Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.
11 timeline items
|18:47||[cb43937d] Leaf: Enhance the ssh:// URL to be cautious about the fossil= query parameter. Only commands "fossil" and "echo" (with an optional path) are accepted. (user: drh, tags: trunk)|
|18:34||[d5b01594] Also disallow wildcard characters in blob_append_escape_arg(). (user: drh, tags: trunk)|
|18:30||[3bbac575] Disallow the ';' character in blob_append_escape_arg(). (user: drh, tags: trunk)|
|18:24||[9eea719a] Fix another problem with the needEscape computation in blob_append_escaped_arg() (user: drh, tags: trunk)|
|18:22||[49ae1785] The windows test macro is "_WIN32" without a trailing "_". (user: drh, tags: trunk)|
|18:20||[9690d370] Fix the needEscape calculation in blob_append_escaped_arg(). (user: drh, tags: trunk)|
|18:15||[3b191c98] Change the shell_escape() procedure into blob_append_escaped_arg(). Have that procedure raise a fatal error if the argument to be appended contains dodgy characters that might pose a security risk. Also, prepend "./" in front of arguments that begin with "-" to prevent them from looking like switches. (user: drh, tags: trunk)|
|16:20||[ce7baa97] Leaf: Avoid another attack vector when using SSH sync protocol by not calling a shell interpreter. Fixes only Unix-like environments by using execvp() instead of a string that can be mishandled by /bin/sh. (user: andybradford, tags: ssh-shell-cleanup)|
|04:19||[45a3d4b1] Typo correction (user: andygoth, tags: trunk)|
|16:00||[3ebbe7bc] Increase the version number to 2.4 and update the change log. (user: drh, tags: trunk)|
|15:44||• Edit [1f63db591c77108c|1f63db59]: Edit check-in comment. (user: drh)|