Fossil SCM
Documentation and change-log updates.
Commit
a90d3aa1ab2fe819d4a731bf1f234e64c91f173f01d5048ee56baf2703811744
Parent
603816d2210d791…
2 files changed
+10
-1
+8
-6
+10
-1
| --- src/login.c | ||
| +++ src/login.c | ||
| @@ -2214,13 +2214,22 @@ | ||
| 2214 | 2214 | |
| 2215 | 2215 | free(zCaptcha); |
| 2216 | 2216 | } |
| 2217 | 2217 | |
| 2218 | 2218 | /* |
| 2219 | -** WEBPAGE: reqpwreset | |
| 2219 | +** WEBPAGE: reqpwreset | |
| 2220 | 2220 | ** |
| 2221 | 2221 | ** A web page to request a password reset. |
| 2222 | +** | |
| 2223 | +** A form is presented where the user can enter their email address | |
| 2224 | +** and a captcha. If the email address entered corresponds to a known | |
| 2225 | +** users, an email is sent to that address that contains a link to the | |
| 2226 | +** /resetpw page that allows the users to enter a new password. | |
| 2227 | +** | |
| 2228 | +** This page is only available if the self-pw-reset property is enabled | |
| 2229 | +** and email notifications are configured and operating. Password resets | |
| 2230 | +** are not available to users with Admin or Setup privilege. | |
| 2222 | 2231 | */ |
| 2223 | 2232 | void login_reqpwreset_page(void){ |
| 2224 | 2233 | const char *zEAddr; |
| 2225 | 2234 | const char *zDecoded; |
| 2226 | 2235 | unsigned int uSeed; |
| 2227 | 2236 |
| --- src/login.c | |
| +++ src/login.c | |
| @@ -2214,13 +2214,22 @@ | |
| 2214 | |
| 2215 | free(zCaptcha); |
| 2216 | } |
| 2217 | |
| 2218 | /* |
| 2219 | ** WEBPAGE: reqpwreset |
| 2220 | ** |
| 2221 | ** A web page to request a password reset. |
| 2222 | */ |
| 2223 | void login_reqpwreset_page(void){ |
| 2224 | const char *zEAddr; |
| 2225 | const char *zDecoded; |
| 2226 | unsigned int uSeed; |
| 2227 |
| --- src/login.c | |
| +++ src/login.c | |
| @@ -2214,13 +2214,22 @@ | |
| 2214 | |
| 2215 | free(zCaptcha); |
| 2216 | } |
| 2217 | |
| 2218 | /* |
| 2219 | ** WEBPAGE: reqpwreset |
| 2220 | ** |
| 2221 | ** A web page to request a password reset. |
| 2222 | ** |
| 2223 | ** A form is presented where the user can enter their email address |
| 2224 | ** and a captcha. If the email address entered corresponds to a known |
| 2225 | ** users, an email is sent to that address that contains a link to the |
| 2226 | ** /resetpw page that allows the users to enter a new password. |
| 2227 | ** |
| 2228 | ** This page is only available if the self-pw-reset property is enabled |
| 2229 | ** and email notifications are configured and operating. Password resets |
| 2230 | ** are not available to users with Admin or Setup privilege. |
| 2231 | */ |
| 2232 | void login_reqpwreset_page(void){ |
| 2233 | const char *zEAddr; |
| 2234 | const char *zDecoded; |
| 2235 | unsigned int uSeed; |
| 2236 |
+8
-6
| --- www/changes.wiki | ||
| +++ www/changes.wiki | ||
| @@ -1,22 +1,24 @@ | ||
| 1 | 1 | <title>Change Log</title> |
| 2 | 2 | |
| 3 | 3 | <h2 id='v2_21'>Changes for version 2.21 (pending)</h2> |
| 4 | - * Add the [/help?cmd=self-pw-reset|self-pw-reset property] and the | |
| 5 | - [/help?cmd=/resetpw|/resetpw page] and the [/help?cmd=/reqpwreset|/reqpwreset page] | |
| 6 | - while all work together to give users the ability to request a password | |
| 7 | - reset without administrator involvement. | |
| 4 | + * Users can request a password reset. This feature is disabledby default. Use | |
| 5 | + the new [/help?cmd=self-pw-reset|self-pw-reset property] to enable it. | |
| 6 | + New web pages [/help?cmd=/resetpw|/resetpw] and | |
| 7 | + [/help?cmd=/reqpwreset|/reqpwreset] added. | |
| 8 | 8 | * Add the ability to put text descriptions on ticket report formats. |
| 9 | 9 | * Upgrade the test-find-pivot command to the [/help/merge-base|merge-base command]. |
| 10 | 10 | * The [/help?cmd=/chat|/chat page] can now embed fossil-rendered |
| 11 | 11 | views of wiki/markdown/pikchr file attachments with the caveat that such |
| 12 | 12 | embedding happens in an iframe and thus does not inherit styles and such |
| 13 | 13 | from the containing browser window. |
| 14 | + * The [/help?cmd=all|fossil all remote] subcommand added to "fossil all". | |
| 14 | 15 | * Passwords for remembered remote repositories are now stored as irreversible |
| 15 | 16 | hashes rather than obscured clear-text, for improved security. |
| 16 | - * As additional defense-in-depth against attack, writes to the database | |
| 17 | - are disabled by default if the HTTP request does not come from the same origin. | |
| 17 | + * Writes to the database are disabled by default if the HTTP request | |
| 18 | + does not come from the same origin. This enhancement is for defense in depth. | |
| 19 | + There where no known attacks prior to this enhancement. | |
| 18 | 20 | |
| 19 | 21 | <h2 id='v2_20'>Changes for version 2.20 (2022-11-16)</h2> |
| 20 | 22 | * Added the [/help?cmd=chat-timeline-user|chat-timeline-user setting]. If |
| 21 | 23 | it is not an empty string, then any changes that would appear on the timeline |
| 22 | 24 | are announced in [./chat.md|the chat room]. |
| 23 | 25 |
| --- www/changes.wiki | |
| +++ www/changes.wiki | |
| @@ -1,22 +1,24 @@ | |
| 1 | <title>Change Log</title> |
| 2 | |
| 3 | <h2 id='v2_21'>Changes for version 2.21 (pending)</h2> |
| 4 | * Add the [/help?cmd=self-pw-reset|self-pw-reset property] and the |
| 5 | [/help?cmd=/resetpw|/resetpw page] and the [/help?cmd=/reqpwreset|/reqpwreset page] |
| 6 | while all work together to give users the ability to request a password |
| 7 | reset without administrator involvement. |
| 8 | * Add the ability to put text descriptions on ticket report formats. |
| 9 | * Upgrade the test-find-pivot command to the [/help/merge-base|merge-base command]. |
| 10 | * The [/help?cmd=/chat|/chat page] can now embed fossil-rendered |
| 11 | views of wiki/markdown/pikchr file attachments with the caveat that such |
| 12 | embedding happens in an iframe and thus does not inherit styles and such |
| 13 | from the containing browser window. |
| 14 | * Passwords for remembered remote repositories are now stored as irreversible |
| 15 | hashes rather than obscured clear-text, for improved security. |
| 16 | * As additional defense-in-depth against attack, writes to the database |
| 17 | are disabled by default if the HTTP request does not come from the same origin. |
| 18 | |
| 19 | <h2 id='v2_20'>Changes for version 2.20 (2022-11-16)</h2> |
| 20 | * Added the [/help?cmd=chat-timeline-user|chat-timeline-user setting]. If |
| 21 | it is not an empty string, then any changes that would appear on the timeline |
| 22 | are announced in [./chat.md|the chat room]. |
| 23 |
| --- www/changes.wiki | |
| +++ www/changes.wiki | |
| @@ -1,22 +1,24 @@ | |
| 1 | <title>Change Log</title> |
| 2 | |
| 3 | <h2 id='v2_21'>Changes for version 2.21 (pending)</h2> |
| 4 | * Users can request a password reset. This feature is disabledby default. Use |
| 5 | the new [/help?cmd=self-pw-reset|self-pw-reset property] to enable it. |
| 6 | New web pages [/help?cmd=/resetpw|/resetpw] and |
| 7 | [/help?cmd=/reqpwreset|/reqpwreset] added. |
| 8 | * Add the ability to put text descriptions on ticket report formats. |
| 9 | * Upgrade the test-find-pivot command to the [/help/merge-base|merge-base command]. |
| 10 | * The [/help?cmd=/chat|/chat page] can now embed fossil-rendered |
| 11 | views of wiki/markdown/pikchr file attachments with the caveat that such |
| 12 | embedding happens in an iframe and thus does not inherit styles and such |
| 13 | from the containing browser window. |
| 14 | * The [/help?cmd=all|fossil all remote] subcommand added to "fossil all". |
| 15 | * Passwords for remembered remote repositories are now stored as irreversible |
| 16 | hashes rather than obscured clear-text, for improved security. |
| 17 | * Writes to the database are disabled by default if the HTTP request |
| 18 | does not come from the same origin. This enhancement is for defense in depth. |
| 19 | There where no known attacks prior to this enhancement. |
| 20 | |
| 21 | <h2 id='v2_20'>Changes for version 2.20 (2022-11-16)</h2> |
| 22 | * Added the [/help?cmd=chat-timeline-user|chat-timeline-user setting]. If |
| 23 | it is not an empty string, then any changes that would appear on the timeline |
| 24 | are announced in [./chat.md|the chat room]. |
| 25 |