03a6d9306a
api: fix infinite loop in function string_replace when the search string is empty
2026-06-06 14:19:37 +02:00
a17a80f1d0
relay: fix timing attack on password authentication (GHSA-vhv8-g2r9-cwcc)
...
The relay authentication used non-constant-time comparisons (strcasecmp,
strcmp) to verify password hashes and plaintext passwords, allowing an
attacker to derive the expected hash byte-by-byte from response timing
and then authenticate without knowing the password.
- SHA/PBKDF2 hex hash comparisons: normalize the client-supplied hash to
uppercase and compare in constant time over the fixed expected length.
- Plaintext password comparison: HMAC-SHA256 both passwords with a fresh
per-call random key and compare the fixed-size MACs in constant time,
hiding both per-byte timing and the password length.
Add string_memcmp_constant_time helper in core, exposed via the plugin
API. Bump WEECHAT_PLUGIN_API_VERSION accordingly.
2026-06-06 13:01:52 +02:00
42ae480f0a
tests: add test with a float number using a lot of decimals in calculation of expression
...
This test validates the fix made in commit
5b4820ab06
2025-06-07 17:01:11 +02:00
a0ffb9e5dd
core, plugins: replace "%p" by "%lx" in calls to sscanf
2025-05-18 22:29:39 +02:00
95a940294e
Revert "core, plugins: replace "%lx" by "%p" in calls to sscanf"
...
This reverts commit e64ab3c675
2025-05-18 22:29:39 +02:00
2f375b652b
core: add support of specifier %@ for UTC time in function util_strftimeval
2025-05-18 22:23:04 +02:00
2c0bbdf9b9
core: fix integer overflow in function util_version_number
2025-05-08 19:18:59 +02:00
caa7af253a
tests: add tests on function util_strftimeval with microseconds < 0 or > 999999
2025-03-17 08:12:33 +01:00
9fe5fa23a0
core: convert "long long" to "unsigned long long" in functions util_get_microseconds_string and util_parse_delay
2025-03-16 11:13:25 +01:00
547e2b934e
core: update copyright dates
2025-02-01 23:13:18 +01:00
732f24b6ba
core: add command /pipe
2024-12-16 13:39:14 +01:00
244595d94f
api: add support of flags in functions hook_signal_send and hook_hsignal_send
...
For now the only supported flag is:
- "stop_on_error": stop execution of callbacks immediately after an
error (ie return code of callback is WEECHAT_RC_ERROR) and return this code
(by default execute all callbacks and return the last return code, or return
WEECHAT_RC_EAT immediately if a callback returns this)
Example:
hook_signal_send("[flags:stop_on_error]my_signal", WEECHAT_HOOK_SIGNAL_STRING, "test");
2024-11-24 10:29:32 +01:00
26e16fdea7
tests: add extra tests on function string_split
...
New tests:
- split empty string
- standard split with only separators in string
- standard split with only separators in string and strip separators
2024-10-21 08:23:55 +02:00
50a9c88b79
core: check that version is not NULL or empty string in function util_version_number
2024-10-21 08:23:55 +02:00
bca7c7438a
api: add special value - (hyphen-minus) in options of function command_options to prevent execution of commands (issue #2199 )
2024-10-13 11:15:10 +02:00
ec78084f49
tests: add tests on function input_data
2024-10-12 21:04:13 +02:00
7f93f81a82
spelling: separator
...
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com >
2024-09-28 21:22:56 +02:00
6908eec160
tests: replace POINTERS_EQUAL by STRCMP_EQUAL in string comparisons with NULL
2024-09-14 10:26:42 +02:00
5f62eb1f2b
tests: add tests on function string_rebuild_split_string with empty items
2024-09-07 08:27:26 +02:00
2a6b16d1de
tests: add tests of hdata returning NULL pointer in eval
2024-06-22 09:08:47 +02:00
e64ab3c675
core, plugins: replace "%lx" by "%p" in calls to sscanf
2024-06-14 17:59:02 +02:00
c83b08fae8
tests: add test on function hdata_count with empty list "gui_layouts"
2024-06-14 17:37:11 +02:00
ce3c5f0caa
core: add hdata count in evaluation of expressions
...
Syntax is one of:
- `hdata_count:name[list]`: uses a hdata name and list
- `hdata_count:name[pointer]`: uses a hdata name and pointer (count starts at
this pointer)
2024-06-14 17:04:06 +02:00
8945b7bf33
core: add function hdata_count
2024-06-14 17:04:06 +02:00
70417a1ac6
api: add hashtable type "longlong"
2024-06-10 23:55:34 +02:00
93433e5dd7
tests: add tests on hashtable with different key/value types
2024-06-10 19:42:57 +02:00
843dcd49b5
tests: add more tests on function string_split_shell
2024-06-08 14:24:43 +02:00
0df1cde496
tests: fix typo in comment
2024-05-08 09:30:33 +02:00
9f536d3dc7
api: return -1 or 1 if one input string is NULL and not the other in string comparison functions
2024-05-08 09:30:20 +02:00
a59fa70a94
irc: remove check of NULL pointers before calling weechat_list_free() (issue #865 )
2024-04-26 21:06:47 +02:00
ee51e6c05f
plugins: remove check of NULL pointers before calling weechat_infolist_free() (issue #865 )
2024-04-26 21:06:06 +02:00
561dd92d8e
plugins: remove check of NULL pointers before calling weechat_config_option_free() (issue #865 )
2024-04-26 20:59:44 +02:00
619b40b42f
core: remove check of NULL pointers before calling string_shared_free() (issue #865 )
2024-04-26 08:55:35 +02:00
0b2d9bcb9b
plugins: remove check of NULL pointers before calling weechat_hashtable_free() (issue #865 )
2024-04-26 08:53:22 +02:00
828ca37225
tests: split hook tests into multiple files (issue #865 )
2024-04-26 08:41:44 +02:00
6cf163f00c
tests: move hook modifier tests to a separate file (issue #865 )
2024-04-26 07:51:49 +02:00
3eed74a75c
plugins: remove check of NULL pointers before calling weechat_arraylist_free() (issue #865 )
2024-04-26 07:37:22 +02:00
8c3f16dbe3
core: add support for $XDG_STATE_HOME
2024-04-12 22:57:57 +02:00
2cf66de423
api: add function "asprintf"
2024-04-07 13:18:13 +02:00
4adb64284b
buffer: add property input_get_any_user_data in buffer (issue #2066 )
...
This allows buffers to get any user input, including commands, that are sent to
the buffer callback instead of being executed on the buffer.
2024-04-07 13:18:13 +02:00
965beb37de
core: fix print of pointer values
2024-04-01 21:08:52 +02:00
9bc4352089
core: fix tests on function strftimeval on Alpine
2024-03-24 20:56:29 +01:00
ea86f75319
tests: add hdata tests with struct timeval
2024-03-15 21:32:40 +01:00
3b9e2f480d
tests: reorder tests on core directory functions
2024-03-13 13:01:50 +01:00
24c4029c96
core: remove "wee-" prefix from source files in src/core and src/core/hook
2024-03-12 21:27:37 +01:00
9e0dd18152
api: add function "hdata_longlong" (issue #2081 )
2024-03-12 20:37:11 +01:00
361d55d9d7
api: add functions config_{boolean|integer|string|color|enum}_inherited in scripting API
2024-03-05 19:52:21 +01:00
6817542f95
tests: add tests on functions that read values of config options
2024-03-05 19:51:15 +01:00
19bf6c9672
tests: fix compiler warning on empty snprintf format
...
This fixes the following warning:
test-core-dir.cpp:178:36: warning: zero-length gnu_printf format string [-Wformat-zero-length]
2024-02-10 19:02:17 +01:00
caa51160da
core: remove trailing directory separators in home directories ( closes #2070 )
2024-02-10 10:23:40 +01:00
Sébastien Helleu