1
0
mirror of https://github.com/weechat/weechat.git synced 2026-07-01 23:36:37 +02:00
Commit Graph

2118 Commits

Author SHA1 Message Date
Sébastien Helleu 84f5fd92d6 core: track per-contributor overrides in theme registry
Refactor the theme registry to store one sub-table per contributor
instead of a single merged hashtable. Each registered theme now holds
a linked list of t_theme_contribution entries:

  struct t_theme_contribution {
      struct t_weechat_plugin *plugin;  /* NULL = core */
      const void *script;               /* NULL for non-script */
      struct t_hashtable *overrides;
      ...
  };

Identity of a contributor is the (plugin, script) pair:

  - (NULL, NULL)     -> core (theme_builtin_init)
  - (plugin, NULL)   -> plugin-level contribution
  - (plugin, script) -> individual script (filled in by next commit)

theme_register is now (plugin, script, name, overrides). It searches
the existing contributions for a matching (plugin, script) and merges
the new overrides into it; otherwise it appends a fresh contribution.
The public macro weechat_theme_register(name, overrides) still takes
two args - it now expands to pass weechat_plugin and NULL for script.

theme_apply iterates contributions in list order, calling
config_file_option_set for each entry; later contributions naturally
win for duplicate keys.

Two new internal helpers prepare for the lifecycle work in the next
two commits:

  - theme_unregister_plugin (plugin): drops every contribution owned
    by that plugin (with script == NULL).
  - theme_unregister_script (plugin, script): drops every contribution
    owned by that script.

Neither is called yet; the auto-purge wiring lands in commits 24
(plugin_unloaded signal) and 25 (script API + script-unload hook).

Other touched code:

  - core-theme-builtin.c switches to theme_register (NULL, NULL, ...).
  - core-command.c /theme info uses theme_overrides_count helper
    instead of reaching into theme->overrides (which no longer
    exists).
  - WEECHAT_PLUGIN_API_VERSION bumped to 20260527-01 (function-pointer
    signature change).

Two new tests cover the new semantics:

  - UnregisterByOwner: registers four contributions from distinct
    (plugin, script) pairs, then prunes by plugin and by script,
    asserting per-contribution removal.
  - RegisterMergesPerContributor: two successive register calls from
    the same (plugin, script) merge into a single contribution with
    later keys overriding earlier ones.

Existing tests are updated to use the new theme_register signature,
theme_overrides_count, and theme_get_override (replacing direct
access to theme->overrides->items_count and hashtable_get on
theme->overrides). No plugin or script call sites change - the
public weechat_theme_register macro keeps the same shape.
2026-06-06 12:23:07 +02:00
Sébastien Helleu ff4d9d638c core: register built-in "light" theme
Add a small core-theme-builtin.c module containing the core
contribution to the "light" theme: 33 overrides for
"weechat.bar.{status,title}.color_*" and "weechat.color.*" tuned for
light-background terminals.

theme_builtin_init() builds a hashtable from the static entry table and
calls theme_register("light", overrides), then frees the temporary
hashtable. It is called once from weechat_init right after theme_init.
Calling it twice is a no-op (the registry merges identical keys).

Default option values are NOT changed. Existing configs render exactly
as before; users opt in with "/theme apply light".

Add TEST(CoreTheme, BuiltinInit) covering:
  - the "light" theme is absent before theme_builtin_init();
  - it is present after, with >= 30 overrides;
  - three spot-checked values match the source table;
  - calling theme_builtin_init() a second time does not change the
    override count.

Plugins contribute their own "light" overrides via weechat_theme_register
in subsequent commits.
2026-06-06 12:23:07 +02:00
Sébastien Helleu 8be6cff05f core: add theme name completion
Add two completion items hooked alongside "layouts_names":

- "theme_themes_all": all theme names (built-ins from the registry
  plus every *.theme file in <weechat_config_dir>/themes/, including
  backup-*.theme). Used by tab-complete on /theme apply and
  /theme info.
- "theme_themes_user": user theme files only (excludes built-ins
  and backup-*.theme). Used by tab-complete on /theme save and
  /theme delete, so users cannot accidentally try to overwrite a
  built-in name or save a name colliding with the reserved backup
  prefix.

Both callbacks share a small dir_exec_on_files-based helper to filter
the themes directory. The /theme command's completion template in
core-command.c is updated to reference these new items.
2026-06-06 12:23:07 +02:00
Sébastien Helleu 144d79f331 core: implement /theme save and /theme delete
Add two complementary subcommands:

  /theme save <name> [-full]: writes a user theme file at
    ${weechat_config_dir}/themes/<name>.theme containing the current
    themable options. By default only options whose value differs from
    their default (config_file_option_has_changed) are written, which
    keeps the file small and focused. Pass "-full" to write every
    themable option (matches the format used by automatic backups).

    Name validation: refuses any name matching a built-in theme (those
    are reserved for in-memory registrations) and any name starting
    with "backup-" (reserved for /theme apply backups). Both checks
    print an error and abort without writing.

  /theme delete <name>: removes ${weechat_config_dir}/themes/<name>.theme
    via unlink. Refuses to delete a name registered as a built-in
    theme (a built-in has no file on disk to delete, even if the user
    has a shadowing file of the same name they cannot remove it this
    way; they can rename or delete it manually).

The full-snapshot writer used by /theme apply backups is refactored
into theme_write_file (name, description, diff_only). It is reused
by theme_make_backup (diff_only=0) and theme_save (diff_only inverted
from the user's -full flag).

Bug fix while at it: the writer was previously calling
config_file_option_value_to_string (ptr_option, 0, 1, 0); the third
and fourth arguments are "use_colors" and "use_delimiters", so the
call inserted GUI color escape codes into the file output and skipped
quoting strings. Corrected to (ptr_option, 0, 0, 1) so plain text
with proper string quoting is written; the change also fixes the
content of files produced by theme_make_backup in the previous commit.
2026-06-06 12:23:06 +02:00
Sébastien Helleu 74faa91578 core: implement theme file parsing and transient file reads in /theme apply
Add a small INI-style parser for *.theme files and wire it into the
/theme command so user themes living in directory "themes" inside the
WeeChat configuration directory can be applied (and inspected) without
ever being cached.

Parser (theme_file_parse in core-theme.c) accepts two sections:

  [info]
  name = "..."          \ shown by /theme info; ignored for apply
  description = "..."   |
  date = "..."          |
  weechat = "..."       /
  (unknown keys are ignored with a warning)

  [options]
  full.option.name = "value"

Surrounding single or double quotes around a value are stripped (same
rule used by the regular config file reader). The parsed result is a
heap-allocated t_theme; the caller frees with theme_free.

Resolution rule in theme_apply: if the path
"${weechat_config_dir}/themes/<name>.theme" is readable it is parsed
and used (file shadows any built-in of the same name); otherwise the
built-in registry is consulted. The transient t_theme is freed before
the final refresh, so user themes have no steady-state memory
footprint regardless of how many .theme files have accumulated.

/theme list now also scans the themes directory and appends user
files to the listing (each marked "(file)"). backup-*.theme are
hidden by default; pass "-backups" to include them.

/theme info <name> works for both sources: file path is shown when the
information comes from disk; "built-in (in-memory)" otherwise.
2026-06-06 12:23:06 +02:00
Sébastien Helleu 1bad1f60d7 core: implement /theme apply with themable enforcement and auto-backup
Implement /theme apply <name> for themes currently in the in-memory
registry. The file-shadowing branch (read a .theme file from
${weechat_config_dir}/themes/ when no built-in matches) is added in
the next commit together with the parser.

Apply algorithm (theme_apply in core-theme.c):

- Look up the theme in the registry; abort with an error if unknown.
- If weechat.look.theme_backup is on and the target name does not
  begin with "backup-", write a full snapshot of every themable
  option to ${weechat_config_dir}/themes/backup-<timestamp>.theme
  via theme_make_backup; abort the apply if the backup cannot be
  written, so the user can always undo.
- Iterate the theme's overrides with theme_applying=1 so the
  per-option config_change_color skips its gui refresh; for each
  entry look up the option, refuse it if missing or non-themable
  (warning to core buffer), otherwise call config_file_option_set.
- Perform a single gui_color_init_weechat + gui_window_ask_refresh
  at the end.
- Persist the active label in weechat.look.theme and send signal
  "theme_applied" with the name as data.

Add the new option weechat.look.theme_backup (boolean, default on)
which controls the backup-or-abort behaviour described above.

Wire the new /theme apply subcommand into core-command.c with the
existing /theme registration; update help text accordingly.
2026-06-06 12:23:06 +02:00
Sébastien Helleu 6b5b0d8915 core: add /theme command with list and info subcommands
Add the /theme command with two read-only subcommands for now:

- /theme  (or  /theme list): list registered themes; the active theme
  (matching weechat.look.theme) is marked with "->".
- /theme info <name>: show name, description, creation date, WeeChat
  version and override count of a theme.

Both subcommands only consider themes present in the in-memory
registry (registered via core/plugins/scripts). User theme files on
disk are not yet handled: the file parser and transient file reads
land in a later commit together with /theme apply.
2026-06-06 12:23:06 +02:00
Sébastien Helleu a7b41b6321 core: add weechat.look.theme option and theme_applying guard
Add a new string option "weechat.look.theme" holding the name of the
last theme applied via the upcoming /theme command. It is set
automatically by /theme apply and persisted on disk for /theme info to
display after restart; it is NOT re-applied at startup (the user's
saved color values win to avoid clobbering manual post-apply tweaks).

Amend config_change_color so it skips the gui_color_init_weechat ()
and gui_window_ask_refresh (1) calls when theme_applying is set.
/theme apply will set this flag while iterating overrides so the N
individual option changes do not trigger N redundant screen refreshes;
the apply path then performs a single refresh at the end.
2026-06-06 12:23:06 +02:00
Sébastien Helleu e1a6fba1b4 core: add core-theme skeleton and theme registry
Introduce a new module (core-theme.{c,h}) holding the in-memory registry
of built-in themes used by the upcoming /theme command:

- struct t_theme stores name, description, date and weechat version
  captured at registration time, plus a hashtable of overrides keyed by
  full option name (file.section.option) -> value string.
- theme_register (name, overrides) creates a new theme or merges the
  given overrides into an existing one (later calls override duplicate
  keys); this is the API plugins and scripts will use to contribute
  per-theme color values.
- theme_search and theme_list provide lookup and ordered enumeration.
- theme_init / theme_end are called from weechat_init / weechat_end.

The theme_applying flag is declared here but not yet consumed (it will
gate config_change_color in the next commit to avoid N redundant
window refreshes during /theme apply).

User theme files are not handled by this module: they are read
transiently inside /theme apply (a later commit) and never cached.
2026-06-06 12:23:06 +02:00
Sébastien Helleu 426caf4bdf core: add themable flag to configuration options
Add an "int themable" field on struct t_config_option. The flag is set
automatically for every CONFIG_OPTION_TYPE_COLOR option, and may be set
explicitly on any other type by suffixing the type argument with
"|themable" in the call to config_file_new_option (e.g. "string|themable"
for a string option whose value contains "${color:...}" references).

Opt in the relevant string options in core (buffer_time_format,
day_change_message_*, item_time_format, nick_color_force, prefix_*,
chat_nick_colors, eval_syntax_colors, color palette aliases) and in the
buflist, fset, irc, relay plugins.

The flag is exposed via hdata, infolist, and print_log so scripts and
/debug can read it. This is the foundation for an upcoming /theme
command that will only be allowed to modify themable options.
2026-06-06 12:23:06 +02:00
Sébastien Helleu b802681230 api: fix infinite loop in function string_replace when the search string is empty 2026-06-03 21:15:16 +02:00
aizu-m 07871f123f core: fix possible integer truncation in function eval_string_split (#2320) 2026-06-01 10:25:35 +02:00
Sébastien Helleu 43a118ac47 core: fix timing attack on TOTP validation (GHSA-vhv8-g2r9-cwcc)
weecrypto_totp_validate compared the generated and client-supplied OTPs
with strcmp and broke out of the time-window loop on the first match.
Both choices leaked information via response timing: strcmp leaked the
expected OTP digit-by-digit (shrinking the brute-force search from
~10^digits to a handful of guesses within the 30-second window), and
the early break leaked which window offset matched.

Compare in constant time with string_memcmp_constant_time and always
iterate the full window, OR-ing the result into otp_ok without an
early exit.

This affects both relay protocols (which call totp_validate via the
public info hook) and any other caller of the info hook.
2026-05-31 09:16:46 +02:00
Sébastien Helleu 6948aea626 relay: fix timing attack on password authentication (GHSA-vhv8-g2r9-cwcc)
The relay authentication used non-constant-time comparisons (strcasecmp,
strcmp) to verify password hashes and plaintext passwords, allowing an
attacker to derive the expected hash byte-by-byte from response timing
and then authenticate without knowing the password.

- SHA/PBKDF2 hex hash comparisons: normalize the client-supplied hash to
  uppercase and compare in constant time over the fixed expected length.
- Plaintext password comparison: HMAC-SHA256 both passwords with a fresh
  per-call random key and compare the fixed-size MACs in constant time,
  hiding both per-byte timing and the password length.

Add string_memcmp_constant_time helper in core, exposed via the plugin
API. Bump WEECHAT_PLUGIN_API_VERSION accordingly.
2026-05-31 09:16:15 +02:00
Sébastien Helleu d7fd2b7b0b core: define author name/email as constants
This fixes the following compiler warning:

src/core/core-args.c:180: warning: Message contains an embedded email address.  Better move it out of the translatable string, see https://www.gnu.org/software/gettext/manual/html_node/No-embedded-URLs.html
2026-05-30 13:39:45 +02:00
Sébastien Helleu 3e994996c6 core: set max curl version to 8.21.0 for symbol CURLAUTH_DIGEST_IE 2026-05-12 13:12:12 +02:00
Sébastien Helleu 17b593325a core: complete /help away by mentioning the option irc.look.display_away 2026-05-04 18:47:04 +02:00
Sébastien Helleu 3082c2e4e5 core: add condition on connected relay api clients in default value of option weechat.look.hotlist_add_conditions 2026-04-28 21:30:51 +02:00
Sébastien Helleu 0c29e5a630 core: fix possible integer truncation in functions eval_string_cut and eval_string_repeat 2026-04-10 21:48:56 +02:00
Sébastien Helleu 77a0dbfd44 core: remove dead code 2026-04-10 21:48:37 +02:00
Sébastien Helleu 54eff44d74 core: check error ERANGE after call to strtoul in function util_version_number 2026-04-05 15:33:33 +02:00
Sébastien Helleu 83d760deae core: check error ERANGE after call to strtoull in function util_parse_delay 2026-04-05 15:33:33 +02:00
Sébastien Helleu 5147b19e51 core: use function util_parse_longlong in function util_parse_time 2026-04-05 15:33:33 +02:00
Sébastien Helleu 50959eeb01 core: use function util_parse_longlong in upgrade functions 2026-04-05 15:33:33 +02:00
Sébastien Helleu ac2ed69c0b core: use function util_parse_longlong in function sys_setrlimit 2026-04-05 15:33:33 +02:00
Sébastien Helleu 2f7f707df0 core: use function util_parse_longlong in function string_parse_size 2026-04-05 15:33:33 +02:00
Sébastien Helleu 94e5de4836 core: use function util_parse_int in function string_get_priority_and_name 2026-04-05 15:33:33 +02:00
Sébastien Helleu 38f9a5587f core: use util functions to parse integers in function network_connect_child_read_cb 2026-04-05 15:33:33 +02:00
Sébastien Helleu 6432711798 core: use util functions to parse integers in hook functions 2026-04-05 15:33:33 +02:00
Sébastien Helleu 81c23a5134 core: use util functions to parse integers in hdata functions 2026-04-05 15:33:33 +02:00
Sébastien Helleu 6336c22293 core: use util functions to parse integers in eval functions 2026-04-05 15:33:33 +02:00
Sébastien Helleu 6658122b03 core: use util functions to parse integers in config functions 2026-04-05 15:33:33 +02:00
Sébastien Helleu 7e8f8b5178 core: use util functions to parse integers in core commands 2026-04-05 15:33:33 +02:00
Emil Velikov 7d88e53182 Bump required zstd to v1.4.0
Bump the requirement to v1.4.0, which means we can remove all the ifdef
guards.

It was released over 6 years ago, with latest release being 1.5.7.

The oldest distributions we target Ubuntu 20.04 and Debian Bullseye,
have 1.4.4 and 1.4.8 respectively.

Signed-off-by: Emil Velikov <emil.l.velikov@gmail.com>
2026-03-29 18:39:02 +02:00
Luc Schrijvers 8fe741e057 Build fix for Haiku 2026-03-29 18:31:27 +02:00
Sébastien Helleu f53e7fb9ef core, plugins: fix typos in comments on functions, use imperative 2026-03-23 20:45:36 +01:00
Sébastien Helleu d34eb40187 core: set max curl version to 8.20.0 for RTMP symbols
rtmp support has been dropped in curl, see:
https://github.com/curl/curl/commit/ceae02db040de3cf7ae4c3f8ec99e8286b568c2e
2026-03-21 17:59:48 +01:00
Sébastien Helleu f7267bc992 core: replace "mypassword" by "my_password" in /help secure 2026-03-21 17:27:02 +01:00
Sébastien Helleu 147d5b3f88 core: replace "mynick" by "andrew" in /help secure 2026-03-21 17:22:20 +01:00
Sébastien Helleu da4881959e core: replace "proxyname" by "proxy_name" in /help proxy 2026-03-21 13:28:38 +01:00
Sébastien Helleu 5e963c7546 core: replace "barname" by "bar_name" in /help bar 2026-03-21 13:23:55 +01:00
Sébastien Helleu 9bf2d51493 core: add option -e to evaluate all commands before executing them in command /eval 2026-03-14 00:03:27 +01:00
Sébastien Helleu 27ae6ca789 core: fix crash with /eval when the current buffer is closed in a command 2026-03-13 23:11:00 +01:00
Sébastien Helleu b82ce33c6c core: fix quotes in upgrade error message 2026-03-12 20:16:49 +01:00
Sébastien Helleu 01d2887b13 core: replace ellipsis by "etc." in /help secure 2026-03-09 23:01:29 +01:00
Sébastien Helleu ec6372f4df core: add missing double quote in /help hotlist 2026-03-09 22:51:20 +01:00
Sébastien Helleu 71329fd595 core: remove double quotes around buffer number in error message 2026-03-09 22:45:30 +01:00
Sébastien Helleu 106fe6ca7c core: update copyright dates 2026-03-08 10:37:15 +01:00
Sébastien Helleu 630f2e2e7c core: translate command line options separately in output of weechat --help 2026-03-08 09:10:29 +01:00
Sébastien Helleu eb0b01f62a core: move functions on command-line arguments to a separate source 2026-03-07 12:47:11 +01:00