Fossil

Timeline
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

11 timeline items

2017-08-12
18:47
[cb43937d] Leaf: Enhance the ssh:// URL to be cautious about the fossil= query parameter. Only commands "fossil" and "echo" (with an optional path) are accepted. (user: drh, tags: trunk)
18:34
[d5b01594] Also disallow wildcard characters in blob_append_escape_arg(). (user: drh, tags: trunk)
18:30
[3bbac575] Disallow the ';' character in blob_append_escape_arg(). (user: drh, tags: trunk)
18:24
[9eea719a] Fix another problem with the needEscape computation in blob_append_escaped_arg() (user: drh, tags: trunk)
18:22
[49ae1785] The windows test macro is "_WIN32" without a trailing "_". (user: drh, tags: trunk)
18:20
[9690d370] Fix the needEscape calculation in blob_append_escaped_arg(). (user: drh, tags: trunk)
18:15
[3b191c98] Change the shell_escape() procedure into blob_append_escaped_arg(). Have that procedure raise a fatal error if the argument to be appended contains dodgy characters that might pose a security risk. Also, prepend "./" in front of arguments that begin with "-" to prevent them from looking like switches. (user: drh, tags: trunk)
16:20
[ce7baa97] Leaf: Avoid another attack vector when using SSH sync protocol by not calling a shell interpreter. Fixes only Unix-like environments by using execvp() instead of a string that can be mishandled by /bin/sh. (user: andybradford, tags: ssh-shell-cleanup)
04:19
[45a3d4b1] Typo correction (user: andygoth, tags: trunk)
2017-08-11
16:00
[3ebbe7bc] Increase the version number to 2.4 and update the change log. (user: drh, tags: trunk)
15:44 • Edit [1f63db591c77108c|1f63db59]: Edit check-in comment. (user: drh)