summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* docs: Make sphinx build process match the current HEADrelease-0.8Marcel Hellkamp2011-03-201-36/+103
|
* fix: "Digits cannot be used in route parameter names" (#108)Marcel Hellkamp2010-12-142-1/+9
| | | | Thanks to Alexey Borzenkov
* Version bumb to 0.8.5 (security fix)0.8.5Marcel Hellkamp2010-11-111-1/+1
|
* Security fix: cookie_decode() vulnerability to statistical timing attacks.Marcel Hellkamp2010-11-111-5/+11
| | | | | | | | | | | | | | | This vulnerability reduces the amount of time required to guess a valid signature for a forged cookie. Only applications that use the secure-cookie feature are affected. Detail: Prior to this patch, the transmitted signature and the calculated (valid) signature were compared using the python '==' operator. The runtime of this operation depends on the length of a common string prefix. The time difference is barely measurable for a single request, but it exists. An attacker could send a large amounts of request with different signatures, measure the time for each request and statistically determine which signature is most likely to have a valid prefix. On a fast network, this can drastically reduce the time required to guess a valid signature for a forged cookie.
* Version bumb to 0.8.4 (small bugfix)0.8.4Marcel Hellkamp2010-10-092-1/+5
|
* made DictMixins usable with the @view decoratorBrandon Gilmore2010-10-091-1/+1
|
* Version bumb to 0.8.3 (bugfix release)0.8.3Marcel Hellkamp2010-08-261-1/+1
|
* docs: ChangelogMarcel Hellkamp2010-08-261-0/+5
|
* fix: (issue #90) Reloading server dies on slow hardware.Marcel Hellkamp2010-08-111-1/+1
| | | | | | | | | | | | Python seems to have some serious issues with the GIL when IO bound and CPU bound threads are mixed on a multi-core CPU [1]. This may prevent the observer thread to wake up and touch the lock-file it time. I observed this even on otherwise idling hardware. This patch does not fix the bug completely, but it should give the observer enough time and work around this issue in most cases. Dying observer processes are relatively rare. An increased timeout should not hurt that much. [1] http://dabeaz.blogspot.com/2010/01/python-gil-visualized.html
* Version bumb to 0.8.2 (bugfix release)0.8.2Marcel Hellkamp2010-07-291-1/+1
|
* Added release documentation for 0.8.2Marcel Hellkamp2010-07-291-0/+9
|
* fix: This solves issue #87 (FileCheckerThread seems to fail on eggs)Marcel Hellkamp2010-07-291-1/+1
|
* Fixed spelling of "recipes", other typos in docs.David Buxton2010-07-212-10/+10
| | | | Moved "apidoc/recieps.rst" to "apidoc/recipes.rst".
* fix: mount() was mis-labeled as wrapping Bottle.get_url().Marcel Hellkamp2010-07-191-1/+1
| | | | Thanks to Ian
* fix: (Issue #83) Bottle.get_url() does not return correct path when ↵Marcel Hellkamp2010-07-192-4/+12
| | | | SCRIPT_NAME is set.
* fix: Added backward compatibility and deprecation warnings to some of the ↵Marcel Hellkamp2010-07-192-4/+25
| | | | | | API changes. docs: Added undocumented API changes to changelog
* Fixed some documentation spelling, punctuation and typos.David Buxton2010-07-197-121/+121
|
* Updated MANIFEST.inMarcel Hellkamp2010-07-151-2/+3
|
* Version bumb to 0.8.1 (new release)0.8.1Marcel Hellkamp2010-07-151-1/+1
|
* Last documentation fixes.Marcel Hellkamp2010-07-155-17/+127
|
* Merge branch 'reloader-0.8' into release-0.8Marcel Hellkamp2010-07-151-56/+89
|\
| * Code cleanup.Marcel Hellkamp2010-07-151-36/+29
| |
| * Bugfix: If the reloading observer process got killed, the child process ↵Marcel Hellkamp2010-07-131-49/+89
|/ | | | | | survived. Bugfix: Infinite recursion in reloading code.
* Merge branch 'stplnolist' into release-0.8Marcel Hellkamp2010-06-302-59/+59
|\
| * fix: Issue #77 - Templates should return strings as documented, not list of ↵Marcel Hellkamp2010-06-302-59/+59
|/ | | | | | strings. Thanks to "tristanz"
* Documentation (lots of it)Marcel Hellkamp2010-06-2710-369/+377
|
* Version bump to 0.8.rc10.8.rc1Marcel Hellkamp2010-06-261-1/+1
|
* Merge remote branch 'origin/405router'Marcel Hellkamp2010-06-263-87/+111
|\
| * Refactored the method-awareness from the Router-class into the Bottle-class. ↵Marcel Hellkamp2010-06-252-200/+120
| | | | | | | | | | | | | | | | | | | | | | | | The router now contains dicts instead of callbacks and the Bottle.match_url() method picks the right entry from the dict. The router should be kept as simple as possible and the Bottle class is the right place to raise any HTTPError(405) exceptions. I also removed the backup-methods and made sure all visible APIs stay backwards compatible.
| * implemented 404/405 with optimized routingAlex Popescu2010-06-223-30/+134
| |
* | Merge remote branch 'origin/stpl_bugfix-0.8'Marcel Hellkamp2010-06-263-9/+72
|\ \
| * | fix: In stpl, there was a chance that text blocks were split into single ↵Marcel Hellkamp2010-06-251-1/+1
| | | | | | | | | | | | characters and handled inefficiently.
| * | bugfix: SimpleTemplate no supports some python multi-line statementsMarcel Hellkamp2010-06-253-7/+54
| | |
| * | bugfix: SimpleTemplate now detects python comments correctlyMarcel Hellkamp2010-06-252-4/+20
|/ /
* | fix: A small bug in the test toolbox which rendered the assertInBody() tests ↵Marcel Hellkamp2010-06-221-3/+3
|/ | | | | | useless. Thanks to Alex Popescu.
* Merge branch 'file_wrapper'Marcel Hellkamp2010-06-191-3/+18
|\
| * fix: A fallback for 'wsgi.file_wrapper' MUST have a close() method that ↵Marcel Hellkamp2010-06-191-3/+18
|/ | | | | | invokes the original file-like object's close() method. Thanks to Enrico Zini.
* Merge branch 'file_wrapper'Marcel Hellkamp2010-06-191-2/+2
|\
| * fix: Return wsgi.file_wrapper wrapped files directly to the wsgi server.Marcel Hellkamp2010-06-191-2/+2
|/ | | | Thanks to Alex Popescu, Enrico Zini and David Paleino.
* Merge branch 'bequiet'Marcel Hellkamp2010-06-181-6/+10
|\
| * Silence WSGIRefServer on run(quiet=True).Marcel Hellkamp2010-06-181-2/+6
| |
| * fix: Calling run(quiet=True) broke some of the server adapters.Marcel Hellkamp2010-06-181-4/+4
|/
* WhitespaceMarcel Hellkamp2010-06-131-6/+6
|
* new: Support for tuples as return value.Marcel Hellkamp2010-06-132-1/+6
|
* fix: 304 responses must not return entity headers (rfc2616 10.3.5).Marcel Hellkamp2010-06-133-4/+30
| | | | | | | fix: 204 responses should not return a content-type header (rfc2616 10.2.3*). * The RFC does not say this, but wsgiref.validate() does and it makes some sense. Thanks to Alex Popescu for this bug report.
* Removed a redundant test for wsgi.file_wrapper in Bottle._cast() and added ↵Marcel Hellkamp2010-06-134-6/+23
| | | | some tests for status codes that should result in an empty response body.
* fix: Changed HTTP status code for send_file() calls that fail because of ↵Marcel Hellkamp2010-06-132-4/+4
| | | | | | root-path restrictions or missing permissions from 401 (Unauthorized) to 403 (Forbidden) to comply the RFC. Thanks to Alex Popescu for the bug report.
* Changed run and fixed bottle reloader, so child process exits,Johannes Schönberger2010-06-031-3/+13
| | | | if parent process got killed
* bugfix: HeaderDict.get() was case sensitive.Marcel Hellkamp2010-06-022-0/+11
|
* fix: Be quiet if a CGI-like server adapter is usedMarcel Hellkamp2010-05-201-2/+6
|
View Lorry Controller Status