Fossil

Timeline
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

17 check-ins using file auto.def version 4004e29ac4

2023-07-22
14:29
Add the option to sort files by size in the tree-view. ... (Leaf check-in: dedae5a123 user: drh tags: filesize-listings)
2023-07-21
23:02
Display file sizes in /dir and /tree, as per request in [forum:2a0cd67e77|forum post 2a0cd67e77]. ... (check-in: fb0b7fe140 user: danield tags: filesize-listings)
2023-07-18
13:36
Improved defense against denial-of-service caused by hackers pounding Fossil with repeated requests that contain SQL injection attempts. If SQL injection is attempted, return a "Begone, Knave!" page with status code 418. ... (Leaf check-in: 57f1e87254 user: drh tags: trunk)
2023-07-17
12:31
Fix should have gone on the verify-options-cgi branch, not on trunk. ... (Closed-Leaf check-in: d276fd9b77 user: drh tags: verify-options-cgi)
12:28
Make sure query parameter "t" is marked as isFetched even if it is renamed from "r". ... (check-in: 2b72f337be user: drh tags: trunk)
12:18
In /raw and /secureraw, ensure that the "m" and "at" vars are fetched before the malice check. Typo fix in cgi.c. ... (check-in: 83015b0d9a user: stephan tags: verify-options-cgi)
12:13
Improvements to the algorithm for detecting likely SQL injection text. ... (check-in: 5d6efeee47 user: drh tags: verify-options-cgi)
11:44
Improve the error log message for 418 responses so that it includes the name of the offending query parameter. Require whitespace around keywords when trying to detect SQL. ... (check-in: ef1702fde3 user: drh tags: verify-options-cgi)
2023-07-16
20:55
Fix typo on the 418 status code name. ... (check-in: f39c878fe1 user: drh tags: verify-options-cgi)
20:47
Add calls to cgi_check_for_malice() on many more web pages. Log all 418 responses to the error log. ... (check-in: 40266bf9b2 user: drh tags: verify-options-cgi)
10:35
Rename verify_all_options_cgi() to cgi_check_for_malice(). Add more comments explaining what the function is intended for. Add calls to cgi_check_for_malice() to a few new webpages. ... (check-in: 5a8063a8cb user: drh tags: verify-options-cgi)
2023-07-15
13:57
Add verify_all_options_cgi(), which works similarly to verify_all_options() but only fails if it finds CGI GET/POST arguments which (A) have not been fetched via P(), PD(), or similar, and (B) fail cgi_value_spider_check(). Currently only applied on the /ci page. ... (check-in: a065940a74 user: stephan tags: verify-options-cgi)
2023-07-13
12:13
Reconcile a test in the FTS search with its original intent in [196dfedf7fc]; reported in [forum:fa13ae06d|forum post fa13ae06d]. ... (check-in: e88211628b user: danield tags: trunk)
2023-07-10
12:59
The "fossil repack" command should run VACUUM if either new compression opportunities were found *or* if the freelist count is positive. ... (check-in: 4d9ede80be user: drh tags: trunk)
12:50
In the fts-config command and on the /srchsetup page, show how much space is used by the full-text index. ... (check-in: 5c5e54928e user: drh tags: trunk)
2023-07-09
03:13
Show default value of settings that have a default in 'fossil help SETTING' output. These values are otherwise only documented in the source code. ok stephan, danield ... (check-in: 1e1a319e63 user: mark tags: trunk)
2023-07-08
18:22
Remove some now-stale auto.def documentation. ... (check-in: bb66461f8a user: stephan tags: trunk)