50 events occurring on or before 2018-09-12 06:21:23.
More ↑
2018-09-12
| ||
06:21 | Corrected default for page-dir-style, change directory to sroot check-in: d5508f1e3b user: matt tags: stml2 | |
2018-09-09
| ||
16:44 | Fixed s:if-{param,session-var} calls to return null list for safe processing of stml pages. check-in: 30a1c2e2d2 user: matt tags: stml2 | |
16:35 | Fixed bad return from formdat initialization when there is no form. check-in: 60c715f8f7 user: matt tags: stml2 | |
12:52 | Pulled sugar.scm into stml2.scm check-in: 4856914104 user: matt tags: stml2 | |
01:19 | converted vector to defstruct check-in: 605397d08c user: matt tags: stml2 | |
2018-09-08
| ||
23:04 | Added ability to specify config file check-in: e954e3db42 user: matt tags: stml2 | |
20:07 | All moved into stml1 module and it compiles/installs. check-in: 77e7733590 user: matt tags: stml2 | |
19:46 | Moved everything into a single module for a more easy transition check-in: de72dc8d9f user: matt tags: stml2 | |
2018-07-29
| ||
22:04 | first steps in refactoring to a module check-in: 8b66fa08e7 user: matt tags: stml2 | |
2017-11-10
| ||
21:26 | Ensure force-ssl is initiallized to #f check-in: cb3c5f2532 user: matt tags: trunk | |
2017-10-21
| ||
00:26 | Added force-ssl check-in: 35d44094de user: kiatoaco tags: trunk | |
2017-10-20
| ||
23:46 | • Edit [0d4c0dc2fe]: Add tag "2017-ww40". artifact: 8024f705ea user: kiatoaco | |
23:45 | Honor HTTPS_SERVER cgi varible check-in: 5a8df0870a user: matt tags: trunk | |
2017-09-16
| ||
04:29 | Added session:generate-random-string. check-in: 9fe02f8d12 user: matt tags: trunk | |
2017-08-25
| ||
05:40 | • Changes to wiki page stml artifact: 8b9859f8b6 user: matt | |
2017-03-31
| ||
02:47 | Replaced use of regex with substring-index for form parsing. Former use was quite broken treating incoming data as the regex. check-in: 0d4c0dc2fe user: matt tags: trunk, 2017-ww40 | |
2017-03-13
| ||
06:30 | Added obfuscated set/get check-in: 544afe46f9 user: matt tags: trunk | |
2017-03-11
| ||
12:03 | Added s:get-inp which does s:get-input falling back to s:get-param if no input var exists check-in: 962faddbed user: matt tags: trunk | |
2017-03-07
| ||
20:36 | Minor cleanup of example in howto.txt and changed s:local-set to s:lset check-in: fd0492638e user: matt tags: trunk | |
2017-03-03
| ||
13:37 | Merged in some forgotten changes check-in: 88e690f242 user: matt tags: trunk | |
2017-02-28
| ||
23:07 | Added script override check-in: d55d5a7926 user: mrwellan tags: trunk | |
2016-11-08
| ||
06:44 | Added missing use dbi in misc-stml.scm check-in: 17ef0caa4a user: matt tags: trunk | |
06:20 | Merged crypt branch check-in: 0e2bee049a user: matt tags: trunk | |
06:18 | Added escape of \n \r as option to session:apply-type-preference Leaf check-in: 7592869969 user: matt tags: crypt | |
2016-10-21
| ||
04:29 | • Edit [1b5a5d3a6e]: Move to branch crypt... artifact: 1fe5668150 user: matt | |
04:28 | • Edit [1241e8996c]: Marked "Closed". artifact: 243edaa898 user: matt | |
2016-10-20
| ||
17:53 |
Replace external openssl call with "crypt" egg.
The OpenSSL call was using the old UNIX crypt DES password hashing, which is very weak. Crypt will default to a more sensible mechanism (Blowfish, but in the future could transparently switch). Old passwords will continue to work, because the crypt egg detects DES salts and happily hashes them. When creating new passwords, they will be hashed using the modern algorithm. The OpenSSL call passed the password to the shell, so an onlooker on the server could see it in plaintext. It also neglected to escape the password for the shell, resulting in a command injection vulnerability. check-in: 1b5a5d3a6e user: sjamaan tags: crypt | |
17:50 | Create new branch named "crypt" Closed-Leaf check-in: 1241e8996c user: sjamaan tags: crypt | |
2016-09-25
| ||
17:10 | Added conversion to s:session-var-get. WARNING: Need to use 'raw in many cases check-in: 445ea184ae user: matt tags: trunk | |
2016-09-24
| ||
07:07 | Added recovery from bad form. but it is broken and I don't know why. Still seems rare ... check-in: 44c407806c user: matt tags: trunk | |
2016-09-22
| ||
06:28 | Added safe handling for params check-in: 4bccacb50f user: matt tags: trunk | |
2016-09-21
| ||
04:34 | Oops. Use the string result. check-in: 8c0e13bea5 user: matt tags: trunk | |
04:31 | Trim \n sillyness from escaped strings check-in: 8b94f6cb84 user: matt tags: trunk | |
2016-09-19
| ||
06:05 | Oops. missed setup.scm check-in: 4b5ced8c71 user: matt tags: trunk | |
05:55 | Add filtering to s:get-input. Switch to dbi. check-in: e78a65d865 user: matt tags: trunk | |
2016-07-28
| ||
06:46 | emit limited debug info to the user if not in debug mode. Give name of log file check-in: bd6f7bf73b user: matt tags: trunk | |
06:36 | emit limited debug info to the user if not in debug mode. Give name of log file check-in: e9e91f635f user: matt tags: trunk | |
2016-07-10
| ||
04:53 | Fixed fork again check-in: 77503f3f5c user: kiatoaco tags: trunk | |
2016-05-14
| ||
19:44 | Merged fork check-in: f3b21cf7d2 user: matt tags: trunk | |
19:42 | Added comment on fPIC and added clean target check-in: 3b621651c1 user: matt tags: trunk | |
16:40 | Added hint regarding fPIC to INSTALL file check-in: 5f818de536 user: matt tags: trunk | |
2015-12-28
| ||
03:35 | • Changes to wiki page stml artifact: 452f5a4b24 user: matt | |
03:34 | • Changes to wiki page stml artifact: 3a0ff84f76 user: matt | |
03:34 | Added snip of stml code from Kiatoa project check-in: 7c85b0da59 user: matt tags: trunk | |
03:33 | • Changes to wiki page stml artifact: 2da6bb4f0c user: matt | |
03:17 | • Changes to wiki page stml artifact: b526a1c6d5 user: matt | |
03:12 | • Changes to wiki page stml artifact: 4e47a8e5e4 user: matt | |
2015-12-22
| ||
06:12 | Return empty string if stuff to output isn't recognised check-in: 4c0940a61f user: matt tags: trunk | |
03:27 | Merged selfcontained back to trunk check-in: f276a48081 user: matt tags: trunk | |
2015-11-15
| ||
02:20 | deal somewhat gracefully with improper %num escaped char in URL Leaf check-in: 332033f93f user: matt tags: selfcontained | |