1. 20 Mar, 2022 1 commit
  2. 12 Feb, 2022 1 commit
  3. 20 Jan, 2022 2 commits
    • Rob Swindell's avatar
    • Rob Swindell's avatar
      Add JS methods for vetting filenames (e.g. for upload by users) · c94fbb2b
      Rob Swindell authored
      system.illegal_filename() - check if contains illegal chars/sequences
      system.safest_filename() - check if contains only safest chars
      system.allowed_filename() - check if meets criteria from SCFG->File Options
      system.check_filename() - check if legal and meets configured criteria and is not in file.can
      bbs.check_filename() - ditto, except will display badfile.msg as appropriate
      Now scripts can utilize the sysop-controlled filename criteria and security of the BBS.
  4. 05 Jan, 2022 1 commit
  5. 02 Jan, 2022 1 commit
  6. 09 Aug, 2021 1 commit
  7. 20 Apr, 2021 1 commit
  8. 06 Apr, 2021 1 commit
    • Deucе's avatar
      Fix msclock() and xp_timer() to be monotonic on *nix · 7710c344
      Deucе authored
      Previously, these both used gettimeofday() which is both expensive
      to call, and not monotonic.
      This fixes system.clock_ticks in JS and various internal bits. for
      when the UTC wall clock jumps.
      While we're here, fix the documention of system.clock_ticks
  9. 04 Apr, 2021 3 commits
  10. 02 Apr, 2021 1 commit
    • Deucе's avatar
      Initial work on setTimeout() · ad635a64
      Deucе authored
      This appears to work and the event handler *should* work on other
      event types already.
      Note, this is *nix-only due to the use of poll().  select() will
      need to be used for Windows to keep XP compatability.
  11. 22 Feb, 2021 1 commit
  12. 15 Feb, 2021 2 commits
  13. 24 Jan, 2021 1 commit
    • Rob Swindell's avatar
      Performance enhancement for system.findstr() · 99346600
      Rob Swindell authored
      The first argument can now optionally be an array of strings (e.g. as read from File.readAll()), so that multiple searches of the same file (e.g. twitlist.cfg, while importing messages) does not require multiple *reads* of the same file.
  14. 12 Dec, 2020 1 commit
  15. 06 Dec, 2020 1 commit
    • Rob Swindell's avatar
      Fix null pointer deref (crash) in new_user() when "client" object is invalid · b11d34b0
      Rob Swindell authored
      When system.new_user() was called but the current "client" object is uninitialized (e.g. has NULL protocol, host or IP address fields because there is no active client, e.g. because is was called from a timed event with active user online) - this code would dereference a NULL pointer and crash the b0rad. Reported by Mortifis.
  16. 02 Dec, 2020 2 commits
  17. 19 Sep, 2020 1 commit
  18. 17 Sep, 2020 1 commit
    • Rob Swindell's avatar
      Better sysop availability (for chat) visibility/toggleability · e59866e3
      Rob Swindell authored
      - JS system.operator_available property (read/writeable)
      - SYSAVAIL @-code which expands to LiSysopAvailable or LiSysopNotAvailable
        (use the new SYSAVAIL @-code in the chat menu to show availabilty to chat)
      - ;avail sysop command (in str_cmds.js) to toggle sysop availability
      - Changed LiSysopIs text.dat string to be a format string (include %s) and
        the trailing \r\n, so that it can be used in str_cmds.js or anywhere else
        to report sysop availability to chat, or can be set to blank string to
        display nothing (this would not work previously).
  19. 14 Sep, 2020 1 commit
  20. 16 Aug, 2020 1 commit
  21. 31 Mar, 2020 1 commit
    • rswindell's avatar
      Add 2 new system properties: · d3623484
      rswindell authored
      - min_password_length (currently hard-coded to 4)
      - max_password_length (currently hard-coded to 40)
      Remove 2 unused system properties (nobody uses PostLink/UTI drivers any more):
      - psname
      - psnum
  22. 29 Mar, 2020 1 commit
    • rswindell's avatar
      Add system.get_node() method to read a single node record in one shot: · 46844bb7
      rswindell authored
      use this in place of system.node_list[] if you're going to be using a lot of
      the properties and passing them around to methods which are going to each
      possibly dereference the values, as *each* deference results in a read of the
      node record in the node.dab. On my system, a simple node list (e.g. /L
      command) would result in between 60 and 100 reads of the node.dab (for a 13
      node system), which was nuts.
      The system.get_node() method currently leaves the node record unlocked and
      there is currently no equivalent put_node() method, so you still need to use
      the system.node_list[] for modification of node records. But, I now see there
      are race conditions with the current methods of read-modify-writes of the
      node_list[] properties. We should be locking a node.dab record, reading it,
      modifying it, writing it, and then unlocking it - as is done in the C/C++
      code. So... that's a todo item.
      Also created system.stats.node_gets to track the number of node.dab reads
      from a single instance of the system object. May remove this any time.
  23. 24 Mar, 2020 1 commit
  24. 02 Sep, 2019 1 commit
    • rswindell's avatar
      Storing the node file (node.dab) descriptor in the scfg_t was a "bad idea" {tm} · e97522ee
      rswindell authored
      The scfg_t instances are often shared between threads and we can't really share
      file descriptors between threads, so we ended up with file descriptor leaks and
      race conditions.
      Instead, define/allocate/free a new js_system_private_t where the scfg_t* and
      the nodefile (descriptor) are kept - per "system" instance.
  25. 31 Aug, 2019 2 commits
  26. 20 Aug, 2019 1 commit
  27. 04 May, 2019 2 commits
    • rswindell's avatar
    • rswindell's avatar
      Define and use a wrapper for JS_GetInstancePrivate(): js_GetClassPrivate() · 6f83c4ff
      rswindell authored
      Use this in place of JS_GetPrivate() in native class methods that need the
      class instance's private data pointer and will do bad things if that pointer
      points to something other than what is expected. mcmlxxix (matt) discovered
      that using Object.apply(), you can invoke class methods where the 'this'
      instance is a different class. This would result in
      "Internal Error: No Private Data." or a crash.
      So now, gracefully detect this condition and report a meaningful error:
      "'<class-name>' instance: No Private Data or Class Mismatch"
      Also, important to note: if the method uses JS_THIS_OBJECT to get the JSObject*
      to pass to JS_Get*Private, then it must do this *before* it calls JS_SET_RVAL.
      From jsapi.h:
       * NB: there is an anti-dependency between JS_CALLEE and JS_SET_RVAL: native
       * methods that may inspect their callee must defer setting their return value
       * until after any such possible inspection. Otherwise the return value will be
       * inspected instead of the callee function object.
      The js_crypt*.c files still need this treatment.
  28. 10 Mar, 2018 2 commits
  29. 20 Feb, 2018 2 commits
  30. 16 Nov, 2017 1 commit
  31. 13 Nov, 2017 1 commit
    • rswindell's avatar
      New feature: control of SPAM visibility when reading mail on the Terminal · d18bd3bd
      rswindell authored
      Server via the new 'V' command from the Reading Mail prompt allows you to
      toggle between all mail (including SPAM, the default), SPAM only, or HAM only.
      Also added a new '/' (search text) command from the reading mail prompts.
      Mail imported before the mailsrvr added support (recently) for the MSG_SPAM
      attribute flag will not be counted/filtered as SPAM.
      SBBSecho will have a commit (next) to support the new loadmail() usage, it
      will not compile until then.