Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
50 most recent check-ins that include changes to files matching 'src/*'
|
2025-05-09
| ||
| 06:15 | Enable the --editor option for `fossil amend'. ... (Leaf check-in: bb3fbffefa user: florian tags: trunk) | |
|
2025-05-08
| ||
| 11:25 | Replace a C++-style comment. No functional changes. ... (check-in: a68a7eacd3 user: stephan tags: trunk) | |
| 11:11 | For the timeline command, fix special case where -n|-limit is 0 when using after keyword. ... (check-in: 6e3dde3afd user: mgagnon tags: trunk) | |
|
2025-05-07
| ||
| 13:23 | Adjust comment to http_build_login_card() to include clarification regarding the source of randomness in NONCE for the login card. No functional changes. ... (check-in: ea40cbb0c0 user: andybradford tags: trunk) | |
|
2025-05-06
| ||
| 11:26 | In the --tk diff GUI, fix the "Save As..." button so that it works again. Do not show the "Reload" button on a GUI brought up from a Save As. ... (check-in: 31fc6290c3 user: drh tags: trunk) | |
|
2025-05-04
| ||
| 02:35 | Merge from trunk. ... (check-in: fd1a5afe1e user: brickviking tags: bv-infotool) | |
|
2025-05-03
| ||
| 20:00 | Update the /thisdayinhistory page to show changes from 25 years ago. ... (check-in: 99aeebadef user: drh tags: trunk) | |
| 11:38 | Typo fix in `fossil help comment-format` output ... (check-in: 7438f5b0ff user: wyoung tags: trunk) | |
| 08:09 | Fix (likely unintentional) variable shadowing to restore ANSI C-89 conformance. ... (check-in: 2ce32f7546 user: florian tags: trunk) | |
|
2025-05-02
| ||
| 11:31 | Fix a coding mistake on an error path in the HTTP server logic. Because the mistake is on an error path, it is actually harmless, but it needs to be fixed nevertheless. ... (check-in: 85067dc919 user: drh tags: trunk) | |
|
2025-05-01
| ||
| 06:10 | Add parameters to declarations for dynamically loaded functions, to fix builds with latest GCC on Windows. Reported in forum post 3b3b741661. ... (check-in: 51ac554e35 user: florian tags: trunk) | |
|
2025-04-30
| ||
| 14:43 | Add CSS class md-table to TABLE elements created specifically from a markdown-format table. In response to forum post 3a5d04039553e5b4 ... (check-in: f0d11ab2fb user: stephan tags: trunk) | |
|
2025-04-28
| ||
| 23:43 | Do not allow computation and download of SQL-archives by non-humans. For some reason, SQL-archives are like catnip for AI robots. ... (check-in: b9a9e2b9af user: drh tags: trunk) | |
| 11:14 | Fix the new wiki-comments-on-ticket fieature so that it is controllable via TH1. ... (check-in: a884fbbd58 user: drh tags: trunk) | |
|
2025-04-26
| ||
| 14:40 | Fix FOSSIL_ENABLE_TCL so that the build works with both Tcl8.6 and Tcl9.0. ... (check-in: 4f55b393f0 user: drh tags: trunk) | |
|
2025-04-25
| ||
| 16:22 | Optimized validation of the FOSSIL_COLOR environment variable. ... (Leaf check-in: c5f1e0daea user: florian tags: standard-cli-colors) | |
| 16:19 | Fix a logic error in processing of the NO_COLOR environment variable. ... (check-in: fbfa6daeca user: florian tags: standard-cli-colors) | |
| 16:18 | Sync with trunk. ... (check-in: 855076ce79 user: florian tags: standard-cli-colors) | |
| 16:08 | Simplifications to TH1 for improved defense against accident and mischief: Omit the enable_htmlify command. Htmlify is always turned on. Omit the --th option from the "fossil pikchr" command. ... (check-in: 9164a5d1aa user: drh tags: trunk) | |
| 15:45 | Omit the --th option from the "pikchr" command and all of the complication that flows out of that option. The option is not used by anyone, as far as I can tell. ... (Closed-Leaf check-in: 7ef474d587 user: drh tags: simplify-pikchr-cmd) | |
| 12:53 | Remove the show-repolist-desc and show-repolist-lg settings. Control of which columns of a repository list to show is now only by the FOSSIL_REPOLIST_SHOW environment variable. ... (check-in: d9bd156aad user: drh tags: trunk) | |
| 12:01 | missed search-type in one place ... (Leaf check-in: 11e6c81766 user: jkosche tags: quickfilter) | |
| 11:01 | Merge the latest trunk enhancements into the quickfilter branch. ... (check-in: e14c75676c user: drh tags: quickfilter) | |
| 00:00 | change input field to search, which brings clear button on some browser, as suggested in forum post ... (check-in: fa31d18bf4 user: jkosche tags: quickfilter) | |
|
2025-04-24
| ||
| 19:42 | Block an infinite loop in Th_ReportTaint() that can occur when the vuln-report setting is "fatal" and the error happens again while generating the fatal error page. ... (check-in: 76f1ddb6c2 user: drh tags: trunk) | |
| 19:26 | Fix typo in the new vuln-report entry on the security-audit page. ... (check-in: 9d7b31552a user: drh tags: trunk) | |
| 18:59 | Put a warning on the security-audit page if the vuln-report setting is not either "block" or "fatal". ... (check-in: ef52cd3f5d user: drh tags: trunk) | |
| 17:22 | The value returned by TH1 command getParameter should be marked as tainted. ... (check-in: 6a6b85448c user: drh tags: trunk) | |
| 17:05 | Add taint confinement to unquoted inline variable expansion from Th_Render(). Improvements to the taint confinement error message. ... (check-in: d259be4017 user: drh tags: trunk) | |
| 11:18 | Preserve taint across TH1 commands: foreach, lappend, lindex, string index, string range, and string trim. Add test cases for taint. ... (check-in: 5291edac07 user: drh tags: trunk) | |
|
2025-04-23
| ||
| 18:13 | Do not include the List-Id in announcement messages to non-subscribers. But do include the List-Id for renewal notices. ... (check-in: 908612e334 user: drh tags: trunk) | |
| 12:51 | Fix string comparison between tainted and untainted strings in TH1. Forum post 6ab1c36a80. ... (check-in: 45f3a45f3d user: drh tags: trunk) | |
| 10:46 | When emitting the default password as part of the 'new' command, add the term 'remote-access' to it to clarify that it's only for remote use. Indirectly suggested by forum post 9dbd8e00ee. ... (check-in: 57276a518a user: stephan tags: trunk) | |
|
2025-04-22
| ||
| 19:34 | Fix another problem with lappend and taint. See forum post 94b7485f4 for a description of the problem. ... (check-in: aa66767bac user: drh tags: trunk) | |
| 18:18 | Fix [fab9f0047720721e] so that it works on repositories that do not have the tkt_ctime column in the TICKET table definition. ... (check-in: 6476f287d3 user: drh tags: trunk) | |
| 17:40 | Improved code saftey for the TH1-taint implementation, after a code audit. ... (check-in: ded2126db6 user: drh tags: trunk) | |
| 11:29 | Improvements to the "fossil user default" command: Setting the default user to an empty string clears the entry from the repository and checkout databases. Adding the -v or --verbose option explains how the default user was determined. ... (check-in: 064d20ee38 user: drh tags: trunk) | |
| 01:10 | Initial incomplete port to MorphOS. Needs some manual overrides to compile and has some locking issues in SQLite. ... (check-in: 66f279e143 user: js tags: morphos) | |
|
2025-04-21
| ||
| 15:16 | Fix the build for FOSSIL_ENABLE_TCL and Tcl9. No idea if this works. Does anybody actually use the FOSSIL_ENABLE_TCL compile-time option? ... (check-in: d93344ec38 user: drh tags: trunk) | |
| 12:23 | TH1 variables that derive from TICKET table columns that begin with "tkt_" are untainted. ... (check-in: 9e035ee3b3 user: drh tags: trunk) | |
|
2025-04-20
| ||
| 16:54 | Add "taint mode" to TH1. Attempts to output values that are derived from user input as unescaped HTML, or to use such values unescaped in SQL, raises errors. The resolution of these errors depends on the value of the new "vuln-report" setting. ... (check-in: 2116238e80 user: drh tags: trunk) | |
| 16:13 | New setting "vuln-report" determines what to do when tainted text is misused in a TH1 script. Enhance the /test-warning page to deliberately misuse tainted text in TH1 to verify error handling. Enhance /errorlog to separate out TH1 vulnerability reports as a new category the the error log. ... (Closed-Leaf check-in: 295b814a27 user: drh tags: th1-taint) | |
|
2025-04-19
| ||
| 23:32 | Fix more issues that were already fixed but overwritten by text editor errors and didn't get committed last time. ... (check-in: bd45dc72dd user: drh tags: th1-taint) | |
| 23:24 | More minor fixes resulting from a code audit. ... (check-in: b1711046d9 user: drh tags: th1-taint) | |
| 23:02 | Fix additional problems on the new TH1 implementation. ... (check-in: 2c2b6c68b2 user: drh tags: th1-taint) | |
| 22:30 | Fix an error that occurs while commiting a new ticket. ... (check-in: 17060ca29a user: drh tags: th1-taint) | |
| 19:18 | Update the default ticket configuration to avoid sending out text that seems tainted. There are no actual XSS issues here, but these changes do add an extra margin of safety. ... (check-in: 5d17ced68d user: drh tags: th1-taint) | |
| 19:08 | Mark some TH1 inputs that can be controlled by the user as tainted. ... (check-in: 2742682720 user: drh tags: th1-taint) | |
| 18:43 | The taint markings and detection now appears to be working. ... (check-in: d1bb87bcfd user: drh tags: th1-taint) | |
| 16:55 | Experimental changes to TH1 to try to make it resistant to coding errors that could lead to XSS or SQL injection attacks. ... (check-in: b0b4492480 user: drh tags: th1-taint) | |