Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
100 most recent check-ins
|
2025-08-22
| ||
| 15:49 | When deleting cookies via /cookies, use a path of "/" for ROBOT_COOKIE. The alternative would be to set that cookie to be repo-local (i.e. set its path to g.zTop), which would be unfortunate for servers which host many fossils. ... (Leaf check-in: 55c97210 user: stephan tags: trunk) | |
| 13:59 | Add the /re_rules page. ... (check-in: 8779bd0b user: drh tags: trunk) | |
| 01:51 | Fix a typo in the regular expression example for robot-exception ← This is me! ... (check-in: 31b09807 user: drh tags: trunk) | |
|
2025-08-21
| ||
| 19:10 | Activate the robot-restrict "timelineX" flag if the c= query parameter is used. ... (check-in: 59ae0e0b user: drh tags: trunk) | |
| 16:21 | Do not change the /info diff-type to 0 if robot-restrict is turned off. Forum post 1bef6821de. ... (check-in: 879deeda user: drh tags: trunk) | |
| 15:40 | Show numstat-style statistics in the /ckout page as well. ... (check-in: cb4d1707 user: danield tags: trunk) | |
| 14:16 | Avoid excess backslash excaping in text in the new robot-exception setup. ... (check-in: 5dc9f9b9 user: drh tags: trunk) | |
| 14:13 | Add /reports to the default robot-restrict setting. ... (check-in: 12d871a0 user: stephan tags: trunk) | |
| 14:08 | Add the robot-exception setting. ... (check-in: 86b6ef7f user: drh tags: trunk) | |
| 12:08 | Sync with trunk. ... (Leaf check-in: 286a9006 user: florian tags: standard-cli-colors) | |
| 12:07 | Sync with trunk. ... (Leaf check-in: a0377ebb user: florian tags: diff-word-wrap) | |
| 12:06 | Sync with trunk. ... (Leaf check-in: 5ee83f28 user: florian tags: diff-keyboard-navigation) | |
| 12:04 | Sync with trunk. ... (Leaf check-in: bab295db user: florian tags: timeline-keyboard-navigation) | |
| 12:02 | Change [3710202914] to call the function to load the diff-related JS code even for blocked diffs. By default, the loader function is already a no-op if diffs are blocked, so the behavior intended by [3710202914] is retained. But other branches are patching the loader function because they rely on the JS code even if the diffs are hidden. ... (check-in: 171127fd user: florian tags: trunk) | |
| 10:51 | Rearrange fields in the Robot Defense setup to make it easier to understand. ... (check-in: 58a48e3a user: drh tags: trunk) | |
|
2025-08-20
| ||
| 15:02 | When appending the ssh signature, use a more direct function with the same result. ... (check-in: 5d040f1f user: danield tags: trunk) | |
| 00:03 | Performance optimization in Th_RenderToBlob(). ... (check-in: b853b5d4 user: drh tags: trunk) | |
|
2025-08-19
| ||
| 22:55 | Do not duplicate the "name" query parameter in the robot.c captcha. ... (check-in: 118540fa user: drh tags: trunk) | |
| 18:54 | Improvements to robot-restrict. ... (check-in: 4e73f314 user: drh tags: trunk) | |
| 16:57 | Create a new interface for checking to see if a tag exists in the robot-restrict setting. ... (check-in: 8784c600 user: drh tags: trunk) | |
| 16:35 | Attempt to make recent robot defense improvements portable to IE. I do not have access to IE and hence cannot test this, so the changes are mostly a guess. Forum post e18c040d32. ... (check-in: 3d32a109 user: drh tags: trunk) | |
| 16:02 | Do not show diffs on the /vinfo page unless we know that the client is not a robot. ... (check-in: 37102029 user: drh tags: trunk) | |
| 15:42 | Refactor the code in robot.c to make interfaces available to other parts of the system. ... (check-in: 4fa618fa user: drh tags: trunk) | |
| 10:57 | Check to see that CSS has been loaded before activating hyperlinks if the user is "nobody". ... (check-in: 3f6a6bdc user: drh tags: trunk) | |
| 10:37 | Make "off" the preferred way to diable robot-restrict ... (check-in: db69c47a user: drh tags: trunk) | |
| 10:28 | Documentation update: Make the robot-restrict setting "none" or "off" to disable all restrictions. ... (check-in: 26a9b033 user: drh tags: trunk) | |
|
2025-08-18
| ||
| 15:49 | New setting "anon-cookie-lifespan" sets the life span of an anonymous login cookie. The default is 8 hours. Set to zero to disable anonymous login. ... (check-in: 7d2b47a7 user: drh tags: trunk) | |
| 11:45 | Additional obfuscation of the javascript that runs to implement the anti-robot defense. ... (check-in: 4c4bce35 user: drh tags: trunk) | |
|
2025-08-17
| ||
| 19:38 | Wrap the robot_restrict() JS check in an onload handler so that it won't run until the external resources (namely style.css) are loaded. ... (check-in: e5991efb user: stephan tags: trunk) | |
| 19:04 | Improvements to robot detection in the robot_restrict() function. ... (check-in: e5b00c61 user: drh tags: trunk) | |
| 19:02 | Obfuscation of the robot-test code. ... (Closed-Leaf check-in: 2fdd7ace user: drh tags: robotck-instant) | |
| 18:44 | Merge the robot tests from trunk with the new tests from this branch so that *all* the tests are run. ... (check-in: 95a57c63 user: drh tags: robotck-instant) | |
| 18:33 | Merge recent trunk enhancements into the robotck-instant branch. ... (check-in: dd11b563 user: drh tags: robotck-instant) | |
| 18:20 | Use the UserAgent value from the HTTP request header, rather than the client IP address, as the additional factor in the anonymous login cookie hash, since some client are on networks where their IP address can shift frequently. ... (check-in: 06937668 user: drh tags: trunk) | |
| 17:47 | Because this new check is too fast to see the progress indicator, make the final result label more explicit. ... (check-in: b6cf0c20 user: stephan tags: robotck-instant) | |
| 17:16 | Make anonymous cookies valid for 8 hours. Include the client IP address as part of the cookie hash, but do not display the client IP address within the text of the cookie. ... (check-in: 68da4784 user: drh tags: trunk) | |
| 15:37 | Move the z-level style into default.css, in case the adversaries read inlined STYLE tags (which now, in hindsight, seems more likely to me). Change the HTTP result code from robot_proofofwork() to a non-200 code, the hope being that the adversaries will stop on a non-200 code. ... (check-in: c7ad4363 user: stephan tags: robotck-instant) | |
| 15:00 | Remove some dead code from /chat. ... (check-in: 144c5dbe user: stephan tags: trunk) | |
| 14:52 | Correct a mis-calculation of fontSize for /chat attachments which use the Embed checkbox. ... (check-in: e3f0dcc3 user: stephan tags: trunk) | |
| 13:21 | Add a comment explaining why document.body's z-level is explicitly set to 0. Remove some EOL whitespace. ... (check-in: 7c57a20e user: stephan tags: robotck-instant) | |
| 12:52 | Add (stash rename) to the changelog. ... (check-in: c834adb6 user: stephan tags: trunk) | |
| 12:50 | Add (stash rename) subcommand to change the label associated with a stash entry. ... (check-in: 1aaa6fc5 user: stephan tags: trunk) | |
| 12:29 | Fix the previous checkin to actually compute the work value. This slows it down by a tiny fraction of a second but it's still effectively instant. This calculation can be moved up a level into the C code to turn this back into an instant operation, but leaving it on the client seems like a reasonable choice. ... (check-in: c27cfa9f user: stephan tags: robotck-instant) | |
| 12:10 | An experiment in reducing the proof-of-work to a single operation. (This description is intentionally vague.) ... (check-in: b765e652 user: stephan tags: robotck-instant) | |
|
2025-08-16
| ||
| 16:48 | Add a simple UI that allows any registered user (not "anonymous" or "nobody") to create access tokens. ... (check-in: 2a3d3031 user: drh tags: trunk) | |
| 15:54 | Change the name of the robot-test cookie to fossil-client-ok. Decode that cookie's meaning on the /cookies page. ... (check-in: dc2232c6 user: drh tags: trunk) | |
| 14:44 | Cache the results of calling robot_restrict() so that subsequent calls are very fast. ... (check-in: 1bdda5d0 user: drh tags: trunk) | |
| 14:20 | Open up access to /test-robotck to all users. Clear the "Press OK to continue" from the screen when the Ok button is pressed, so that it does not linger for zip and tarball downloads. ... (check-in: 508d3cd9 user: drh tags: trunk) | |
| 13:59 | Improvements and simplifications to anti-robot defenses. ... (check-in: 16b33097 user: drh tags: trunk) | |
| 13:57 | Improved anti-robot captcha. ... (Closed-Leaf check-in: 206089ac user: drh tags: robot-restrict-simplified) | |
| 10:10 | Correct the signature of an extern decl of fossil_strndup(), as reported in forum post 21ac5f59a0. ... (check-in: d5469329 user: stephan tags: trunk) | |
| 00:36 | Add the "timelineX" tag to robot-restrict processing. Move /honeypot over to the captcha.c file and have it use the resources found there. ... (check-in: 54afc94c user: drh tags: robot-restrict-simplified) | |
|
2025-08-15
| ||
| 23:46 | Convert the g.isHuman variable into g.isRobot. ... (check-in: 6422bca1 user: drh tags: robot-restrict-simplified) | |
| 23:18 | Simplifications to the logic that tries to keep robots out. ... (check-in: 02adced1 user: drh tags: robot-restrict-simplified) | |
| 19:58 | Add /zip and /tarball pages to the robot-squelch mechanism. ... (check-in: 661991aa user: drh tags: trunk) | |
| 19:07 | Add the "robot-squelch" defense against bot-nets. Still incomplete, but sufficient to hold off the latest attacks. ... (check-in: de66eeaa user: drh tags: trunk) | |
| 18:49 | Bug fix in the new cgi_is_qp() routine of the previous check-in. ... (Closed-Leaf check-in: ef57ecf2 user: drh tags: robot-squelch) | |
| 18:47 | Further improvements to the squelch captcha. ... (check-in: 055908da user: drh tags: robot-squelch) | |
| 16:21 | Slightly more sophisticated captcha. ... (check-in: a10e785d user: drh tags: robot-squelch) | |
| 15:11 | Merge trunk enhancements into the robot-squelch branch. ... (check-in: a46ffe0f user: drh tags: robot-squelch) | |
| 15:06 | Add a really simple captcha - the user just has to press a button. ... (check-in: b3337295 user: drh tags: robot-squelch) | |
| 13:55 | Prototyping new defenses against bot-nets ... (check-in: 3f4885a9 user: drh tags: robot-squelch) | |
| 12:32 | Allow /xfer to service anonymous clones if they have any of the Clone, Zip, or Read permissions. This is a temporary measure, as described in the code's comments. ... (Closed-Leaf check-in: f9547c7c user: stephan tags: relaxed-clone-permissions) | |
| 05:10 | Update [6c8c93a5f7] to fix redirects to the captcha screen and set the keyboard focus to the password input field if there's no user ID input field. ... (check-in: b8731485 user: florian tags: trunk) | |
| 04:50 | Merge the revamped Copy Buttons. ... (check-in: 63712b63 user: florian tags: trunk) | |
|
2025-08-14
| ||
| 21:01 | The "/login?anon=2" page demonstrates the captcha even if the user is currently logged in. ... (check-in: e58112a4 user: drh tags: trunk) | |
| 19:35 | Improved captcha screen. Less clutter. Easier for first-time visitors to digest. ... (check-in: 6c8c93a5 user: drh tags: trunk) | |
| 12:46 | Reduce the timeout for anonymous logins to 1 hours. Add the IP address to the anonymous login cookie. ... (check-in: 60a9fac4 user: drh tags: trunk) | |
|
2025-08-13
| ||
| 15:48 | Allow the mimetype query parameter for non-CGI content in /ext. ... (check-in: 639b96b9 user: drh tags: trunk) | |
|
2025-08-12
| ||
| 15:27 | Use equal horizontal spacing for normal and "flipped" Copy Buttons (where the latter are positioned after the text to be copied). The idea is for the buttons to be tied to "their" text without spaces in between, resulting in a somewhat narrower spacing to emphasize the connection, but to have normal HTML whitespace on the other side. ... (Closed-Leaf check-in: 2bc2f724 user: florian tags: copybtn.js-responsive) | |
| 15:20 | Add some higher-specificity CSS declarations to prevent dark-mode skins from overriding the relevant styles of the Copy Button layout, so users don't need to sync their skin customizations with the changes on this branch. ... (check-in: b7f2c9f3 user: florian tags: copybtn.js-responsive) | |
| 15:04 | Revamp the Copy Buttons for a more responsive user experience. See the wiki page linked to this branch for more details. ... (check-in: 32c3a210 user: florian tags: copybtn.js-responsive) | |
|
2025-08-10
| ||
| 10:28 | Raise an error when trying to insert an unversioned file if the file size would cause the database row to exceed SQLITE_LIMIT_LENGTH. ... (check-in: c6265bb3 user: drh tags: trunk) | |
|
2025-08-07
| ||
| 19:46 | Add an assert() in a block which cannot happen. It survives 'reconstruct', so we can probably remove the block, but leaving it around for a while seems prudent. ... (check-in: 7d4af37f user: stephan tags: trunk) | |
|
2025-08-06
| ||
| 10:30 | Show numstat-style statistics in the 'Changes' section of /info and friends. ... (check-in: 18151a86 user: danield tags: trunk) | |
| 06:29 | Fill in more help for fossil user whoami command. ... (Leaf check-in: aef4a2c0 user: brickviking tags: user-whoami) | |
|
2025-08-04
| ||
| 23:58 | Add a NULL check where a change from [4c3e1728e1b1a9cb] inadvertently changed the semantics from NULL=="" to NULL==NULL, triggering a null pointer deref via backlinks parsing. Triggered by rebuild when encountering a tag with no value. ... (check-in: 441264b7 user: stephan tags: trunk) | |
|
2025-08-03
| ||
| 22:47 | Attempt to augment the "attempt to write a readonly database" error from Fossil by listing all databases it is using that are read-only. ... (check-in: 0ea8703b user: drh tags: trunk) | |
| 11:31 | Eliminate a superfluous allocation and have freepass() zero out its storage to avoid a duplicate free() in the very off chance that it's ever called twice. These are cleanups made in passing, not fixing known problems. ... (check-in: 1c9d5cd8 user: stephan tags: trunk) | |
|
2025-08-02
| ||
| 17:56 | Add the (user whoami) subcommand, which figures out who you are via db_find_and_open_repository(). In response to forum thread a174e200b018abbd. ... (check-in: a06df610 user: stephan tags: user-whoami) | |
|
2025-08-01
| ||
| 13:03 | Fix diff -tk's handling of the file list when the Reload button is tapped and the list of files is changed. Problem reported in /chat. ... (check-in: 4bb41f92 user: stephan tags: trunk) | |
| 12:08 | Change all datetime() calls in tktsetup.c to use toLocal() as their second argument so that they display in the configured timezone. This should resolve forum thread 82ac9af1533f78f7. ... (check-in: 2a39681a user: stephan tags: trunk) | |
| 04:59 | Typo fix in help output, noted on the forum. ... (check-in: 0d94d71d user: wyoung tags: trunk) | |
| 04:50 | Added the --verbose|v flag to the test-looks-like-utf8 command so that one can find out why a command like "fossil ci" is considering an input known to be text as "binary", then fix it. ... (Leaf check-in: cf6c15bb user: wyoung tags: verbose-looks-like) | |
|
2025-07-31
| ||
| 12:50 | Shorten line statistics text for the benefit of devices with limited screen width. ... (Closed-Leaf check-in: 941f67a8 user: danield tags: gui-diff-numstat) | |
|
2025-07-30
| ||
| 17:48 | Fix a compiler warning in the previous check-in. ... (check-in: a8ef11b6 user: danield tags: trunk) | |
| 17:26 | Show numstat-style statistics in the 'Changes' section of /info and friends. ... (check-in: 25e156c9 user: danield tags: gui-diff-numstat) | |
| 17:14 | Add the test-generate-uuid command. ... (check-in: 062bb67c user: danield tags: trunk) | |
| 16:54 | Update the built-in SQLite to the latest trunk version for testing. ... (check-in: 104c079d user: drh tags: trunk) | |
|
2025-07-28
| ||
| 02:32 | Merge from trunk. ... (Leaf check-in: 53010e96 user: brickviking tags: bv-infotool) | |
|
2025-07-27
| ||
| 11:58 | When unversioned content is saved, add an entry to the admin log. ... (check-in: 7991defa user: stephan tags: trunk) | |
| 11:07 | Teach the sync protocol how to work with an out-of-band login card, saving an extra server-side copy of the sync content which is required only to account for an inlined login card. i.e. it saves RAM, potentially lots of it. The new login card mechanism is instead transported via an HTTP header. This also, not coincidentally, simplifies implementation of the login card in non-fossil(1) clients which are currently learning to speak the sync protocol. ... (check-in: 18628904 user: stephan tags: trunk) | |
|
2025-07-25
| ||
| 18:47 | Do not add the sync login cookie unless we know the remote supports it. It's harmless in that case but it doesn't need to be there. Rename the login cookie from the unweildy x-f-x-l (X-Fossil-Xfer-Login) to x-f-l-c (X-Fossil-Login-Card) because the former is unsightly. ... (Closed-Leaf check-in: 9789e1dc user: stephan tags: xfer-login-card) | |
| 15:08 | Extend the login card mode version check to include the date and time. It is currently still set to 2.27.1, but if/when merged then the version would need to be reverted to 2.27.0 and the version/date/time check will need to be set to compare against the trunk version from immediately before the merge. This needs more testing but looks like it will resolve the "post-2.26 trunk" incompatibility. ... (check-in: 86cc923d user: stephan tags: xfer-login-card) | |
|
2025-07-24
| ||
| 05:26 | Remove the now-obsolete parsing of the X-Fossil-Xfer-Login HTTP header. ... (check-in: 8dbcf2ac user: stephan tags: xfer-login-card) | |
| 05:10 | Use a Cookie, instead of a custom HTTP header and/or URL param, to send the sync login header, as suggested in forum post 9959d2d9d9be22d2. This is simpler. ... (check-in: 756ad2f2 user: stephan tags: xfer-login-card) | |
| 03:16 | Previous checkin should not have compiled - clean rebuild uncovered a stale dep. Re-map the fLoginCardMode to a bitmask so that it's possible to tell when multiple paths toggle that on, and which paths they were. ... (check-in: 780d3b2f user: stephan tags: xfer-login-card) | |
| 03:03 | Doc touchups. ... (check-in: aa36afc5 user: stephan tags: xfer-login-card) | |
| 02:41 | Update the change log and sync.wiki for the login card additions. ... (check-in: edfa01d9 user: stephan tags: xfer-login-card) | |
| 02:20 | Doc improvements and internal API renaming for clarity. No functional changes. ... (check-in: 286110de user: stephan tags: xfer-login-card) | |