Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
50 most recent check-ins by user stephan
|
2025-09-11
| ||
| 10:17 | Add a missing return in cgi_fread() for builds without FOSSIL_ENABLE_SSL. ... (check-in: 1cd8163045 user: stephan tags: trunk) | |
|
2025-09-02
| ||
| 12:52 | Minor internal doc updates. No code changes. ... (check-in: 65448438e8 user: stephan tags: trunk) | |
| 12:51 | Change the link to fnc to use its new canonical home, fnc.sh, as pointed out by Florian in the forum. ... (check-in: accce714cc user: stephan tags: trunk) | |
|
2025-09-01
| ||
| 17:17 | Finish writing a doc sentence started in the previous checkin. ... (check-in: 7a3d6d7057 user: stephan tags: trunk) | |
| 16:58 | Add a CSRF check to /chat-send. ... (check-in: 4caa8cb9ff user: stephan tags: trunk) | |
| 15:37 | Reject all GET/COOKIE vars in which the values contain control characters. ... (check-in: 0c1419a466 user: stephan tags: trunk) | |
| 15:27 | An alternate approach to [ae8fc0e0b5e6] which instead rejects all GET and COOKIE values which, after decoding, contain any control characters. We have(?) no(?) use cases where control characters are legitimately needed for GET/COOKIE values. ... (Closed-Leaf check-in: c61ae84cab user: stephan tags: no-ctrl-chars) | |
|
2025-08-22
| ||
| 15:49 | When deleting cookies via /cookies, use a path of "/" for ROBOT_COOKIE. The alternative would be to set that cookie to be repo-local (i.e. set its path to g.zTop), which would be unfortunate for servers which host many fossils. ... (check-in: 55c972103f user: stephan tags: trunk) | |
|
2025-08-21
| ||
| 14:13 | Add /reports to the default robot-restrict setting. ... (check-in: 12d871a00a user: stephan tags: trunk) | |
|
2025-08-17
| ||
| 19:38 | Wrap the robot_restrict() JS check in an onload handler so that it won't run until the external resources (namely style.css) are loaded. ... (check-in: e5991efb68 user: stephan tags: trunk) | |
| 17:47 | Because this new check is too fast to see the progress indicator, make the final result label more explicit. ... (check-in: b6cf0c2052 user: stephan tags: robotck-instant) | |
| 15:37 | Move the z-level style into default.css, in case the adversaries read inlined STYLE tags (which now, in hindsight, seems more likely to me). Change the HTTP result code from robot_proofofwork() to a non-200 code, the hope being that the adversaries will stop on a non-200 code. ... (check-in: c7ad43638d user: stephan tags: robotck-instant) | |
| 15:00 | Remove some dead code from /chat. ... (check-in: 144c5dbe00 user: stephan tags: trunk) | |
| 14:52 | Correct a mis-calculation of fontSize for /chat attachments which use the Embed checkbox. ... (check-in: e3f0dcc325 user: stephan tags: trunk) | |
| 13:21 | Add a comment explaining why document.body's z-level is explicitly set to 0. Remove some EOL whitespace. ... (check-in: 7c57a20ebd user: stephan tags: robotck-instant) | |
| 12:52 | Add (stash rename) to the changelog. ... (check-in: c834adb656 user: stephan tags: trunk) | |
| 12:50 | Add (stash rename) subcommand to change the label associated with a stash entry. ... (check-in: 1aaa6fc58d user: stephan tags: trunk) | |
| 12:29 | Fix the previous checkin to actually compute the work value. This slows it down by a tiny fraction of a second but it's still effectively instant. This calculation can be moved up a level into the C code to turn this back into an instant operation, but leaving it on the client seems like a reasonable choice. ... (check-in: c27cfa9f60 user: stephan tags: robotck-instant) | |
| 12:10 | An experiment in reducing the proof-of-work to a single operation. (This description is intentionally vague.) ... (check-in: b765e65267 user: stephan tags: robotck-instant) | |
|
2025-08-16
| ||
| 10:10 | Correct the signature of an extern decl of fossil_strndup(), as reported in forum post 21ac5f59a0. ... (check-in: d546932976 user: stephan tags: trunk) | |
|
2025-08-15
| ||
| 12:32 | Allow /xfer to service anonymous clones if they have any of the Clone, Zip, or Read permissions. This is a temporary measure, as described in the code's comments. ... (Closed-Leaf check-in: f9547c7c84 user: stephan tags: relaxed-clone-permissions) | |
|
2025-08-07
| ||
| 19:46 | Add an assert() in a block which cannot happen. It survives 'reconstruct', so we can probably remove the block, but leaving it around for a while seems prudent. ... (check-in: 7d4af37f39 user: stephan tags: trunk) | |
|
2025-08-04
| ||
| 23:58 | Add a NULL check where a change from [4c3e1728e1b1a9cb] inadvertently changed the semantics from NULL=="" to NULL==NULL, triggering a null pointer deref via backlinks parsing. Triggered by rebuild when encountering a tag with no value. ... (check-in: 441264b759 user: stephan tags: trunk) | |
|
2025-08-03
| ||
| 11:31 | Eliminate a superfluous allocation and have freepass() zero out its storage to avoid a duplicate free() in the very off chance that it's ever called twice. These are cleanups made in passing, not fixing known problems. ... (check-in: 1c9d5cd81d user: stephan tags: trunk) | |
|
2025-08-02
| ||
| 17:56 | Add the (user whoami) subcommand, which figures out who you are via db_find_and_open_repository(). In response to forum thread a174e200b018abbd. ... (check-in: a06df610c9 user: stephan tags: user-whoami) | |
|
2025-08-01
| ||
| 13:03 | Fix diff -tk's handling of the file list when the Reload button is tapped and the list of files is changed. Problem reported in /chat. ... (check-in: 4bb41f9242 user: stephan tags: trunk) | |
| 12:08 | Change all datetime() calls in tktsetup.c to use toLocal() as their second argument so that they display in the configured timezone. This should resolve forum thread 82ac9af1533f78f7. ... (check-in: 2a39681ad1 user: stephan tags: trunk) | |
|
2025-07-27
| ||
| 11:58 | When unversioned content is saved, add an entry to the admin log. ... (check-in: 7991defa6f user: stephan tags: trunk) | |
| 11:07 | Teach the sync protocol how to work with an out-of-band login card, saving an extra server-side copy of the sync content which is required only to account for an inlined login card. i.e. it saves RAM, potentially lots of it. The new login card mechanism is instead transported via an HTTP header. This also, not coincidentally, simplifies implementation of the login card in non-fossil(1) clients which are currently learning to speak the sync protocol. ... (check-in: 18628904c3 user: stephan tags: trunk) | |
|
2025-07-25
| ||
| 18:47 | Do not add the sync login cookie unless we know the remote supports it. It's harmless in that case but it doesn't need to be there. Rename the login cookie from the unweildy x-f-x-l (X-Fossil-Xfer-Login) to x-f-l-c (X-Fossil-Login-Card) because the former is unsightly. ... (Closed-Leaf check-in: 9789e1dce7 user: stephan tags: xfer-login-card) | |
| 15:08 | Extend the login card mode version check to include the date and time. It is currently still set to 2.27.1, but if/when merged then the version would need to be reverted to 2.27.0 and the version/date/time check will need to be set to compare against the trunk version from immediately before the merge. This needs more testing but looks like it will resolve the "post-2.26 trunk" incompatibility. ... (check-in: 86cc923de4 user: stephan tags: xfer-login-card) | |
|
2025-07-24
| ||
| 05:26 | Remove the now-obsolete parsing of the X-Fossil-Xfer-Login HTTP header. ... (check-in: 8dbcf2acba user: stephan tags: xfer-login-card) | |
| 05:10 | Use a Cookie, instead of a custom HTTP header and/or URL param, to send the sync login header, as suggested in forum post 9959d2d9d9be22d2. This is simpler. ... (check-in: 756ad2f23c user: stephan tags: xfer-login-card) | |
| 03:16 | Previous checkin should not have compiled - clean rebuild uncovered a stale dep. Re-map the fLoginCardMode to a bitmask so that it's possible to tell when multiple paths toggle that on, and which paths they were. ... (check-in: 780d3b2fe3 user: stephan tags: xfer-login-card) | |
| 03:03 | Doc touchups. ... (check-in: aa36afc52c user: stephan tags: xfer-login-card) | |
| 02:41 | Update the change log and sync.wiki for the login card additions. ... (check-in: edfa01d9d2 user: stephan tags: xfer-login-card) | |
| 02:20 | Doc improvements and internal API renaming for clarity. No functional changes. ... (check-in: 286110dec0 user: stephan tags: xfer-login-card) | |
| 01:12 | Remove some debug output. ... (check-in: d1b7be2ff8 user: stephan tags: xfer-login-card) | |
|
2025-07-23
| ||
| 23:31 | Remove some xfer login process debug output. ... (check-in: 815a84cbcc user: stephan tags: xfer-login-card) | |
| 20:56 | Account for CGI-hosted fossil instances by sending the xfer login card as a URL argument. This is somewhat inelegant but works around their inability to read HTTP headers. This version is still more verbose than it needs to be, and requires more testing for compatibility with trunk fossil versions. ... (check-in: 439af9348b user: stephan tags: xfer-login-card) | |
| 17:39 | Add the x-fossil-xfer-login header check in one additional place. With the help of the included debug output, the login problem seems to be caused by CGI (only) instances not reading the inbound HTTP headers. My attempts to make it do have, so far, only triggered HTTP 500 responses. (Edit: i'd forgotten that CGIs don't get headers. The headers are necessarily consumed by the web server to find the CGI script and populate its environment.) ... (check-in: 6c900645ea user: stephan tags: xfer-login-card) | |
|
2025-07-22
| ||
| 22:53 | Add some debugging 'message' cards to help trace how the remote is handling the login. ... (check-in: 21be2978af user: stephan tags: xfer-login-card) | |
| 18:11 | Remove some dead code. Add some internal docs. Add a couple of const qualifiers to help me reason through the xfer payload buffer's lifetime. ... (check-in: 459d0cbbc7 user: stephan tags: xfer-login-card) | |
| 17:52 | Remove lots of debug output. Replace a couple of mprintf() with fossil_strdup() and a couple free() with fossil_free(). Milestone: libfossil has successfully logged in to this version of fossil. ... (check-in: 1078a123c1 user: stephan tags: xfer-login-card) | |
| 15:53 | Doc typo fixes. ... (check-in: 2250a684cc user: stephan tags: xfer-login-card) | |
| 15:51 | Set g.syncInfo.bLoginCardHeader=1 if that inbound header is detected, rather than delaying it until the /xfer handling. Internal doc additions. ... (check-in: 4fc13c5c88 user: stephan tags: xfer-login-card) | |
| 15:41 | Enable the HTTP login header if the xfer server-version is high enough, analog to the same check for the client-version. ... (check-in: bc3ad94411 user: stephan tags: xfer-login-card) | |
| 15:12 | Get sync working from both login card forms and add a temporary --login-card-header CLI flag to force it to emit the HTTP header form of the card in output requests. If all is well, this checkin should be able to push to the canonical repo, despite their differences. ... (check-in: 042560df54 user: stephan tags: xfer-login-card) | |
| 02:32 | The previous checkin left me unable to push because (of course) the remote trunk doesn't know how to use the login card header. This checkin disables, via a macro toggle, the use of that header on outbound sync requests. ... (check-in: cb42278d84 user: stephan tags: xfer-login-card) | |
| 02:16 | For testing purposes only, unconditionally use the X-Fossil-Xfer-Login HTTP header for sync requests, rather than add it to the payload (which seems to work okay). This is primarily so that apples-to-apples comparisons can be made in libfossil's testing, and will be reverted (or applied conditionally) once the libfossil side is working. ... (check-in: ff942066d5 user: stephan tags: xfer-login-card) | |