home *** CD-ROM | disk | FTP | other *** search
- BETA FIVE:
-
- * Fixed a potential JavaScript exploit that could result from
- including HTML in a bad URL. Proxomitron's error message output
- would echo the URL to the browser allowing the code to be
- processed. This could let JavaScript run seemingly under that
- URL (and might lead to cookie vulnerabilities).
-
- All echoed text is now HTML escaped before being printed.
- (My thanks to Hiromitsu Takagi for alerting me to this).
-
- * Added $ESC command to keep $UESC from hogging all the glory.
-
- * Bug with NEST & INEST commands not checking inner match fixed.
-
- * Added missing ViewSrc.css
-
- * Made sure filter names have any HTML escaped in source view
-
- * Re-Arranged the sorce view styles a bit and added crude
- line wrap for very long lines.
-
- BETA FIVE (Pre-Release):
-
- * All new HTML help file!
-
- * Proxomitron now should redraw its SysTray icon if explorer crashes
-
- * Increased the size of the replacement stack to 100 items.
-
- * Added syntax highlighting for source & debug views. Use the
- ViewSrc.css file in Proxomitron's html folder to customize the
- colors and fonts. It's pretty simple minded (does weird things
- in scripts sometimes), but makes the listings a good deal easier
- to read.
-
- * Added special http://Local.ptron/ URL. This acts as a simple
- web server to share access to items in Proxomitron's hmtl
- folder. Only those allowed to connect to Proxomitron can
- access these, and it's safer than using the http://file/ syntax
- (which allows access to all files). This can be used to load
- remotely images, scripts, style sheets, and such when using
- Proxomitron from other machines (Proxomitron's error messages
- now use this too).
-
- * Added $STOP() command (disables a filter for the rest of the page).
-
- * Added $NEST() and $INEST() matching commands.
-
- * Added work-around for some URLs with illegal unescaped characters.
-
- * Added "&&" (double AND) for bounded and checks (see docs)
-
- * Changed the order of precedence so "&" comes before "|".
- This is probably more correct and makes using "&&" easier
- (since it has the same precedence as "&"), but may affect some
- filters. Of the defaults, the banner blaster needed some
- re-arranging (also modified it to use "&&"). Keep this in
- mind if you're using an earlier version.
-
- * Added $AV() and $AVQ() matching commands and adjusted some
- filters to use them.
-
- * Fixed a parsing bug in certain matching commands.
-
- * Fixed header filters not being sorted properly on load.
-
- * $CTYP command is now $TYPE (and now actually works too).
-
- * Fixed a window re-positioning problem.
-
- BETA FOUR: Features
-
- * "Profile" option added to filter test - gives you a rough
- but sometimes useful estimate of a filter's efficiency.
-
- * Speed improvements on webpage filters
-
- * Ability to index many items in Blocklists (speeds up large lists).
-
- * Added several new URL commands for partial bypass...
- bout.. Bypass outgoing header filters
- bin.. Bypass incoming header filters
- bweb.. Bypass web filters
-
- * Some basic contact info added to the "Help" menu
-
- BETA FOUR: Fixes
-
- * Fixed crash when hitting enter on an empty filter list
- (inevitable fallout from the new "find" option ;-).
-
- * Reduced the flicker when resizing windows.
-
- * Fixed bug where IP access range wasn't saving if the
- first IP address was zero.
-
- * Fixed problem with IE when starting proxomitron with a URL.
-
- BETA THREE: Features
-
- * Ok I finally made the Web filter editor resizeable so you
- can stop asking me now. ;-) It also features a splitter
- between the matching and replace edit windows which was
- also needed for the resizing to be most useful.
-
- * In the same vein, window sizes are now saved in the config!
- Beware though, the program won't prompt you to save the config
- due to changes in window sizes alone. Still you can always save
- from the "File" menu even when the save icon is grayed.
-
- * Added an "Apply" button to the Header filters. Initially only
- the web filters had this since they were used far more often.
- However all the new URL commands have pushed the header filters
- a bit more into the forefront.
-
- * Added a new option to the Config access tab: "Prefix all URL
- commands with". This can be used to add an extra layer of
- security to the URL based commands Proxomitron understands.
-
- Any URL must begin with whatever text is specified here before
- a URL based command will be processed. Use this as a kind of
- password protection. For example, the URL commands "http://file/..."
- can be used to load a local file from the hard drive. However if you
- allow other PCs to access Proxomitron, this could be a serious
- security risk. By including a URL prefix such as "myprefix."
- the command will only work if typed like so...
- "http://myprefix.file/filename".
-
- Note: if a URL command is used internally in a $RDIR command, it's
- not necessary to add the prefix. This allows filters to be written
- without needing to know if any prefix is being used. This should
- be safe as the filter itself controls the use of the URL command.
-
- Another use for this feature is to overcome Opera's reluctance
- to send hostnames without a dot "." to a proxy (it assumes the names
- are local and should not be proxied). By including a dotted prefix
- the commands can be processed without problems.
-
- * Added a "Find" option to the filter lists. The filter list
- will only display filters that include in their title, words
- matching what's entered in the find box (yeah, I admit it's an
- idea stolen from several popular news readers ;-)
-
- It's still pretty basic, and may yet have problems, but it should
- help when dealing with really large lists of filters. Actually
- it's kind of a stop-gap measure until I can find the time to
- redo the GUI and perhaps include something like sub-folders.
-
- * Added List options to the context menu of the "Bypass URL"
- edit box.
-
- * changed the $UESC() command to unescape any normal ASCII
- character (anything between "!" and "~")
-
- * Some updates have been made to the included filters
-
-
- BETA THREE: fixes
-
- * Fixed a bug that could cause a crash in some cases if a web server
- produced an invalid response to a request.
-
- * Added some code to trap hardware exceptions. This may help me
- track down what's still causing crashes for some users.
-
- * Changed proxy authorization to send "Basic user:pass" instead of
- "basic user:pass" (MS proxies appear to be case sensitive).
-
- * Fixed a problem with persistent connections and some HEAD requests
-
- * Fixed a bug with the "Use SSLeay" checkbox in the config dialog.
-
- * Corrected a problem with using lists in the "Bypass URL" match in
- the config section. Actually this has a more global effect as
- you can now add a call to a list to a filter before the list
- itself exists. It will go into effect once a list with the same
- name is added later. Previously the filter wouldn't work until the
- config was saved and reloaded or the filter was re-parsed.
-
- BETA TWO: Features
-
- * New dbug URL command shows the page in debug mode
-
- * You can now have multiple URL commands - as in...
- http://src..file//C:/web/somefile.html
- http://bypass..src..www.somepage.com/
-
- * Added a new option when using the square bracket matches [...]
- to check for a specific byte values. Just enter the value within a
- URL style hex escape as in... "[%2a]" for a single char or
- "[%20-%41]" for a range of values.
-
- BETA TWO: Bug fixes
-
- * Problem with escapes within brackets (as in "[\n]")
-
- * Bounds match rules being set to lower case
-
- * "Minimize Proxomitron to system tray" option doing a
- erroneous SSLeay dll check.
-
- * Crash when using some replace commands (like "\q" or "\a") in the
- matching expression instead.
-
- * Possible Priority inversion lock with IE fixed (I hope)
- It appears IE might up its own priority to give it an advantage
- over other winsock apps. That's no too smart when it's depending
- on one of those other apps for its input!
-
