Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
50 most recent check-ins tagged with "trunk"
|
2025-09-02
| ||
| 22:10 | Allow the plus sign in MIME types again, needed for example in 'application/rss+xml'. ... (Leaf check-in: 639c0404 user: danield tags: trunk) | |
| 12:52 | Minor internal doc updates. No code changes. ... (check-in: 65448438 user: stephan tags: trunk) | |
| 12:51 | Change the link to fnc to use its new canonical home, fnc.sh, as pointed out by Florian in the forum. ... (check-in: accce714 user: stephan tags: trunk) | |
|
2025-09-01
| ||
| 17:17 | Finish writing a doc sentence started in the previous checkin. ... (check-in: 7a3d6d70 user: stephan tags: trunk) | |
| 16:58 | Add a CSRF check to /chat-send. ... (check-in: 4caa8cb9 user: stephan tags: trunk) | |
| 15:37 | Reject all GET/COOKIE vars in which the values contain control characters. ... (check-in: 0c1419a4 user: stephan tags: trunk) | |
| 14:15 | Primative validation of request-supplied mime-types. ← This is me! ... (check-in: ae8fc0e0 user: drh tags: trunk) | |
|
2025-08-22
| ||
| 15:49 | When deleting cookies via /cookies, use a path of "/" for ROBOT_COOKIE. The alternative would be to set that cookie to be repo-local (i.e. set its path to g.zTop), which would be unfortunate for servers which host many fossils. ... (check-in: 55c97210 user: stephan tags: trunk) | |
| 13:59 | Add the /re_rules page. ... (check-in: 8779bd0b user: drh tags: trunk) | |
| 01:51 | Fix a typo in the regular expression example for robot-exception ... (check-in: 31b09807 user: drh tags: trunk) | |
|
2025-08-21
| ||
| 19:10 | Activate the robot-restrict "timelineX" flag if the c= query parameter is used. ... (check-in: 59ae0e0b user: drh tags: trunk) | |
| 16:21 | Do not change the /info diff-type to 0 if robot-restrict is turned off. Forum post 1bef6821de. ... (check-in: 879deeda user: drh tags: trunk) | |
| 15:40 | Show numstat-style statistics in the /ckout page as well. ... (check-in: cb4d1707 user: danield tags: trunk) | |
| 14:16 | Avoid excess backslash excaping in text in the new robot-exception setup. ... (check-in: 5dc9f9b9 user: drh tags: trunk) | |
| 14:13 | Add /reports to the default robot-restrict setting. ... (check-in: 12d871a0 user: stephan tags: trunk) | |
| 14:08 | Add the robot-exception setting. ... (check-in: 86b6ef7f user: drh tags: trunk) | |
| 12:02 | Change [3710202914] to call the function to load the diff-related JS code even for blocked diffs. By default, the loader function is already a no-op if diffs are blocked, so the behavior intended by [3710202914] is retained. But other branches are patching the loader function because they rely on the JS code even if the diffs are hidden. ... (check-in: 171127fd user: florian tags: trunk) | |
| 10:51 | Rearrange fields in the Robot Defense setup to make it easier to understand. ... (check-in: 58a48e3a user: drh tags: trunk) | |
|
2025-08-20
| ||
| 15:02 | When appending the ssh signature, use a more direct function with the same result. ... (check-in: 5d040f1f user: danield tags: trunk) | |
| 00:03 | Performance optimization in Th_RenderToBlob(). ... (check-in: b853b5d4 user: drh tags: trunk) | |
|
2025-08-19
| ||
| 22:55 | Do not duplicate the "name" query parameter in the robot.c captcha. ... (check-in: 118540fa user: drh tags: trunk) | |
| 18:54 | Improvements to robot-restrict. ... (check-in: 4e73f314 user: drh tags: trunk) | |
| 16:57 | Create a new interface for checking to see if a tag exists in the robot-restrict setting. ... (check-in: 8784c600 user: drh tags: trunk) | |
| 16:35 | Attempt to make recent robot defense improvements portable to IE. I do not have access to IE and hence cannot test this, so the changes are mostly a guess. Forum post e18c040d32. ... (check-in: 3d32a109 user: drh tags: trunk) | |
| 16:02 | Do not show diffs on the /vinfo page unless we know that the client is not a robot. ... (check-in: 37102029 user: drh tags: trunk) | |
| 15:42 | Refactor the code in robot.c to make interfaces available to other parts of the system. ... (check-in: 4fa618fa user: drh tags: trunk) | |
| 10:57 | Check to see that CSS has been loaded before activating hyperlinks if the user is "nobody". ... (check-in: 3f6a6bdc user: drh tags: trunk) | |
| 10:37 | Make "off" the preferred way to diable robot-restrict ... (check-in: db69c47a user: drh tags: trunk) | |
| 10:28 | Documentation update: Make the robot-restrict setting "none" or "off" to disable all restrictions. ... (check-in: 26a9b033 user: drh tags: trunk) | |
|
2025-08-18
| ||
| 15:49 | New setting "anon-cookie-lifespan" sets the life span of an anonymous login cookie. The default is 8 hours. Set to zero to disable anonymous login. ... (check-in: 7d2b47a7 user: drh tags: trunk) | |
| 11:45 | Additional obfuscation of the javascript that runs to implement the anti-robot defense. ... (check-in: 4c4bce35 user: drh tags: trunk) | |
|
2025-08-17
| ||
| 19:38 | Wrap the robot_restrict() JS check in an onload handler so that it won't run until the external resources (namely style.css) are loaded. ... (check-in: e5991efb user: stephan tags: trunk) | |
| 19:04 | Improvements to robot detection in the robot_restrict() function. ... (check-in: e5b00c61 user: drh tags: trunk) | |
| 18:20 | Use the UserAgent value from the HTTP request header, rather than the client IP address, as the additional factor in the anonymous login cookie hash, since some client are on networks where their IP address can shift frequently. ... (check-in: 06937668 user: drh tags: trunk) | |
| 17:16 | Make anonymous cookies valid for 8 hours. Include the client IP address as part of the cookie hash, but do not display the client IP address within the text of the cookie. ... (check-in: 68da4784 user: drh tags: trunk) | |
| 15:00 | Remove some dead code from /chat. ... (check-in: 144c5dbe user: stephan tags: trunk) | |
| 14:52 | Correct a mis-calculation of fontSize for /chat attachments which use the Embed checkbox. ... (check-in: e3f0dcc3 user: stephan tags: trunk) | |
| 12:52 | Add (stash rename) to the changelog. ... (check-in: c834adb6 user: stephan tags: trunk) | |
| 12:50 | Add (stash rename) subcommand to change the label associated with a stash entry. ... (check-in: 1aaa6fc5 user: stephan tags: trunk) | |
|
2025-08-16
| ||
| 16:48 | Add a simple UI that allows any registered user (not "anonymous" or "nobody") to create access tokens. ... (check-in: 2a3d3031 user: drh tags: trunk) | |
| 15:54 | Change the name of the robot-test cookie to fossil-client-ok. Decode that cookie's meaning on the /cookies page. ... (check-in: dc2232c6 user: drh tags: trunk) | |
| 14:44 | Cache the results of calling robot_restrict() so that subsequent calls are very fast. ... (check-in: 1bdda5d0 user: drh tags: trunk) | |
| 14:20 | Open up access to /test-robotck to all users. Clear the "Press OK to continue" from the screen when the Ok button is pressed, so that it does not linger for zip and tarball downloads. ... (check-in: 508d3cd9 user: drh tags: trunk) | |
| 13:59 | Improvements and simplifications to anti-robot defenses. ... (check-in: 16b33097 user: drh tags: trunk) | |
| 10:10 | Correct the signature of an extern decl of fossil_strndup(), as reported in forum post 21ac5f59a0. ... (check-in: d5469329 user: stephan tags: trunk) | |
|
2025-08-15
| ||
| 19:58 | Add /zip and /tarball pages to the robot-squelch mechanism. ... (check-in: 661991aa user: drh tags: trunk) | |
| 19:07 | Add the "robot-squelch" defense against bot-nets. Still incomplete, but sufficient to hold off the latest attacks. ... (check-in: de66eeaa user: drh tags: trunk) | |
| 05:10 | Update [6c8c93a5f7] to fix redirects to the captcha screen and set the keyboard focus to the password input field if there's no user ID input field. ... (check-in: b8731485 user: florian tags: trunk) | |
| 04:50 | Merge the revamped Copy Buttons. ... (check-in: 63712b63 user: florian tags: trunk) | |
|
2025-08-14
| ||
| 21:01 | The "/login?anon=2" page demonstrates the captcha even if the user is currently logged in. ... (check-in: e58112a4 user: drh tags: trunk) | |