                               rid_to_uuid(ridOfRoot));
      }
      fossil_free(z);
    }
    z = mprintf("%s [%S] %s%s", zDate, zId, zCom,
                zBranchPoint ? zBranchPoint : "");
    comment_print(z, zCom, 7, width, get_comment_format());
    fossil_free(z);
    fossil_free(zBranchPoint);
  }
  fossil_free(zMainBranch);
  fossil_free(zLastBr);
  db_finalize(&q);
}

/*
** WEBPAGE: leaves
**

Changes to src/style.c.

545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
** The CSP comes from the "default-csp" setting if it exists and
** is non-empty.  If that setting is an empty string, then the following
** default is used instead:
**
**     default-src 'self' data:;
**     script-src 'self' 'nonce-$nonce';
**     style-src 'self' 'unsafe-inline';
**     img-src *;
**
** The text '$nonce' is replaced by style_nonce() if and whereever it
** occurs in the input string.
**
** The string returned is obtained from fossil_malloc() and
** should be released by the caller.
*/
char *style_csp(int toHeader){
  static const char zBackupCSP[] = 
   "default-src 'self' data:; "
   "script-src 'self' 'nonce-$nonce'; "
   "style-src 'self' 'unsafe-inline'; "
   "img-src *";
  const char *zFormat;
  Blob csp;
  char *zNonce;
  char *zCsp;
  int i;
  if( disableCSP ) return fossil_strdup("");
  zFormat = db_get("default-csp","");







|












|







545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
** The CSP comes from the "default-csp" setting if it exists and
** is non-empty.  If that setting is an empty string, then the following
** default is used instead:
**
**     default-src 'self' data:;
**     script-src 'self' 'nonce-$nonce';
**     style-src 'self' 'unsafe-inline';
**     img-src * data:;
**
** The text '$nonce' is replaced by style_nonce() if and whereever it
** occurs in the input string.
**
** The string returned is obtained from fossil_malloc() and
** should be released by the caller.
*/
char *style_csp(int toHeader){
  static const char zBackupCSP[] = 
   "default-src 'self' data:; "
   "script-src 'self' 'nonce-$nonce'; "
   "style-src 'self' 'unsafe-inline'; "
   "img-src * data:";
  const char *zFormat;
  Blob csp;
  char *zNonce;
  char *zCsp;
  int i;
  if( disableCSP ) return fossil_strdup("");
  zFormat = db_get("default-csp","");

Changes to www/changes.wiki.

49
50
51
52
53
54
55


56
57
58
59
60
61
62
     default built-in skin has been made generic so that it is usable
     by a variety of skins, and promoted to an ordinary built-in
     javascript file.
  *  New TH1 commands:  
     "[/doc/trunk/www/th1.md#bireqjs|builtin_request_js]",
     "[/doc/trunk/www/th1.md#capexpr|capexpr]",
     "foreach", "lappend", and "string match"



<a name='v2_14'></a>
<h2>Changes for Version 2.14 (2021-01-20)</h2>

  *  <b>Schema Update Notice #1:</b>
     This release drops a trigger from the database schema (replacing
     it with a TEMP trigger that is created as needed).  This







>
>







49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
     default built-in skin has been made generic so that it is usable
     by a variety of skins, and promoted to an ordinary built-in
     javascript file.
  *  New TH1 commands:  
     "[/doc/trunk/www/th1.md#bireqjs|builtin_request_js]",
     "[/doc/trunk/www/th1.md#capexpr|capexpr]",
     "foreach", "lappend", and "string match"
  *  The [/help/leaves|leaves command] now shows the branch point
     of each leaf.

<a name='v2_14'></a>
<h2>Changes for Version 2.14 (2021-01-20)</h2>

  *  <b>Schema Update Notice #1:</b>
     This release drops a trigger from the database schema (replacing
     it with a TEMP trigger that is created as needed).  This

Changes to www/defcsp.md.

24
25
26
27
28
29
30
31
32
33
34
35
36
37
38

The default CSP used by Fossil is as follows:

<pre>
     default-src 'self' data:;
     script-src 'self' 'nonce-$nonce';
     style-src 'self' 'unsafe-inline';
     img-src *;
</pre>

The default is recommended for most installations.  However,
the site administrators can overwrite this default DSP using the
[default-csp setting](/help?cmd=default-csp).  For example,
CSP restrictions can be completely disabled by setting the default-csp to:








|







24
25
26
27
28
29
30
31
32
33
34
35
36
37
38

The default CSP used by Fossil is as follows:

<pre>
     default-src 'self' data:;
     script-src 'self' 'nonce-$nonce';
     style-src 'self' 'unsafe-inline';
     img-src * data:;
</pre>

The default is recommended for most installations.  However,
the site administrators can overwrite this default DSP using the
[default-csp setting](/help?cmd=default-csp).  For example,
CSP restrictions can be completely disabled by setting the default-csp to: