• last updated 6 hours ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
add missing access policy message keys

- fixed severe vulnerability with path traversal attack

- fixed severe vulnerability with path traversal attack

- fixed severe vulnerability with path traversal attack

- reset filename in case of attack

- fixed severe vulnerability with path traversal attack

- fixed severe vulnerability with path traversal attack

On my previous commit I added a not null constraint for name column on site_nodes, the problem is that main site node on oracle has a NULL name ( given the fact that empty strings are managed as NULL on Oracle ) therefore doesnt make sense to have such constraint.

- Avoiding usage of coalesce function on site_nodes table columns in WHERE clause, this was leading to usage of sequencial scans which can be expensive when having a huge amount of site_nodes. Instead we go for isolation of the case when requestion a node with a null parent ( this would be the main site node ) and we use the = operator so the planner goes for a index scan.

- Adding not null constraint to site_nodes(name)

adding remember attributes feature for shorthand coding

- fix before-uninstantiate for legacy folders (many thanks to Michael Aram)

- fix class handling for image links, regression test runs again without errors

- fix context_id for inheritance of permissions. After transformation from folders to form-pages, context id was -100

- fix object_type for folders transformed via ::xowiki::tranforms_root_folder

- bump version number to 0.135

    • -3
    • +3
    /openacs-4/packages/xowiki/xowiki.info
    • -1
    • +4
    /openacs-4/packages/xowiki/tcl/package-procs.tcl
adding dynamic forms procs for handling spreadsheet forms etc. status: untested

    • -0
    • +181
    /openacs-4/packages/spreadsheet/tcl/form-procs.tcl
- provide better rfc 3986 compliant url-encoding (relevant when subst_blank_in_name is turned off) to fix behavior in naviserver

    • -4
    • +12
    /openacs-4/packages/xowiki/tcl/package-procs.tcl
- fix passing of "-id i...." in includelets

    • -1
    • +2
    /openacs-4/packages/xowiki/tcl/xowiki-procs.tcl
- added parameter "-cssid ..." to all links generated via [[...]]

    • -11
    • +18
    /openacs-4/packages/xowiki/tcl/link-procs.tcl
- en:photo.form: simple default form

- generalize yui-carousel to work with FormPages of en:photo.form

- pass geometry in links

- bump version number to 0.134

- en:photo.form: simple default form

- generalize yui-carousel to work with FormPages of en:photo.form

- pass geometry in links

- bump version number to 0.134

    • -0
    • +8
    /openacs-4/packages/xowiki/www/prototypes/photo.form.page
- en:photo.form: simple default form

- generalize yui-carousel to work with FormPages of en:photo.form

- pass geometry in links

- bump version number to 0.134

    • -4
    • +4
    /openacs-4/packages/xowiki/xowiki.info
    • -36
    • +102
    /openacs-4/packages/xowiki/tcl/includelet-procs.tcl
    • -4
    • +4
    /openacs-4/packages/xowiki/tcl/package-procs.tcl
- make sure to change image, when a new revision is uploaded

Add test with many datatypes

Added a couple of template validation procedures ("added a couple of

templating system datatypes") to bring the kernel and templating system's

view of datatypes closer together. Added to_sql/from_sql helpers to move

that functionality from ad_form into the templating system.

Add bind var support. Note incomplete hack to handle to_timestamp. Since when we construct the query we don't have access to the attribute/form datatypes. Also return new object_id in new_from_form procedure.

file authentication-procs-oracle.xql was added on branch oacs-5-8 on 2013-08-25 20:04:46 +0000

file authentication-procs-postgresql.xql was added on branch oacs-5-8 on 2013-08-25 20:04:46 +0000

more PG 9.0 compatibility. Avoiding the usage of OIDs in postgresql.

making white space consistent in nsopenssl section, clarified a comment there.

removing wishy-washy statments in nsopenssl section, removing nsopenssl config for aolserver3.3 (no longer supported), adding example 'other db' configuration, minor clarification edits in nsopenssl config. see http://openacs.org/forums/message-view?message_id=3488424

Removing query text that was moved previosly to its respective xql file.

We use the package_key of attachments for checking if there is already an instance of it under dotlrn.

- updated charts.swf and uploader.swf in yui 2.7.0 to address serious vulnerability (see http://yuilibrary.com/support/2.8.2/)