Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

200 check-ins occurring around 461c8f06fc9a0010.

Adds 'js' to CONFIGSET_SKIN so that skin javascript is included in exports, syncs, etc. Works okay outside of checkouts in my testing. Probably needs some review by drh before being merged. (Closed-Leaf check-in: 5d2299d8 user: ckennedy tags: js-skin-export)
Added a new section to www/, "Serving Files Within the Limits". It pulls together a bit of info already in the document on the topic and then expands it considerably. The overall message is, "You probably don't have to override the default CSP." (check-in: 58883ecc user: wyoung tags: trunk)
In /artifact and similar pages, put HTML code tag inside pre with class="language-zExt" where zExt is the extension from the artifact's file name, if any. This allows JS code highlighting plugins to style such pre blocks automatically based on file name extension. (Closed-Leaf check-in: f3b91714 user: wyoung tags: code-in-pre)
Minor typo correction in comment---no functional change. (check-in: ab2b8de8 user: andybradford tags: trunk)
Avoid warning about extra call to db_end_transaction() by returning at the end of a complete block. (check-in: 7b2350a8 user: andybradford tags: trunk)
If there is nothing to stash, issue an error. (check-in: d959c48a user: andybradford tags: trunk)
Merge in latest from trunk. (check-in: aa376391 user: andybradford tags: db-begin-txn-updates)
Merge in trunk latest developments. (Closed-Leaf check-in: 08291fec user: andybradford tags: test-updates)
The IIS web server does not define REQUEST_URI, instead is uses PATH_INFO for virtually the same purpose. Define REQUEST_URI the same as PATH_INFO and redefine PATH_INFO with SCRIPT_NAME removed from the beginning. (Closed-Leaf check-in: 54fdd1a5 user: tsbg tags: iis-cgi)
IIS and possibly other web servers define environment variables with an empty value. Handle them the same as non-existing environment variables. (check-in: 9a2ec393 user: tsbg tags: iis-cgi)
Ouput an error if the CGI control file is missing on the command line. This prevents IIS to fall in a endless loop. (check-in: 6a59d33e user: tsbg tags: iis-cgi)
Changed internal docs on capability 6 (AdminForum) to remove the claim that it can be used to revoke capabilty 4 (WrTForum) from users. I think that feature was planned, but no UI was ever created to support it. Maybe that feature will come someday, but the forum feature is over a year old now. Doing it on this branch because this is all part of the capability documentation improvements. Without this checkin, the cap ref doesn't match the code's internal docs. (check-in: fd9ba57a user: wyoung tags: caps-doc)
Linked to the new caps docs from the existing www/* docs wherever "capability" or "capabilities" was mentioned before. (check-in: 0af0e146 user: wyoung tags: caps-doc)
Clarified meaning of EmailAlert (7) in cap ref. (check-in: 4aceb600 user: wyoung tags: caps-doc)
Merged in trunk changes (check-in: 493254b2 user: wyoung tags: caps-doc)
Updated comment about "6-character random hex password" at the top level of the new setup docs to track [23a9f9bac2]. (check-in: f304ba31 user: wyoung tags: trunk)
Linked to the new material showing Fossil's idea of user power hierarchy from the comment in about Fossil's support for the organization's social and power hierarchies. It's not that Fossil has *no* support for enforcing this, it's that it's usually a fairly loose match between the two systems. This is an important point, because some people new to Fossil expect 1:1 mapping and get disappointed when we tell them it just doesn't do that. (check-in: b72795a3 user: wyoung tags: caps-doc)
Fixed some URLs still referring to in its old location. (check-in: 182c4d7a user: wyoung tags: caps-doc)
Investigated the use of HTTP for sync over ssh:// and file:// URLs and added what I found to the "Caps Affect Web Interfaces Only" section of the new caps docs. (check-in: 845b4594 user: wyoung tags: caps-doc)
Documented Public Pages and the default user capability set in www/caps/ (check-in: 4671ddb1 user: wyoung tags: caps-doc)
Moved the discussion about inadvertent attribution of artifacts and the problems with easy solutions to the problem into the implementation details section of the new caps docs and expanded it to cover recent forum discussions. (check-in: 78ad8b74 user: wyoung tags: caps-doc)
Assorted small improvements to top-level caps doc (check-in: f21bfbee user: wyoung tags: caps-doc)
Expanded the "Why Not Bitfields?" discussion in www/caps/ Also tweaked the "Capability Letter Choices" text a bit while in there. (check-in: 3ac560a2 user: wyoung tags: caps-doc)
Changed the hamburger menu link href from "#" to "/sitemap" so clicks on it do something useful in the noscript case. (check-in: b2379b31 user: wyoung tags: trunk)
Added 'or' help for checkin/ci alias, per forum request. (check-in: f616380d user: stephan tags: trunk)
For candidate CGI parameter names that start with an uppercase letter, convert them to lowercase and then add. (check-in: b47b6b69 user: mistachkin tags: noJsonCgiFlag)
Moved www/ to www/caps/ and www/ to www/caps/ Then broke three chunks of the old doc out into new www/caps/* docs: login groups, implementation details of user capabilities, and the user capability reference material. The latter switched from Markdown to HTML format so we could make it a clearer-looking table, rather than its prior hard-to-read bullet list form. (check-in: c6cdf9ce user: wyoung tags: caps-doc)
Merged most of the new material on Setup vs Admin in the new capabilities doc into the pre-existing doc, which already covers this topic. (check-in: ee901c7b user: wyoung tags: caps-doc)
Change 'NO_JSON' to lowercase. Remove other branch changes that are now superfluous. (check-in: 8baac264 user: mistachkin tags: noJsonCgiFlag)
Add hyperlinks to the branch diff page from branch timeline and from /info. (check-in: 833b220a user: drh tags: vdiff-improvements)
Query and post parameters may never begin with an upper-case letter. To allow that is a huge security hole. (check-in: 72c721ea user: drh tags: noJsonCgiFlag)
Restore legacy title handling behavior for TH1 docs (changed via check-in [8abeb62737c2b527]). (check-in: 42190026 user: mistachkin tags: noJsonCgiFlag)
Attempt to fix 'CONTENT_TYPE' detection when a suffix, e.g. '; charset=utf-8', is present. (check-in: 891bbc6f user: mistachkin tags: noJsonCgiFlag)
Improve comment. (check-in: 316dd394 user: mistachkin tags: noJsonCgiFlag)
More refinements. (check-in: c1f4a846 user: mistachkin tags: noJsonCgiFlag)
If the '--cgiupperparamsok' command line option or 'uppercase_params' CGI control line are present, allow parameter names to start with an uppercase letter. (check-in: ab0d81f8 user: mistachkin tags: noJsonCgiFlag)
Make it possible to disable JSON auto-detection in the CGI subsystem. (check-in: a7754353 user: mistachkin tags: noJsonCgiFlag)
Grepped the Fossil source code for C code that checks for Setup caps exclusively to preotect functions and listed those in the Reference section of Also expanded the coverage of the "caps affect Fossil web interfaces only" section, which plays into this. (check-in: 689f7683 user: wyoung tags: caps-doc)
Added cap "n" to "r" in skins that show a /ticket link in their header, since the handler for it allows the page to show for those who can only file new tickets, not just those who can see existing tickets. Also fixed some skins that were using "anoncap" to test this: it needs to work for all logged-in users, not just "anonymous". (Closed-Leaf check-in: f4e3abce user: wyoung tags: skin-cap-matching)
Minor wording change in the header of /vdiff. (check-in: 69adb45d user: drh tags: vdiff-improvements)
Updates to the /vdiff page with the branch=BRANCH query parameter so that it uses merge-in: instead of root: and thus excludes merge-in check-ins from the diff. (check-in: b36dc6f1 user: drh tags: vdiff-improvements)
Rewrote explanation of "o" cap. (check-in: 208ca0d7 user: wyoung tags: caps-doc)
Add the "merge-in:NAME" name type, similar to "root:NAME" except that it finds the youngest anscestor of NAME that is in the branch from which the branch of NAME derived. (check-in: dcd8f1d8 user: drh tags: vdiff-improvements)
Disentangled discussion of "developer" vs "reader" in (check-in: 869494eb user: wyoung tags: caps-doc)
Added (Names) to the "Capability Reference" section of so the reference can be used while reading C source code, which uses these names instead of the capability characters in all code past the login handler. (check-in: d48dff8f user: wyoung tags: caps-doc)
Merge in documentation enhancements from trunk. (check-in: c1b62c32 user: drh tags: vdiff-improvements)
Remove an unused subroutine. Fix a minor CSS problem. (check-in: 2078c746 user: drh tags: vdiff-improvements)
On the /vdiff page, show a timeline with both check-ins using different highlights on each check-in. (check-in: 6e40f866 user: drh tags: vdiff-improvements)
Changed all of the [anycap jor] TH1 calls in the stock skins wrapping the generation of that skin's /timeline and /timeline.rss links to [anycap ijr2] to match the user caps the timeline HTTP hit handler actually checks for in the C code. This is a branch in part because it needs review, but also it's the start of a broader effort to check the other cap checks in the skins to make sure they a) match what the C code checks for; and b) match each other. (check-in: 9cee8cf5 user: wyoung tags: skin-cap-matching)
Added HTTP proxying info to Debian nginx server setup guide. (check-in: c6a033ce user: wyoung tags: trunk)
Replaced the content of "Running Fossil in SCGI Mode" within www/server/debian/ with references to our other Fossil server docs. This also reduces the prior focus of this section on fslsrv to a single sentence, since we now prefer the systemd option, now that we have it. (check-in: a4bb92f7 user: wyoung tags: trunk)
Swapped the simple "whole site is Fossil" example in www/server/debian/ for the more complicated one where only /code is served by Fossil. This is probably going to be more common, and it shows off the important detail of setting SCRIPT_NAME properly. Made a minor adjustment to any/ to track this change, so there is not a pointless difference between these two nginx configs. (check-in: 653e90ca user: wyoung tags: trunk)
Clarified use of scgi_params, SCRIPT_NAME, and service starting in the generic SCGI server setup doc. (check-in: 5a58ac31 user: wyoung tags: trunk)
Merge fork (check-in: 6c6aae97 user: andygoth tags: trunk)
Add the fossil_random_password() utility function and use it to generate a stronger initial admin-user password in the "fossil new" command. (check-in: 23a9f9ba user: drh tags: trunk)
If the test-markdown-render or test-wiki-render commands are invoked without a repository in which to check for Wiki page names and artifact hashes, then substitute a temporary, empty, in-memory repository so that the commands will still work and won't give SQL errors. (check-in: 0ac64dad user: drh tags: trunk)
Clarified the placement of "moderator" and "subscriber" in the power hierarchy expression within www/, since each could float up and down somewhat within the fixed hierarchy we give here. Also fixed a broken URL. (check-in: ba88f4f2 user: wyoung tags: caps-doc)
Markdown hyperlinks are only converted to links to wiki if the named wikipage actually exists. Otherwise, the link becomes a relative link. This is for backwards compatibility. (check-in: 3b10e644 user: drh tags: trunk)
Added www/, a complete treatment on user capabilities, user categories, login groups, and administration matters involving all of this. It does not replace the pre-existing doc, but a bit of its content did move into this new doc. The new doc also contains the user capability info previously in the doc. This is on a branch because although it's quite useful already, it could use some work before being merged down. At the barest minimum, there are some unanswered questions in the new doc that need addressing.

This new doc does not replace the existing documentation in the UI. It may be that we end up paring that down a bit now that we have a full doc to refer to, but that is a topic for the forum thread that will appear shortly after this checkin. (check-in: 832f107e user: wyoung tags: caps-doc)

Fixed a few fatal error messages from the login-group command that referred to an "add" command, which is now called "join". The symptom I saw is that "fossil login-group add" complained that "add" is not a valid command and that you should give '"add" or "leave"' instead! (check-in: 09c65d75 user: wyoung tags: trunk)
Fixed a few messages from the login-group command that referred to an apparent older name for the "join" sub-command, "add". This lead to a confusing symptom: "fossil login-group add foo" -> {unknown command "add" - should be "add" or "leave"}. (check-in: 739cd872 user: wyoung tags: trunk)
Stronger recommendation for changing the default user's random hex password prior to setting up a Fossil server after learning it's 6 hex digits, not 8 as I thoght when I wrote that! (check-in: 9fcd6e44 user: wyoung tags: trunk)
Added bullet list detailing the sources for <script nonce=""> from a Fossil server and the reasons we consider each path safe. (check-in: 91377ae4 user: wyoung tags: trunk)
Reworked the material explaining why in-page <style> is currently allowed by Fossil's default CSP to make it clearer that this is most likely a temporary situation and that local custom CSS should go in the skin instead. (check-in: 092eeebf user: wyoung tags: trunk)
Expanded the discussion of in-repo and out-of-repo resource links in (check-in: 23fcd765 user: wyoung tags: trunk)
Reworked the new introductory material in to be less about the CSP as last-resort and more about being a secondary filter to our other measures. Gave examples to clarify the tensions that prevent a purely server-side solution from being a practical solution. (check-in: 1c4df5bf user: wyoung tags: trunk)
"RaspberryPI" -> "Raspberry Pi" (check-in: 5182be99 user: wyoung tags: trunk)
Assorted refinements to the new pre- and post-activation advice sections in www/server/index.html: nix passive voice, add a few details, add some links to related docs, etc. Also fixed a CSS indenting problem preventing correct use of


  • , then made use of the new freedom in these sections' numbered lists.

(check-in: b5c2c9bf user: wyoung tags: trunk)
Fix the $ROOT mechanism in HTML documents so that it accepts any whitespace character before href= and script=. Add $ROOT in appropriate places in the server documentation. (check-in: 3e183bfa user: drh tags: trunk)
Outline how to configure a repository before and after server activation. (check-in: 154ea087 user: drh tags: trunk)
Improvements to the althttpd documentation. (check-in: 44f1df9f user: drh tags: trunk)
Further improvements to the server document. (check-in: c2c4d303 user: drh tags: trunk)
Extra defenses against running fossil_atexit() more than once. (check-in: bc7683e1 user: drh tags: trunk)
Fix the "shell" command so that it avoids invoking the atexit() handler more than once. (check-in: 07a5a211 user: drh tags: trunk)
Server documentation updates. (check-in: b2426c27 user: drh tags: trunk)
Merge in recent developments on trunk. (check-in: 70d091ea user: andybradford tags: test-updates)
Disallow versioning of security sensitive settings tcl-setup, th1-setup, and th1-uri-regexp. For effective security, these settings should only be controllable by an administrator. (check-in: 2da704c5 user: drh tags: trunk)
Update to the default CSP page. Attempted to resolve merge conflicts, but more editting is likely necessary. (check-in: 33a7b8ba user: drh tags: trunk)
Added a header to the new XSS material in so we can refer directly to it. (check-in: 7b843f2d user: wyoung tags: trunk)
More thorough explanation of <script nonce> in www/, and explained the reason why Fossil has no way of providing that nonce in most content types rather than link to the "XSS via check-in rights" forum post. This new presentation of that post's ideas is more detailed and includes discussion of the feature's interaction with the TH1 docs feature. (check-in: 8d43bb87 user: wyoung tags: trunk)
Major improvements to the new article. Expanded the introductory material to better describe what the CSP does; added named anchors to headers; moved the discussion of $default_csp overrides into this document from, which now just says how you use that variable read-only; and added an entirely new section, "Replacing the Default CSP". (check-in: 366b23a1 user: wyoung tags: trunk)
Replaced the redundant copy of the default CSP in skins/bootstrap/header.txt with "$default_csp", allowing the TH1 setup script to override the CSP as in all the other stock skins. (Bootstrap is the last stock skin to define a custom <head> element.) (check-in: 14ac2cac user: wyoung tags: trunk)
Fix memcpy() compiler warnings. (check-in: 7ae4b1a7 user: drh tags: trunk)
Fix possible misaligned pointer to a 16-bit object. (check-in: f7c41be8 user: drh tags: trunk)
Updated and expanded documentation on how to set up a Fossil server. (check-in: f146e21a user: drh tags: trunk)
Add the --with-sanitizer option to the ./configure script. (check-in: 231d6933 user: drh tags: trunk)
Fixed a link punctuation bug introduced in [74a6578c]. (Closed-Leaf check-in: c57e1793 user: wyoung tags: server-docs)
The merge from trunk accidentally reverted part of the new text in www/ (This part was manually merged, and I missed a diff relative to trunk.) (check-in: 8976a9da user: wyoung tags: server-docs)
Missed a link to that should have been checked in with [74a6578c]. (check-in: d5def0c8 user: wyoung tags: server-docs)
Merged in trunk improvements (check-in: 42d28c02 user: wyoung tags: server-docs)
Reverted src/doc.c to the trunk version. The "Plan Z" reversion in [8264fd75] was incomplete, causing bad TH1 variable expansion. I believe this explains the symptom I worked around in [9bdf650f0b8]. This check-in also cherry-picks [3d6a4fd95c] onto the branch. (check-in: 3cdf764c user: wyoung tags: server-docs)
Updated all of the internal hyperlinks referencing www/ to point at either www/server/index.html or one of the docs it now points at. (check-in: 74a6578c user: wyoung tags: server-docs)
Fixed an unwanted "$nonce" variable expansion within the new introduced by [9044fd2dbe] which only occurs *sometimes*: not on, and apparently not in my earlier ckout testing prior to checking it in, but now in a different ckout test. This has to be a TH1 thing, but I don't understand why we didn't see this earlier. This is just a workaround for the symptom. (check-in: 9bdf650f user: wyoung tags: trunk)
Fixed a link from the new material in to the new CSP material: that briefly lived in before checking it in, but then I moved it to a new document and forgot to update the link. (check-in: f4cbfd5a user: wyoung tags: trunk)
Fixed a couple of Tcl syntax fixes that caused the new --with-sanitizer code to a) run unconditionally irrespective of the option's setting and b) to check for the existence of libubsan whether it was actually needed or not. (Closed-Leaf check-in: 66fdab76 user: wyoung tags: configure-updates)
Added www/, which documents the default Content Security Policy applied by Fossil to the HTML pages it serves. Linked that into embeddeddoc.wik and, which touched on this topic before but didn't go into much detail. (check-in: 4e6d36d7 user: wyoung tags: trunk)
Fix a compiler warning in the security-audit page. (check-in: 3243a6c1 user: drh tags: trunk)
Added --with-sanitizer configure-time option for appending -fsanitize=VALUE to CFLAGS and LDFLAGS, plus automatic detection of -lubsan for GCC, which doesn't automatically link to that with -fsanitize=undefined as Clang does. EDIT: This check-in breaks the built on Ubuntu 18.04. (check-in: 7907b6ff user: wyoung tags: configure-updates)
Removed "known to work with IIS" bit from www/server/index.html in the CGI section, since that is not actually true. We can put it back once someone figures out the IIS + CGI + Fossil CPU pegging problem. (check-in: 8b7c17de user: wyoung tags: server-docs)
Removed documentation of the nonce="$NONCE" feature in www/, removed as part of [8264fd75]. (check-in: d55f6b15 user: wyoung tags: server-docs)
Fix a broken hyperlink on the new server-docs index page. (check-in: 461c8f06 user: drh tags: server-docs)
Updating links in www/server/windows/ to correct locations. (check-in: 65d175ae user: ckennedy tags: server-docs)
Plan Z (check-in: 8264fd75 user: drh tags: server-docs)
Have the security-audit page analyze and display the content security policy. (check-in: 9cf90a4f user: drh tags: trunk)
Increase the default HTTP request timeout to 10 minutes. Provide the FOSSIL_DEFAULT_TIMEOUT compile-time option for setting an alternative default. (check-in: 7979989d user: drh tags: trunk)
Added missing www/ file (check-in: 80cd49f0 user: wyoung tags: server-docs)
Updated www/server/index.html to no longer discuss launchd as a "maybe" option now that we have a document for it, and removed mention of Solaris SMF entirely. (check-in: 1e6fbcf2 user: wyoung tags: server-docs)
Added www/server/macos/ and then added macOS to the set of server OSes offered in www/server/index.html (check-in: e0ad4b48 user: wyoung tags: server-docs)
Assorted small tweaks to www/server/windows/ (check-in: b5fefeec user: wyoung tags: server-docs)
Small tweaks to the new "Serving as a Standalone Server on Windows" article. (check-in: 3995a3c7 user: wyoung tags: server-docs)
Assorted small tweaks to server docs, mainly around new systemd material. (check-in: 9d4a4782 user: wyoung tags: server-docs)
Added www/server/debian/, demonstrating systemd configuration of Fossil for the first time in the official docs, both as a user serivce and in socket activation mode as a system-level service. (check-in: 94763aed user: wyoung tags: server-docs)
Clarity tweak (check-in: bc678e13 user: wyoung tags: server-docs)
Grammar fix on previous (check-in: d5c754f9 user: wyoung tags: server-docs)
Title tweak on previous (check-in: afc65312 user: wyoung tags: server-docs)
Added www/server/windows/ server setup article (check-in: 3e55ddf7 user: wyoung tags: server-docs)
Added explicit instructions on installing IIS within the new IIS server docs. It isn't installed by default, and in the CGI case, CGI isn't part of the default IIS install. (check-in: b2f10ad5 user: wyoung tags: server-docs)
The www/ document hadn't been updated since we removed the explicit <html><head> stuff from the default skins and moved that into the C code so we could insert the CSP and such automatically. Updated it to show the inner
tags that you actually get by default now, and talked about how the HTML document wrapper is added automatically. Also fixed some spelling and grammar errors.
(check-in: 9044fd2d user: wyoung tags: trunk)
Fix embedded HTML detection for the 'doc' web page when the 'data-title' attribute is not specified. (check-in: 3d6a4fd9 user: mistachkin tags: trunk)
Added links back to the top-level www/server/index.html article from the tail end of www/server/*/*.md. (check-in: 0f6f151d user: wyoung tags: server-docs)
Justified the ordering of sections in www/server/index.html by including info on complexity. CGI remains last because CGI is only a "simple" option when someone else sets up the CGI security for you, as on old-style cheap hosting plans. Also added several inline sub-document references. (check-in: 9f4121db user: wyoung tags: server-docs)
Merged the lists of socket listener daemons into the Socket Listener section of www/server/index.html: the list of known-working daemons down from the numbered list at the top of the article, and the list of potentially-working daemons up from the <noscript>-cloaked document matrix below. Also reordered the sections from simplest to most complex. (check-in: d9ab9c56 user: wyoung tags: server-docs)
Improvements to the nonce='$NONCE' substitution mechanism. (check-in: 1c50073d user: drh tags: server-docs)
Implemented the first version of the JavaScript tutorial chooser in www/server/index.html, complete with fallbacks for the noscript case, optional display of the static document matrix, and pretty CSS transitions between the states. (check-in: 0cbdbc72 user: wyoung tags: server-docs)
URL fix in previous (check-in: a7610e42 user: wyoung tags: server-docs)
Added the nonce="$NONCE" embedded documentation substitution feature and documented that and the other pre-existing text substitution features. (check-in: 02db05e6 user: wyoung tags: server-docs)
Further refinement of the server setup tutorial matrix CSS (check-in: a6fee589 user: wyoung tags: server-docs)
Reduced the number of columns in the server setup tutorial matrix by collapsing all of those for the OS's default web server down to a single shared column. Also dropped the xinetd column as obsolete. (We still have the explicit xinetd article link above.) (check-in: 3f9f1bdf user: wyoung tags: server-docs)
Moved inline CSS within www/server/index.html elements up into a <style> block at the top. Then used that to create a more even matrix layout. Also fixed some incorrect URLs checked in with the prior version, due to the document changing directory level. (check-in: 648574cb user: wyoung tags: server-docs)
Renamed www/ to www/server/index.html and converted it to HTML format. Did a bit of prose polishing and CSS work while in there. (check-in: 81932667 user: wyoung tags: server-docs)
Small improvements to IIS + CGI doc (check-in: f7c839c1 user: wyoung tags: server-docs)
Added docs for IIS + CGI server configuration. (check-in: 9098ebba user: wyoung tags: server-docs)
Assorted improvements to www/server/windows/ Removed the empty CGI and SCGI sections, as those will be separate articles. Added "Why Bother?" section. Added link to ./ Better explanation of the /code rewriting example. Hoist TLS info up into the new "Why Bother?" section. (check-in: 1670e5fa user: wyoung tags: server-docs)
Capitalization fix in HTML output from /artifact_stats (check-in: d570edc6 user: wyoung tags: trunk)
Include forum artifact statistics on the /artifact_stats page. (check-in: e2f2a05e user: drh tags: trunk)
Corrected the description of nginx + SCGI in www/ (check-in: 0f217e89 user: wyoung tags: server-docs)
Added starting version of www/server/windows/, covering only the HTTP reverse proxying case. (check-in: fbacfacf user: wyoung tags: server-docs)
An attempt to make the main page simpler and yet self-contained, all at once. (check-in: 5bb1e112 user: drh tags: server-docs)
Moved the chroot and loadmgmt sections of www/ into separate documents. This change also adds info on /proc to the chroot doc, which was missing in its prior form. Also reduced a few other "details" sections of to bullet points in the new "Further Details" list at the end of the document. (check-in: 85eaffb6 user: wyoung tags: server-docs)
Changed "socket activation" to "socket listener" in all the new docs (check-in: 3c9f811b user: wyoung tags: server-docs)
Markdownism fixes... (check-in: 1428f59e user: wyoung tags: server-docs)
Small improvements to the new Fossil Chroot Jail section of www/ (check-in: 4c837bc3 user: wyoung tags: server-docs)
Small clarity tweak to the new "Methods" discussion in www/ (check-in: fc00b7b2 user: wyoung tags: server-docs)
Converted the backwards-compatibility sections in www/ into identified hyperlinks to the new docs, which allows existing external ".../" URLs and such to work without needing the near-empty sections containing only a hyperlink just to anchor the link. (check-in: 0bb59100 user: wyoung tags: server-docs)
Several small refinements to prior check-ins. (check-in: 16e3cff6 user: wyoung tags: server-docs)
Moved the "Serving via althttpd" material from www/ to a new document, www/server/any/, linked from www/ (check-in: 2e19fcee user: wyoung tags: server-docs)
Added some named anchors to www/server/any/ (check-in: ce4b4bae user: wyoung tags: server-docs)
Moved the stunnel proxying docs from www/ to a new document www/server/any/, and pointed www/ at it. Also replaced some similar material in this branch's new www/server/windows/ file at this generic document. Between these two changes, the generic stunnel docs now cover the reverse proxying option for the first time. (The old version used the socket activation method exclusively.) The new document also gives a more realistic configuration, showing Let's Encrypt paths and a sensible ciphersuite configuration. (check-in: 53b2e866 user: wyoung tags: server-docs)
Split the HTTP-only parts out of www/ into a new document discussing only the reverse-proxying of `fossil --scgi` to HTTP using nginx on Debian type OSes. That material is now in www/server/debian/, which is referred to from www/ While in there, did a bit of prose polishing on this old guide. (check-in: 2baa8151 user: wyoung tags: server-docs)
Broke most of the contents of www/server/wiki out into a series of www/server/*.md articles that are now linked from a checkmark table in its place, which also links to the new www/server/windows/*.md files created to start this branch off. This is not purely a matter of moving prose around: there is a fair bit of improvement to the pre-existing prose as well, most notably that we now document the Fossil chroot jail requirements for the first time. (Previously, you had to go dig up mailing list or forum posts (or even RTFS!) to work out those requirements.) There's more to do on all of this; do not merge it to trunk yet. (check-in: fad82714 user: wyoung tags: server-docs)
Relaxed the "enforcing" language around the planned change of hash policy from "auto" to "sha3" in Fossil 2.10 within section 2.8 of the doc, and clarified what will actually happen with that release as compared to the current release. (check-in: c5461fb5 user: wyoung tags: trunk)
Merged recent spell check fixes into this branch so we don't revert any of them. (check-in: a9fd086f user: wyoung tags: server-docs)
Another spell check pass on www/* using a different dictionary than in the prior pass. ([79c2cb083152]) (check-in: 0996347d user: wyoung tags: trunk)
Server Documentation Update. This ckeckin contains instructions for using Fossil as a windows service and with stunnel as an https proxy. (check-in: 8b7c563d user: ckennedy tags: server-docs)
Additional documentation on CGI configuration options. Updates to the change log. New hyperlinks interconnecting the various documents. (check-in: fbc3b2f7 user: drh tags: trunk)
Remove the sigalrm_handler() function on windows builds as it is never called there. (check-in: 1d7afcdf user: drh tags: trunk)
Improvements to HOME search on windows, and improve the documentation of the same. (check-in: 006afac0 user: drh tags: trunk)
Set a default timeout on CGI requests of 300 seconds. (check-in: 859d6b16 user: drh tags: trunk)
Add "Forum Posts" as an option to "Activity Reports" (check-in: 6ada7e37 user: drh tags: trunk)
Improvements to the hyperlink description in /md_rules. (check-in: b8fac035 user: drh tags: trunk)
Added "Forum Posts" choice to the "Activity Reports" sub section of /stat. (Closed-Leaf check-in: f39e47a1 user: wyoung tags: forum-post-activity-report)
Refine HOME search order on Windows to maintain backward compatibility with the previous search hierarchy. (Closed-Leaf check-in: c07cbcd3 user: mistachkin tags: windows-env-usage-v2)
Merge in from trunk. (check-in: 0f9f2e40 user: andybradford tags: test-updates)
Updated the temp file and dir location documentation in www/ to match what the current code does. (Closed-Leaf check-in: 1f63724e user: wyoung tags: windows-env-usage)
Inserted %USERPROFILE% between %FOSSIL_HOME% and %LOCALAPPDATA% in the code that chooses where the user's account-wide _fossil file lives on Windows. (This is the Windows analog to the ~/.fossil file on POSIX systems.) Also updated the docs to match. (check-in: 15176c8a user: wyoung tags: windows-env-usage)
Update the /stat page to show forum statistics. (check-in: 29141af7 user: drh tags: trunk)
Fixes to the new markdown hyperlink logic to handle the case there the target URL is not defined. (check-in: 44545eef user: drh tags: trunk)
Contributing PowerShell script Set-ChildProject.ps1. This script wraps the code for converting a project into a child project into an easy to use PowerShell script. The script should be cross platform, but was only tested on Windows 10. (Leaf check-in: 0b70cf6d user: ckennedy tags: windows-tools)
Enhance markdown to use the same hyperlink target resolving logic as Fossil wiki. That means that wiki page names and check-in and ticket hashes can now be used as markdown hyperlink URLs. Also enhance markdown hyperlinks so that if the display text is an empty string, the URL is used as the display text. (check-in: 774fb771 user: drh tags: trunk)
Two additional places where links to /markup_help are useful. (check-in: 5f328d9f user: drh tags: trunk)
Fix up the markdown rules to include recent enhancements to fenced code blocks. On "Markup Style:" entry boxes, provide a hyperlink for easy access to the rule sheets. (check-in: 18a84ed8 user: drh tags: trunk)
Further work on the fenced code blocks of markdown. Allow blank lines in the middle of a fenced code block. And also allow ~ character (three or more) to serve as the delimiter for fenced code blocks. (check-in: c7600da4 user: drh tags: trunk)
Added an aside in fossil-v-git about Git's minority use of high-level scripting languages aside from its dominant one, POSIX shell, with a comparison to Fossil's own use of high-level scripting. (check-in: 1296ee46 user: wyoung tags: trunk)
Simplified the table line items for the hash algorithm point in as "SHA-3" vs "SHA-2". Details we delegate to the discussion prose below. (check-in: 595559f4 user: wyoung tags: trunk)
Expanded the discussion on user learning time vs arcance feature set size in, within section 2.5.3 "Accepting Contributions". (check-in: 1b479aff user: wyoung tags: trunk)
Small tweaks to the prose in section 2.5 in (check-in: 466d74c8 user: wyoung tags: trunk)
Fix the www/ Fossilized Bash Prompt script so that it works even if the current check-in comment contains grave accents (backticks). (check-in: c49f3ef4 user: drh tags: trunk)
Further refine the fenced code block rendering in markdown to try to comply with the CommonMark spec. (check-in: 81caad6c user: drh tags: trunk)
A triple grave accent quoted text (```....```) in markdown is rendered as <pre>...</pre>. (check-in: 2077ffe6 user: drh tags: trunk)
Moved the comment about learning from Git's design mistakes to a place higher up in the document where it makes more sense. It was almost a non sequitur where it was before. (check-in: 0e0d76ee user: wyoung tags: trunk)
Clarity pass on the new "Portable" section of article. (check-in: 4b574be4 user: wyoung tags: trunk)
Deferred discussion of data modeling from the intro of fossil-v-git to section 2.3 where it's fully covered. This material now talks more clearly about Fossil's hybrid NoSQL/relational data model, rather than handwave it as "relational". (check-in: e2998923 user: wyoung tags: trunk)
Added Digital Ocean pricing footnote to to back up the GitLab comparison. Also clarified the "smallest thing you could call a server" comment. (check-in: efc873ec user: wyoung tags: trunk)
Typo fix (check-in: 431245ed user: wyoung tags: trunk)
Reworked the intro to to flow better and be clearer. (check-in: 16cb9c02 user: wyoung tags: trunk)
Typo fix pass on www/* (check-in: 79c2cb08 user: wyoung tags: trunk)
Have the test-httpmsg command try to open the repository database in case that repository database contains TLS certificate exceptions. (check-in: bf25835f user: drh tags: trunk)
Add the FOSSIL_NONCE parameter to extension CGI. (check-in: 3f0ade55 user: drh tags: trunk)
Adjust the SQL authorizer to ignore SQLITE_READ calls for transient internal-use-only tables. SQLite should not be issuing those, but some legacy versions of SQLite do. It is harmless to ignore them. (check-in: b26967cf user: drh tags: trunk)
Remove the SQLITE_ENABLE_DBPAGE_VTAB requirement from external SQLite libraries, as without it only the ".recover" command in "fossil sql" is omitted, and that is an obscure case. (check-in: a4d71525 user: drh tags: trunk)
Fix an incorrect comment in sqlcompattest.c. (check-in: e2426e83 user: drh tags: trunk)
Fix incorrect requirements in sqlcompattest.c. (check-in: 156476b2 user: drh tags: trunk)
Add the LDFLAGS parameter when building the sqlcompttest test program. (check-in: 4a15ccda user: drh tags: trunk)
More details on althttpd in the section of www/ that discusses the stunnel + althttpd + fossil serving option used by and (check-in: 9c747e1c user: wyoung tags: trunk)
Add an SQLite compatibility test program and run that program during the "./configure" if the --disable-internal-sqlite option is used in order to verify that the system SQLite library has all of the capabilities that we need. (check-in: 350c627a user: drh tags: trunk)
Clarity and accuracy pass on the git-worktree issue in (check-in: 92dc1021 user: wyoung tags: trunk)
Merged two lists of similarities between Fossil and Git into a single instance up at the top of (check-in: 3609ff75 user: wyoung tags: trunk)
Language moderation in (check-in: 5e380ec3 user: wyoung tags: trunk)
Clarified the issue of building and installing Git vs Fossil from source vs as binary packages in (check-in: 00af3dbf user: wyoung tags: trunk)
Added a named anchor to doc (check-in: e88ae89c user: wyoung tags: trunk)