Advanced  Max:

12 check-ins using file formdat.scm version 9664a46ced

2017-03-13
06:30
Added obfuscated set/get check-in: 544afe46f9 user: matt tags: trunk
2017-03-11
12:03
Added s:get-inp which does s:get-input falling back to s:get-param if no input var exists check-in: 962faddbed user: matt tags: trunk
2017-03-07
20:36
Minor cleanup of example in howto.txt and changed s:local-set to s:lset check-in: fd0492638e user: matt tags: trunk
2017-03-03
13:37
Merged in some forgotten changes check-in: 88e690f242 user: matt tags: trunk
2017-02-28
23:07
Added script override check-in: d55d5a7926 user: mrwellan tags: trunk
2016-11-08
06:44
Added missing use dbi in misc-stml.scm check-in: 17ef0caa4a user: matt tags: trunk
06:20
Merged crypt branch check-in: 0e2bee049a user: matt tags: trunk
06:18
Added escape of \n \r as option to session:apply-type-preference Leaf check-in: 7592869969 user: matt tags: crypt
2016-10-20
17:53
Replace external openssl call with "crypt" egg.

The OpenSSL call was using the old UNIX crypt DES password hashing, which is very weak. Crypt will default to a more sensible mechanism (Blowfish, but in the future could transparently switch).

Old passwords will continue to work, because the crypt egg detects DES salts and happily hashes them. When creating new passwords, they will be hashed using the modern algorithm.

The OpenSSL call passed the password to the shell, so an onlooker on the server could see it in plaintext. It also neglected to escape the password for the shell, resulting in a command injection vulnerability. check-in: 1b5a5d3a6e user: sjamaan tags: crypt

17:50
Create new branch named "crypt" Closed-Leaf check-in: 1241e8996c user: sjamaan tags: crypt
2016-09-25
17:10
Added conversion to s:session-var-get. WARNING: Need to use 'raw in many cases check-in: 445ea184ae user: matt tags: trunk
2016-09-24
07:07
Added recovery from bad form. but it is broken and I don't know why. Still seems rare ... check-in: 44c407806c user: matt tags: trunk