- Require all requests to use a session path.
- Use a redirect file to avoid exposing the '/start' URL on the
command line, as it contains the cookie value.
Fix for CVE-2014-2914.
Closes#1438.
Currently fish doesn't recognize toor as special. However, it's likely
that on BSD systems, fish shell will be used on toor, not on root (toor
is an intentionally existing account to use more advanced shell on, like
shell).
When you chroot in Debian, bash shows the chroot environment in the prompt:
```bash
...
if [ -z "${debian_chroot:-}" ] && [ -r /etc/debian_chroot ]; then
debian_chroot=$(cat /etc/debian_chroot)
fi
PS1='${debian_chroot:+($debian_chroot)}\u@\h:\w\$ '
...
```
This is the effect:
```
(chroot_env) user@host:~#
```
It is useful when chrooting, since usually the hostname remains the same and thus you can't distinguish where you are.
Before this change, fish config used 0 as its address. However, this
isn't a good idea from security point of view, as web service can be
accessed from everywhere, and do anything on the account it was ran on.
This also deals with firewalls which block the access to 0 even from
the host machine itself. It possibly might fix#673, but I'm not sure.
It would be nice if this would work without this hack,
but until then, this has to work. Requires you to reinstall
the prompt using fish configuration system.
* Show color scheme title in preview box
* Show information about setting terminal background color on Apply
button mouse hover
* Added text_color_for_color method in colors controller scope
From the Python webbrowser documentation:
"If text-mode browsers are used, the calling process will block until the user exits the browser."
Running fish_config on an ssh server with no GUI browser will open a CLI browser which blocks and stops the server from handling requests.
Using multiprocess to run the server in the background lets CLI browsers access the page, but the page is unusable.
For now, disable CLI browsers and recommend opening the page in a graphical browser.
In the future, maybe write a CLI utility to change prompts and delete history items.
Prefer the standard library lzma module if available. This change prevents
using the backports-lzma when it is installed for a version of Python that
already has the lzma module in its standard library.