Fossil

Timeline
Login

Timeline

Basic Help

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

50 events by user drh occurring around 2023-08-23 15:36:31.

2023-09-28
13:39 Edit [62ab3a1d80204590|62ab3a1d80]: Mark "Closed". ... (artifact: 41b06f5b52 user: drh)
13:38
Mark closed leaves with an X on the timeline graph. ... (check-in: 57bea365a3 user: drh tags: trunk)
2023-09-25
15:47
If the value of a setting is changed into an empty string, then unset it, except for the rare setting that has the new keep-empty property. ... (Closed-Leaf check-in: b9bbb8d7fd user: drh tags: unset-empty-settings)
2023-09-19
11:41
Improvements to documentation for the "patch" command. ... (check-in: 14ebbe9d99 user: drh tags: trunk)
11:31
Improvements to help-text HTML formatting. ... (check-in: ccc780f552 user: drh tags: trunk)
11:19
Updates to the change log. ... (check-in: 5afa42e4ec user: drh tags: trunk)
10:42
Fix a harmless compiler warning in SQLite. This is a direct edit to the imported sqlite3.c file, which will be overwritten the next time we update SQLite. But that's ok since the warning is fixed in the SQLite tree too. ... (check-in: ead5a95b47 user: drh tags: trunk)
2023-09-18
20:43
Merge the CSRF-defense enhancements into trunk. ... (check-in: 920ace1739 user: drh tags: trunk)
17:13
Omit the SameSite=strict specifier for the login cookie, since that prevents users from clicking a hyperlink on an email notification and then going directly to the relevant page and getting logged in. ... (Closed-Leaf check-in: fc5b49e990 user: drh tags: csrf-defense-enhancement)
15:36
Set the "SameSite=strict" value on cookies (used for authentication) as a further defense-in-depth against CSRF attacks. ... (check-in: bc643c32f8 user: drh tags: csrf-defense-enhancement)
15:24
Fix forum-post approval buttons so that they send the CSRF token. ... (check-in: bf9974cf8d user: drh tags: csrf-defense-enhancement)
15:10
More intensive use of the Synchronizer Token Pattern for CSRF defense. ... (check-in: 0a66be2b75 user: drh tags: csrf-defense-enhancement)
14:32
Strengthen CSRF requirements for the skin editor. ... (check-in: 6912636dc3 user: drh tags: csrf-defense-enhancement)
14:29
Cleanup forms on the skin editor page. ... (check-in: 5feae3fd75 user: drh tags: csrf-defense-enhancement)
14:13
Stronger CSRF token based on a SHA1 hash of the login cookie. ... (check-in: ff3746c4c2 user: drh tags: csrf-defense-enhancement)
13:18
Try to simplify and rationalize the defenses against cross-site request forgery attacks. A hodgepodge of techniques have been used in the past. This changes attempts to make everything work more alike and to centralize CSRF defenses for easier auditing. ... (check-in: 88a402fe2a user: drh tags: csrf-defense-enhancement)
2023-08-31
13:24 Changes to wiki page "Release Build How-To" ... (artifact: 5efb74cb06 user: drh)
12:20
Show the complete CGI environment in the error log on a 418 hack attempt error. ... (check-in: 0204f4aab5 user: drh tags: trunk)
2023-08-30
19:42
Improvements to the tools/codecheck1.c injection-attack static analyzer tool. ... (check-in: 2afff83e7e user: drh tags: trunk)
2023-08-29
16:31 Changes to wiki page "Release Build How-To" ... (artifact: a029e1dbea user: drh)
2023-08-27
19:01
On the /docdir page, omit the submenu and other page decorations. ... (check-in: 0313f0f90d user: drh tags: trunk)
18:42
Add the /docdir page which is an alias for /dir with the "dx" query parameter. ... (check-in: 5d7e153ff7 user: drh tags: trunk)
18:15
Add the "dx" query parameter to the "dir" page, which if present causes links to file to use /doc instead of /file. ... (check-in: d4d10c0165 user: drh tags: trunk)
2023-08-23
15:57
New Pikchr that fixes text positioning on negative thickness lines. ... (check-in: 2bdd36e4ad user: drh tags: trunk)
15:36
Update Pikchr to support zero-thickness objects. ... (check-in: 8ed25a31b4 user: drh tags: trunk)
2023-08-20
18:07
Update the built-in zlib library to version 1.3. ... (check-in: f1f1d6c4eb user: drh tags: trunk)
2023-08-18
14:15
Update the built-in SQLite to the latest 3.43.0 beta for testing. ... (check-in: b5aa9f8ab4 user: drh tags: trunk)
2023-08-14
21:09
Make sure the EmailEvent object is completely zeroed whenever it is allocated. ... (check-in: 33877fa50b user: drh tags: trunk)
2023-08-12
19:24
Update the built-in Pikchr to fix the "same" operator flow-control bug reported on the Pikchr forum. ... (check-in: c21423eb69 user: drh tags: trunk)
12:24
Update the built-in SQLite to the latest 3.43.0 beta for testing. ... (check-in: 16ee39539a user: drh tags: trunk)
2023-08-05
21:18
Two new notification options: "n" means to be notified for new forum threads only and "r" means to be notified for forum posts that are a reply to a post made by the user. ... (check-in: d4361f6a94 user: drh tags: trunk)
17:40
Disallow user-choosen UserIDs that begin with "anonymous" or other reserved names. ... (check-in: a7e9dd53ef user: drh tags: trunk)
16:55
Fix a typo in a comment. ... (check-in: 19e6905cd2 user: drh tags: trunk)
16:09
Minor wording changes on the /unsubscribe page. ... (check-in: 37f929e3ae user: drh tags: trunk)
2023-08-04
13:27
Update the built-in SQLite to fix a bug in json_remove(). This probably does not affect Fossil, but better safe than sorry. ... (check-in: d3c850cf52 user: drh tags: trunk)
2023-08-03
14:34
Remove an overly aggressive call to cgi_check_for_malice() on the /login page. ... (check-in: 57d3dbb11b user: drh tags: trunk)
12:23
Update to the change log. ... (check-in: 928bac9934 user: drh tags: trunk)
11:50
Update the built-in SQLite to the latest code from the SQLite trunk, as a beta test of SQLite. ... (check-in: 23cb537399 user: drh tags: trunk)
2023-07-28
16:18
Avoid a potential 32-bit integer overflow when doing a diff on large files with large differences. ... (check-in: 5882e9e878 user: drh tags: trunk)
2023-07-23
20:28
Show file sizes the the treeview. Other file browser enhancements. ... (check-in: 73fe442a25 user: drh tags: trunk)
20:27
Improved CSS for the size field of tree-view. ... (Closed-Leaf check-in: 06ab6d9c8b user: drh tags: filesize-listings)
19:57
Use the files_of_checkin virtual table to generate the file listings on the /dir page, instead of a bunch of C code that was written before files_of_checkin was invented. ... (check-in: 15d9d5b097 user: drh tags: filesize-listings)
2023-07-22
14:29
Add the option to sort files by size in the tree-view. ... (check-in: dedae5a123 user: drh tags: filesize-listings)
2023-07-18
13:36
Improved defense against denial-of-service caused by hackers pounding Fossil with repeated requests that contain SQL injection attempts. If SQL injection is attempted, return a "Begone, Knave!" page with status code 418. ... (check-in: 57f1e87254 user: drh tags: trunk)
2023-07-17
12:31
Fix should have gone on the verify-options-cgi branch, not on trunk. ... (Closed-Leaf check-in: d276fd9b77 user: drh tags: verify-options-cgi)
12:28
Make sure query parameter "t" is marked as isFetched even if it is renamed from "r". ... (check-in: 2b72f337be user: drh tags: trunk)
12:13
Improvements to the algorithm for detecting likely SQL injection text. ... (check-in: 5d6efeee47 user: drh tags: verify-options-cgi)
11:44
Improve the error log message for 418 responses so that it includes the name of the offending query parameter. Require whitespace around keywords when trying to detect SQL. ... (check-in: ef1702fde3 user: drh tags: verify-options-cgi)
2023-07-16
20:55
Fix typo on the 418 status code name. ... (check-in: f39c878fe1 user: drh tags: verify-options-cgi)
20:47
Add calls to cgi_check_for_malice() on many more web pages. Log all 418 responses to the error log. ... (check-in: 40266bf9b2 user: drh tags: verify-options-cgi)