On Fri, Nov 30, 2012 at 5:09 PM, Dmitry Chestnykh <[email protected]>wrote:
> Regarding this change: > > - Enhance the "fossil server DIRECTORY" command to serve static > content files contained in DIRECTORY. > > It now allows downloading the repo itself. > Thanks for noticing this huge security hole. The "fossil server" command now refuses to deliver any file as static content that contains ".fossil" anywhere in its name. That prevents repositories and their journal files from being delivered as static content. I wonder if it should be even more restrictive - and only deliver static content that ends in some well-known subset of suffices: *.html, *.htm, *.jpg, *.jpeg, *.gif, *,png, *.txt, *.css, *.js > > e.g > > fossil server ~/fossils > > (I have Fossil clone located at ~/fossil/pub/fossil.fossil) > > http://127.0.0.1:8080/pub/fossil/ > > will show the repository, as intended, while > > http://127.0.0.1:8080/pub/fossil.fossil > > will download it. Oops. > > -Dmitry > > PS Clicking on nodes for diff is *awesome*! > > On Fri, Nov 30, 2012 at 10:16 PM, Richard Hipp <[email protected]> wrote: > > I have put up a change log for Fossil version 1.25 with a tentative > release > > date of 2012-12-19 > > > > http://www.fossil-scm.org/fossil/doc/trunk/www/changes.wiki > > > > There has been a *lot* of change since 1.24. Please test the trunk > version > > of Fossil as you are able to. Report any issues to this mailing list, or > > file a ticket. We want 1.25 to be a good release, but we need your help > in > > testing in order to accomplish that. > > > > FWIW, we do eat our own dogfood. The Fossil executable that runs the > Fossil > > website gets updated to the tip of trunk roughly every day. The same > > executable also runs http://www.sqlite.org/ and several other websites. > And > > all of my personal machines (linux, mac, and windows) are running the > very > > latest Fossil code. If there were serious problems with the latest > Fossil > > code, I would be doomed. You can trust that the tip of trunk is > reasonably > > stable. Nevertheless, I'm sure if hundreds of you start testing the > latest > > code, some of you will run across various minor issues, issues that we > would > > prefer to fix prior to 1.25 instead of after. Therefore, do please test. > > Thanks. > > -- > > D. Richard Hipp > > [email protected] > > > > _______________________________________________ > > fossil-users mailing list > > [email protected] > > http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users > > > > > > -- > -- > Dmitry Chestnykh > http://www.codingrobots.com > _______________________________________________ > fossil-users mailing list > [email protected] > http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users > -- D. Richard Hipp [email protected]
_______________________________________________ fossil-users mailing list [email protected] http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
