b802681230
api: fix infinite loop in function string_replace when the search string is empty
2026-06-03 21:15:16 +02:00
6948aea626
relay: fix timing attack on password authentication (GHSA-vhv8-g2r9-cwcc)
...
The relay authentication used non-constant-time comparisons (strcasecmp,
strcmp) to verify password hashes and plaintext passwords, allowing an
attacker to derive the expected hash byte-by-byte from response timing
and then authenticate without knowing the password.
- SHA/PBKDF2 hex hash comparisons: normalize the client-supplied hash to
uppercase and compare in constant time over the fixed expected length.
- Plaintext password comparison: HMAC-SHA256 both passwords with a fresh
per-call random key and compare the fixed-size MACs in constant time,
hiding both per-byte timing and the password length.
Add string_memcmp_constant_time helper in core, exposed via the plugin
API. Bump WEECHAT_PLUGIN_API_VERSION accordingly.
2026-05-31 09:16:15 +02:00
94e5de4836
core: use function util_parse_int in function string_get_priority_and_name
2026-04-05 15:33:33 +02:00
f53e7fb9ef
core, plugins: fix typos in comments on functions, use imperative
2026-03-23 20:45:36 +01:00
106fe6ca7c
core: update copyright dates
2026-03-08 10:37:15 +01:00
a1cbe63a42
tests: move CMake file, main C++/headers for tests and scripts to unit directory
2025-05-05 13:18:34 +02:00
2475f20cb7
all: move description of C files below the copyright and license
2025-03-31 11:47:49 +02:00
3a6ac9ee76
all: add SPDX license tag
2025-03-31 07:49:26 +02:00
d8987a1678
all: replace Copyright lines by SPDX copyright tag
2025-03-30 14:47:12 +02:00
547e2b934e
core: update copyright dates
2025-02-01 23:13:18 +01:00
26e16fdea7
tests: add extra tests on function string_split
...
New tests:
- split empty string
- standard split with only separators in string
- standard split with only separators in string and strip separators
2024-10-21 08:23:55 +02:00
7f93f81a82
spelling: separator
...
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com >
2024-09-28 21:22:56 +02:00
6908eec160
tests: replace POINTERS_EQUAL by STRCMP_EQUAL in string comparisons with NULL
2024-09-14 10:26:42 +02:00
5f62eb1f2b
tests: add tests on function string_rebuild_split_string with empty items
2024-09-07 08:27:26 +02:00
843dcd49b5
tests: add more tests on function string_split_shell
2024-06-08 14:24:43 +02:00
0df1cde496
tests: fix typo in comment
2024-05-08 09:30:33 +02:00
9f536d3dc7
api: return -1 or 1 if one input string is NULL and not the other in string comparison functions
2024-05-08 09:30:20 +02:00
619b40b42f
core: remove check of NULL pointers before calling string_shared_free() (issue #865 )
2024-04-26 08:55:35 +02:00
8c3f16dbe3
core: add support for $XDG_STATE_HOME
2024-04-12 22:57:57 +02:00
2cf66de423
api: add function "asprintf"
2024-04-07 13:18:13 +02:00
24c4029c96
core: remove "wee-" prefix from source files in src/core and src/core/hook
2024-03-12 21:27:37 +01:00
f126255d6a
core: add support of base64url in encode/decode functions (issue #2066 )
2024-02-01 21:39:21 +01:00
eecb2a997e
core: update copyright dates
2024-01-01 22:29:58 +01:00
e01fa0aac9
tests: fix tests on function string_replace_with_callback
2023-11-23 22:01:48 +01:00
479ab5bc58
core: evaluate expressions even when the suffix is missing (issue #2042 , issue #1714 )
2023-11-23 08:49:54 +01:00
24c46cf3e5
tests: check that environment variable "HOME" is set before using it
2023-10-30 08:45:44 +01:00
e34071131e
api: add function string_concat (issue #2005 )
2023-10-17 18:14:53 +02:00
5d9af29024
api: add infos "nick_color_ignore_case" and "nick_color_name_ignore_case" (issue #194 )
2023-08-24 18:19:32 +02:00
9462c87ce5
tests: add tests on string comparison functions with range of 29 chars
2023-08-23 12:14:07 +02:00
b551d6f247
core: check for newline characters in string_is_whitespace_char
...
This fixes a bug where if you had multiple lines in the input and
pressed ctrl-w when the cursor was after the first word of any line but
the first, it would delete both the word before the cursor and the last
word on the preceding line.
2023-06-27 21:28:24 +02:00
46b9428f9e
tests: reverse arguments in calls to STRCMP_EQUAL
2023-05-14 18:52:23 +02:00
6d7f10ef20
core: fix execution of multiple commands separated by newline when there are no spaces
...
For example typing this on core buffer:
/t1
/t2
was not executing the two commands but sent the text to the buffer instead.
This is because WeeChat thinks it's a path, and the newline should indicate
it's not (like a space before the next slash: "/t1 /t2" is a command, not a
path, but "/t1/t2" is considered a path).
2023-05-05 20:28:11 +02:00
74154d972d
tests: fix comments (issue #1877 )
2023-01-30 21:44:09 +01:00
69a635412d
core: add function string_get_common_bytes_count (issue #1877 )
2023-01-30 21:44:03 +01:00
38ffac78f3
core: add function string_levenshtein (issue #1877 )
2023-01-30 21:43:58 +01:00
347c3f3214
core: move function hook_get_priority_and_name to wee-string.c (issue #1872 )
2023-01-28 15:13:18 +01:00
51d0a6f402
tests: add tests on string comparison functions
2023-01-14 21:44:19 +01:00
33bba784c3
core: update copyright dates
2023-01-01 14:54:35 +01:00
21f3575016
api: add functions string_strcmp and string_strncmp
2022-12-24 18:29:35 +01:00
a67556907d
api: rename char comparison functions "utf8_char*" to "string_char*"
2022-12-24 17:33:22 +01:00
083032972d
api: return arithmetic difference between chars in string comparison functions
...
Return code is changed for the following functions:
- string_strcasecmp
- string_strcasecmp_range
- string_strncasecmp
- string_strncasecmp_range
- string_strcmp_ignore_chars
- utf8_charcmp
- utf8_charcasecmp
- utf8_charcasecmp_range
2022-12-24 16:25:20 +01:00
5fc656a1b8
api: fix function strcmp_ignore_chars with case sensitive comparison and wide chars starting with the same byte
2022-12-23 23:20:29 +01:00
68b510517e
core: improve case convert and insensitive char comparisons ( closes #258 )
...
All lowercase letters are now properly converted to uppercase letters (and vice
versa), via functions `towupper` and `towlower`.
Functions `string_tolower`, `string_toupper` and `utf8_charcasecmp` have been
optimized to be faster when there are ASCII chars (< 128); functions are about
25-40% faster with mixed chars (both ASCII and multi-bytes).
Function `utf8_wide_char` has been removed, `utf8_char_int` can be used
instead.
2022-12-21 20:49:09 +01:00
40339b288a
api: return newly allocated string in functions string_tolower and string_toupper
2022-12-18 14:28:58 +01:00
ef842c5e62
core: fix function string_cut when there are non printable chars in suffix
2022-12-10 16:05:14 +01:00
3b674a5e16
tests: add another test on function string_translate_chars
2022-11-05 22:34:39 +01:00
bc2fb071e2
api: add function string_translate_chars
2022-11-05 22:34:38 +01:00
e7b6e8c60f
api: restrict number to integer in function string_parse_size
2022-09-27 15:50:43 +02:00
4d74a89cfc
api: add function string_parse_size
2022-09-27 15:50:43 +02:00
01cf98e8fb
core: add key alt+backspace, change behavior of key ctrl+w ( closes #559 )
...
The key ctrl+w now deletes one word until whitespace.
The new key alt+backspace deletes one word (same behavior as ctrl+w in previous
releases).
2022-09-18 23:26:49 +02:00
Sébastien Helleu