home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Cream of the Crop 25
/
Cream of the Crop 25.iso
/
os2
/
tton1970.zip
/
docs
/
WHATS.NEW
< prev
next >
Wrap
Text File
|
1997-04-11
|
16KB
|
338 lines
Templeton
Copyright 1995,1996 N.A. Krawetz
All rights reserved.
REVISION HISTORY
8 Apr 1997 version 1.963 - 1.970
Corrected robots.txt name to obey when using "Spoof".
"Spoof cow (pig)" should use "cow", not "cow (pig)".
Increased FAT 8.3 file hashing from 676 rehashes to 17576.
FAT file names change longfilename.html => longfAAA.htm.
(Believe it or not, a URL was found that contained 900 hashes!)
Changed: A "HEAD" is no longer performed on probably CGI application.
These applications are identified by a '?' in the URL.
New: all URLs containing '?' are identified as probably CGI.
Limitation: Regular HTML documents which contain a '?' may be
incorrectly identified as a probable CGI application. (They
shouldn't have '?' in the URI, but bad HTML code never ceases
to amaze me.)
Limitation: CGI applications which take option queries may be
incorrectly identified as directories.
Changed: CGI applications no longer specify directories. The
extension is no longer ".html".
URLs containing '?' no longer have the '?' designate a local
directory. This was introduced in 1.962. It creates problems
when a CGI has optional arguments.
Added: %n and %N for time "now" in Command_*.
5 Apr 1997 version 1.962
Corrected "<FORM ACTION=" missing begining quote around URL.
Also occured with "<SCRIPT SRC=".
Corrected "Document has moved" bug when the URL specifies a
directory, does not have an ending '/', and refers to an
existing directory on the hard drive.
Changed: arguments to CGI files (noted by an initial '?') are
placed in their own directories. (Overcomes some filesystem
limitations under Win95.)
Added clear-screen after unregistered message screen #2.
Corrected segmentation violation (Linux/SunOS) and no locindex.html
when local path is ".", "..", or "/".
Corrected links in log files when local path is ".", "..", or "/".
URLs containing '?' are logged as probable CGI applications.
2 Apr 1997 version 1.961
Corrected linking problem introduced in 1.960
Corrected "missing comments" introduced in 1.960
Corrected problem with registration loop under SunOS gcc. Ugh.
21 Mar 1997 version 1.951 - 1.960
Identified and corrected possible security risk under Linux.
Risk does not involve the OS/2 or SunOS versions.
The risk was *only* in Linux-specific code.
The risk only involved Linux IP/subnet registered versions with
EUID/GUID as root (or kmem).
Risk was internal (local users) not external (remote users).
Running Templeton as EUID or GUID root in version 1.951 resets
application EUID and GUID to local user. EUID/GUID root (or kmem)
is only enabled during read-only access of /dev/kmem for machine
ID registration.
Users effect by risk: None. No known registered users with
IP/subnet registration used the Linux version.
Risk was identified and corrected shortly after 1.950 release.
Command_* no longer can overrun array bounds.
JavaScript entities &{...}; in HTML tags <...> are no longer processed.
They are now logged in the log files.
JavaScript service tags "javascript:..." are logged in the log files.
Corrected: URL's specified in <SCRIPT SRC=...> tags are no longer
processed like images. The SRC is rewritten to reflect the
original server. when scripting languages become supported, this
will be changed.
Corrected: JavaScript between <SCRIPT>...</SCRIPT> tags in not interpreted.
As such, URLs and files specified in the JavaScript may not be
retrieved. May be corrected in a later release. Script tags are
logged in the log files.
Fixed: Command_Default broke in 1.950 release.
Fixed: File time was incorrect by 1 day (when midnight was between
localtime and GMT).
Corrected: Comment tags <!--...> no longer require a space after the "!--".
Corrected: Index.htm is no longer retrieved twice when using default
"index.html" on a FAT partition.
Corrected: A CGI application found on 2 web pages now is correctly
referenced the second time. But fixing this broke the filename...
Broken: CGI applications which return a GIF or JPG file have the
extension ".html" instead of ".gif" or ".jpg". Filters such
as "deny *.gif" will not work on them. Netscape and WebExplorer
both properly view the file as a graphic.
The filename will be corrected in a later release.
Added: %t and %T for putting timestamps in Command_* applications.
17 Mar 1997 version 1.910 - 1.950
Major code modifications and optimizations. (More modulatity, private
objects, etc.)
Added Proxy authentication (password) support.
Added "Proxy-Authorize" to configuration file and documented.
Added "Command_URL" to configuration file.
Added "%p" and "%P" to the command interpretation strings.
See documentation on Command_html for detauls.
Added keyboard command 'I' for "user Interrupt" current download.
Useful for stopping a large file from being retrieved.
Interrupt either: stops reading and goes to processing, or
stop processing and goes to next file.
To stop reading and go to the next file, press 'I' twice.
(May be changed in later versions.)
Reduced data structure memory by 17%. :-) Templeton now uses up
about 17% less RAM when running. May be reduced by another 5% later.
Corrected memory error under Linux. Linux version available.
Special thanks to Bruce Perens for "Electric Fence". (Found the
problem in seconds!)
Memory error should not have affect under OS/2 or SunOS releases
do to different memory management schemes.
Corrected password prompting under Linux/SunOS.
Added ISO 8601 time format (and ISO 8601 compressed) support.
Although not standard in HTTP 1.1, it is proposed for HTTP 2.0.
Corrected password prompting to not prompt when running non-interactive.
Default user:password for non-interactive is "-:-" meaning "skip".
Changed: [,],{, and } are no longer valid filename characters.
Changed: Local and remote log files now contain proper beginning and end
tags, as well as titles. Errors are now in bold text.
Added logfile comments for 'Q' (User quit) and 'I' (User interrupt).
Also added "Aborting" message.
OS/2 version no longer dependent on the curses library. 8-) Executable
is now smaller (20K smaller) and faster. "I pressed a key and the
pause window always comes up" bug fixed under OS/2. Bug was caused
by the curses library -- it wasn't flushing the input buffer.
Revised DNS support when using proxies. Some (badly configured) firewalls
do not pass DNS requests to the outside for resolution.
Win95 version getting closer (no date yet). Still needs: read keyboard
while running, registration code, tempfile support. It does access
the network correctly, and can use long file format (wow!).
Updated unregistered expiration date to June 16.
14 Feb 1997 version 1.900
Registration payments allowed via BMT Micro (www.bmtmicro.com)
Corrected retrieval of wildcard-restricted CGI data. For example,
"deny *.gif" would still retrieve "http://machine/cgibin/time.cgi"
which generates a ".gif". Now file is correctly *not* retrieved.
Revised socket-read function. This corrected one bug under Linux.
Corrected file timestamp to corrected correspond with daylight-savings time.
Updated expiration data to April 15. (Wanted April 1, but informed that
it would not be a "fun" April Fool's joke.)
Updated documentation to include new registration fees and method.
New icons. (The "Home" icon cause some confusion.)
HTML 3.2 compatable. Supports lowsrc and client-side image mapping
when the image map information is stored in a seperate file.
18 Jan 1997 version 1.810
Corrected mkdir error on drive specification.
Added If-Modified-By to retrievals. Updated docs.
Changed the default FileOverwrite from TRUE to MODIFIED.
Corrected reading from $ETC directory.
Corrected image links to restricted images. (Document now matches logs.)
Restricted images with RemoveRestricted set to TRUE no longer removes
the entire IMG tag. (ALT=text and other information was lost!)
Now the src= field is set to "". Netscape 2.02 for OS/2 displays a
"unloadable image" icon. WebExplorer for OS/2 displays the ALT=
text. Seems browser specific, but only Netscape fails to follow
the HTML 3.0 standard.
31 Dec 1996 version 1.803
Corrected incorrect link when server says "/robots.txt has moved."
Seen on www.primenet.com. Exclusion standard does not say file
can move. (Bug probably existed since 1.75.)
Updated docs/system.htm section on OS/2 EMX DLLs.
No longer can "Add" a URL that is restricted.
Directories now refer to first found instance of hostname. (Was this
way in 1.76, but got broke along the way.)
Last release of 1996.
26 Dec 1996 version 1.802
Corrected EOF bug introduced in 1.801.
Correctly displays % processed, even when server does not return length.
Explicitly remove "/./" from initial path (prevent duplicate retrieval).
25 Dec 1996 version 1.801
Added pwd64.exe to distribution.
Added pwd64.htm documentation.
20 Dec 1996 version 1.80
Corrected index.html/index.html introduced in version 1.783.
Added basic authentication.
Created pwd64.exe to generate base64 authentication. For use with
authentication in the configuration files
Corrected file-overwrite problem for restarting. Solved by always
overwriting HTML files, but not images or "other" file types.
Added '*' wildcard to allow/deny restrictions.
File timestamp now reflects Last-modified time from server. NOTE: EMX
improperly ignores local daylight-savings time, so it may be 1
hour off. To be fixed.
Updated documentation.
Updated expiration date: 15 Feb 1997.
23 Nov 1996 version 1.782 beta
First robots.txt now uses proxy information when running non-interactive.
Removed garbage URL when using "Add" and "Interactive FALSE".
Created Templeton.ico for OS/2 icons.
15 Nov 1996 version 1.781 beta
Servers that do not return server info now add entry to server list.
Corrected missing robots.txt when using "Add" from the configuration file.
Corrected extraneous path info when using "Add" and "LocalPath" from the
configuration file.
Registration prompting removed for non-interactive mode.
Corrected HEAD buffering when server returns entire document, blank
lines in front of the meta information, or no meta information
(first found at www.cs.ubc.ca).
Increased max URL length from 128 to 256 characters. This will be dynamic
later, but for now it is just big.
28 Oct 1996 version 1.78 beta
Fixed commands from crashing when improperly used %.
Commands now recognize %% %d %u %h %l %r and %s (backwards compatability)
Lots of changes to the documentation.
Fixed double index problem (index.html/index.html).
Fixed double extension problem (index.html.gif).
Fixed extraneous '/' added to some requested URL.
Removed redundant gethostbyname calls (easier on nameserver).
Removed Linux system() security risk when executing as seteuid(root).
Removed extra CRLF during prompts under Linux and SunOS.
Corrected backspace under SunOS/Solaris/Linux
*** Changed default for FileOverwrite to TRUE!!! Be warned.
Corrected bug with Proxy requests
Corrected string problem under Linux/SunOS
16 Oct 1996 version 1.77 beta
Released Oct. 20, 1996
Restricted registration for IP addresses that are down or loopbacks
Application-Text files no longer have ".text" added as an extension.
(some servers return this metatype for unknown binary data.)
Added Command_* to run commands after retrieving a file-type.
Changed command file to strip surrounding spaces/quotes from value string.
Changed command file to accept spaces within the value string.
9 Oct 1996 version 1.762 beta
Corrected retrieval of frames HTML code.
New ways to register: IP address and subnet
1 Oct 1996 version 1.761 beta
Released Oct. 2, 1996
Corrected incorrect insertion of "index.html" when a file has an explicit
self-link. File Cow.html: <a href="cow.html#label">
Corrected error handling null links: <a href="">, <a href=">, <a href=>, etc.
23 Sep 1996 version 1.76 beta
Released Sep 23, 1996
Corrected big problem when index was renamed or proxy port changed.
Corrected restrictions that use a '#' on the line after restriction.
10 Sep 1996 version 1.76 beta
Added spoofing
Corrected core dump when curses is not configured (now ends nicely)
14 Aug 1996 version 1.752 beta
Released Aug 16, 1996
Added additional logging including server type and mailto logging.
Why? Jarrid found a bug in a popular web server and wanted to identify
all machines that had the old (buggy) server so he could request their
upgrade. Templeton now generates a list of server types and IP addresses
in order to help Jarrid.
Why mailto? I've had a few requests to generate a list of e-mail addresses
for automated mailing lists. (If I were smart, I'd put in a catch so MY
e-mail address is never added to the list... :-)
25 July 1996 version 1.751 beta
1. hrefs that contain just a "#ext" were ignored.
2. image maps that return an html error message but an error code 200 (OK)
no longer core dump (just makes an empty file). This was the case with
www.lycos.com.
3. attempted to correct curses bug when using ^H on a text line.
Added new feature: server-file. This generates a list of hosts and server
types. Note: a host with 2 ports running 2 different servers will only
list ONE of the servers and not associate it with a port.
6 May 1996 version 1.75 beta
Added restriction list.
- Restriction list supports robots.txt
-- all instances of "templeton" in robots.txt are obeyed
-- default (catch-all) restrictions in robots.txt are used when set
in the configuration file using "Exclusion"
-- allows manual override of all restrictions
Searches for config files {.templetonrc tempeton.cfg templeto.cfg} in:
1. $(ETC)/
2. $(HOME)/
3. ./
Added text (termcap/curses) user interface (UI).
UI allows for:
1. pause (any non special key)
2. quit (q,Q,x,X)
3. change sleep interval (s,S)
4. list/add/delete/change restrictions (l,L)
Still to go before release: shareware protection.
25 April 1996 version 1.74 beta
Corrected inline ISMAP for use with
<http://www.geocities.com/cgi-bin/main/BHI/proxmap.html> (my first example
of client-end ISMAP processing).
4 April 1996 version 1.73 beta
Corrected proxy port bug when set from configuration file.
14 March 1996 version 1.73 beta
Expires 2 April 1996
Added restriction by (sub)domain. Set RestrictHost to .edu to restrict to
.edu domain. (Sub)domains are specified by the starting "."
Corrected bug with imagemap concatination.
Added "(IP_ADDRESS)" to default "From:" line.
Corrected imagemap identification.
Corrected file extension identification.
Corrected FAT mapping to include determined extensions.
Corrected imagemaps to reflect local file structure (absolute paths only).
12 March 1996 version 1.72a beta
Expires 2 April 1996
Compiles with -Wall with no warnings! :-)
Searches for default configuration files in the current order:
1) $(HOME)/.templetonrc
2) ./.templetonrc
3) ./templeton.cfg
4) command line
1 March 1996 version 1.72 beta
Expired 12 March 1996
Allows indirect referencing on all links except imagemaps. Imagemaps
must be absolute links.
Corrected display problem with non-left justified text.
Corrected problem with filename 8.3 hashing.
Added support for .templetonrc and templeton.cfg in current directory.
Modified default From: value to username@hostname.domainname
System prepared for robot.txt implementation.
System prepared for GUI (UI now independent of engine).
Modified text user interface: now prompts for restrict path yes|no|/path.
Yes restricts to currently specified path
No does not restrict
/path restricts to specified path (starting point may not be root of tree)
Initial URL allowed to be not within restricted path.
Debug stores more info.