34 events occurring on or after 2016-10-20 17:53:01.

2021-03-20
04:30
Chicken 5 readiness Leaf check-in: 9288fabe1c user: matt tags: chicken-5
04:26
Merged stml2 to trunk Leaf check-in: 2737ed086f user: matt tags: trunk
2018-10-03
06:33
Added s:output (the html feature) Leaf check-in: 6da3fc24ef user: matt tags: stml2
2018-09-27
05:53
Pass in config and carry it through. check-in: 1132e616b5 user: matt tags: stml2
2018-09-17
14:11
Set toppage to home check-in: 461d0e242a user: matt tags: stml2
2018-09-16
05:56
Added s:script check-in: 9c8b1b022a user: matt tags: stml2
2018-09-13
14:13
Allow either debugmode or debug-mode in config. Someday deprecate debugmode check-in: 3a34ddd1b5 user: matt tags: stml2
2018-09-12
06:21
Corrected default for page-dir-style, change directory to sroot check-in: d5508f1e3b user: matt tags: stml2
2018-09-09
16:44
Fixed s:if-{param,session-var} calls to return null list for safe processing of stml pages. check-in: 30a1c2e2d2 user: matt tags: stml2
16:35
Fixed bad return from formdat initialization when there is no form. check-in: 60c715f8f7 user: matt tags: stml2
12:52
Pulled sugar.scm into stml2.scm check-in: 4856914104 user: matt tags: stml2
01:19
converted vector to defstruct check-in: 605397d08c user: matt tags: stml2
2018-09-08
23:04
Added ability to specify config file check-in: e954e3db42 user: matt tags: stml2
20:07
All moved into stml1 module and it compiles/installs. check-in: 77e7733590 user: matt tags: stml2
19:46
Moved everything into a single module for a more easy transition check-in: de72dc8d9f user: matt tags: stml2
2018-07-29
22:04
first steps in refactoring to a module check-in: 8b66fa08e7 user: matt tags: stml2
2017-11-10
21:26
Ensure force-ssl is initiallized to #f check-in: cb3c5f2532 user: matt tags: trunk
2017-10-21
00:26
Added force-ssl check-in: 35d44094de user: kiatoaco tags: trunk
2017-10-20
23:46 Edit [0d4c0dc2fe]: Add tag "2017-ww40". artifact: 8024f705ea user: kiatoaco
23:45
Honor HTTPS_SERVER cgi varible check-in: 5a8df0870a user: matt tags: trunk
2017-09-16
04:29
Added session:generate-random-string. check-in: 9fe02f8d12 user: matt tags: trunk
2017-08-25
05:40 Changes to wiki page stml artifact: 8b9859f8b6 user: matt
2017-03-31
02:47
Replaced use of regex with substring-index for form parsing. Former use was quite broken treating incoming data as the regex. check-in: 0d4c0dc2fe user: matt tags: trunk, 2017-ww40
2017-03-13
06:30
Added obfuscated set/get check-in: 544afe46f9 user: matt tags: trunk
2017-03-11
12:03
Added s:get-inp which does s:get-input falling back to s:get-param if no input var exists check-in: 962faddbed user: matt tags: trunk
2017-03-07
20:36
Minor cleanup of example in howto.txt and changed s:local-set to s:lset check-in: fd0492638e user: matt tags: trunk
2017-03-03
13:37
Merged in some forgotten changes check-in: 88e690f242 user: matt tags: trunk
2017-02-28
23:07
Added script override check-in: d55d5a7926 user: mrwellan tags: trunk
2016-11-08
06:44
Added missing use dbi in misc-stml.scm check-in: 17ef0caa4a user: matt tags: trunk
06:20
Merged crypt branch check-in: 0e2bee049a user: matt tags: trunk
06:18
Added escape of \n \r as option to session:apply-type-preference Leaf check-in: 7592869969 user: matt tags: crypt
2016-10-21
04:29 Edit [1b5a5d3a6e]: Move to branch crypt... artifact: 1fe5668150 user: matt
04:28 Edit [1241e8996c]: Marked "Closed". artifact: 243edaa898 user: matt
2016-10-20
17:53
Replace external openssl call with "crypt" egg.

The OpenSSL call was using the old UNIX crypt DES password hashing, which is very weak. Crypt will default to a more sensible mechanism (Blowfish, but in the future could transparently switch).

Old passwords will continue to work, because the crypt egg detects DES salts and happily hashes them. When creating new passwords, they will be hashed using the modern algorithm.

The OpenSSL call passed the password to the shell, so an onlooker on the server could see it in plaintext. It also neglected to escape the password for the shell, resulting in a command injection vulnerability. check-in: 1b5a5d3a6e user: sjamaan tags: crypt

More ↓