Fossil

Check-in [9e035ee3]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:TH1 variables that derive from TICKET table columns that begin with "tkt_" are untainted.
Downloads: Tarball | ZIP archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: 9e035ee3b3a2e47384f19206da3c26f6d64a7259650406744abc65d7553356bb
User & Date: drh 2025-04-21 12:23:44.799
Context
2025-04-21
15:16
Fix the build for FOSSIL_ENABLE_TCL and Tcl9. No idea if this works. Does anybody actually use the FOSSIL_ENABLE_TCL compile-time option? ... (check-in: d93344ec user: drh tags: trunk)
12:23
TH1 variables that derive from TICKET table columns that begin with "tkt_" are untainted. ... (check-in: 9e035ee3 user: drh tags: trunk)
2025-04-20
16:54
Add "taint mode" to TH1. Attempts to output values that are derived from user input as unescaped HTML, or to use such values unescaped in SQL, raises errors. The resolution of these errors depends on the value of the new "vuln-report" setting. ... (check-in: 2116238e user: drh tags: trunk)
Changes
Unified Diff Side-by-Side Diff Patch
Changes to src/tkt.c.