OpenACS

Tools

Line History

Line Count Graph
Line Count Graph

Stats

Commits this week: 6
Total Committers: 146
Last Commit: 21 Nov
Commits this week: 6
Total Lines of Code (LoC): 7,560,943
Net change in LoC this week: 122

Commit Activity

Commits By Day In Week
52 week commits volume
Commits By Day In Week
Commits by day
Commits By Day In Week
Commits by hour
Commits By Hour In Day
Commit calendar
 

Most active committers (90 days)

loading
loading
  • last updated 5 hours ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
Wednesday 19 Jun
4:08 pm

antoniop

Port of downstream modification in place since at least 2012

When parsing XoWiki links, accept links in the form [[link|| -flag1 flagvalue]], where the label is set to empty.

Options
    • -2
    • +2
    /openacs-4/packages/xowiki/tcl/xowiki-procs.tcl
Friday 14 Jun
2:28 pm

antoniop

Port of downstream fix by Markus Moser on live since 2022-09-21

Fix regression after disabled formfield reform

Options
    • -3
    • +5
    /openacs-4/packages/xowiki/tcl/form-field-procs.tcl
Thursday 13 Jun
4:26 pm

antoniop

Fix variable name after refactoring

Options
    • -2
    • +2
    /openacs-4/packages/acs-tcl/tcl/security-procs.tcl
Tuesday 11 Jun
7:04 pm

gustafn

fixed typo

Options
    • -2
    • +2
    /openacs-4/packages/acs-tcl/tcl/security-procs.tcl
11:26 am

gustafn

Updated location handling

- make use of "ns_server hosts" when available

- refactored and simplified code

- keep validated locations in an nsv array

- added support for extra white-listed hosts

in case, every other configuration fails

(should not be necessary)

ns_section ns/server/$server/acs {

ns_param whitelistedHosts {...}

}

- updated inline documentation

The new code is supposed to handle in combination of a recent NaviServer

all complex host header validation scenarios, include running behind a proxy,

in a container or cluster.

Options
    • -79
    • +183
    /openacs-4/packages/acs-tcl/tcl/security-procs.tcl
11:15 am

gustafn

Updated icanuse registry

- added "ns_ip", "ns_subnetmatch", and "ns_server hosts"

- sorted commands alphabetically

Options
    • -7
    • +10
    /openacs-4/packages/acs-tcl/tcl/00-icanuse-procs.tcl
Tuesday 04 Jun
3:18 pm

gustafn

whitespace changes

Options
    • -19
    • +19
    /openacs-4/packages/acs-tcl/tcl/html-procs.tcl
3:18 pm

gustafn

modernize code

Options
    • -4
    • +2
    /openacs-4/packages/acs-tcl/tcl/html-procs.tcl
2:20 pm

gustafn

moved long time deprecated function "ad_approval_system_inuse_p" to deprecated-procs

Options
    • -18
    • +1
    /openacs-4/packages/acs-tcl/tcl/admin-procs.tcl
    • -2
    • +19
    /openacs-4/packages/acs-tcl/tcl/deprecated-procs.tcl
2:14 pm

gustafn

Improved comments and make code more robust in regards of legacy setups

Options
    • -12
    • +20
    /openacs-4/packages/acs-tcl/tcl/request-processor-procs.tcl
Monday 03 Jun
7:47 pm

gustafn

Added support for relative redirects

RFC 2616 requires an absolute URI in the "Location" header field. So

if someone calls "ns_returnredirect /", NaviServer transforms it on

the fly into an absolute URL by prefixing it with the location

(e.g. https://openacs.org/). NaviServer (and OpenACS) has some complex

code to compute the location value, especially when virtual servers

are involved (or for "host-node mapped" subsites in OpenACS). The

situation is further complicated when running behind a reverse proxy

and/or in a containerized environment. In such cases, the location is

computed from the "host" request header field, which must be

validated, otherwise an attacker could hijack a session and redirect

it to a spoofed site.

The situation changed 10 years ago (June 2014) with the introduction

of RFC 7231, which allows relative redirects (see

https://www.rfc-editor.org/rfc/rfc7231#section-7.1.2). Using relative

redirects greatly simplifies configuration and closes the attack

vector using the host header field. RFC 7231 has been superseded by

RFC 9110 (June 2022), which also supports relative redirects via the

"location" response header field (see

https://www.rfc-editor.org/rfc/rfc9110#field.location).

Since OpenACS prefixed always the URL with a location, when it

encounters are relative URL in a "ad_returnredirect", this change

makes use of the new feature of NaviServer 5.

Make sure to use a current version of NaviServer, where the support

was added recently.

Options
    • -0
    • +14
    /openacs-4/packages/acs-tcl/tcl/00-icanuse-procs.tcl
    • -4
    • +10
    /openacs-4/packages/acs-tcl/tcl/utilities-procs.tcl
Friday 31 May
3:57 pm

antoniop

Document more explicitly that we do not perform filesystem operations when deleting files via the fs:: api, but we rely on the content repository and its trigger+scheduled proc mechanism

Options
    • -3
    • +18
    /openacs-4/packages/file-storage/tcl/file-storage-procs.tcl
3:45 pm

antoniop

Document behavior: the assumption that one can derive the filename from the api is not correct in case of copies

Options
    • -0
    • +11
    /openacs-4/packages/acs-content-repository/tcl/revision-procs.tcl
3:10 pm

antoniop

Revert https://cvs.openacs.org/changelog/OpenACS?cs=oacs-5-10%3Aantoniop%3A20240423144330

currently, file-storage will copy files by simply copying the revision entry of the new file from the original one. This means that copied files will in fact point to the same filesystem file of the original.

This "works" because the file-storage api will currently never delete a file from the filesystem, so deleting the original file will not affect the copies.

This behavior is probably not ideal, but we won't address it before the release, as to change it will most likely require some careful planning, in particular for existing installations.

Options
    • -0
    • +8
    /openacs-4/packages/acs-content-repository/tcl/revision-procs-oracle.xql
    • -0
    • +8
    /openacs-4/packages/acs-content-repository/tcl/revision-procs-postgresql.xql
    • -9
    • +14
    /openacs-4/packages/acs-content-repository/tcl/revision-procs.tcl
2:01 pm

gustafn

improved robustness during bootstrap

Options
    • -7
    • +20
    /openacs-4/packages/acs-tcl/tcl/parameter-procs.tcl
2:00 pm

gustafn

improved speling

Options
    • -2
    • +2
    /openacs-4/packages/acs-tcl/tcl/xml-0-sgml-procs.tcl
2:00 pm

gustafn

improved spelling

Options
    • -1
    • +1
    /openacs-4/packages/acs-tcl/tcl/acs-db-00-procs.tcl
    • -2
    • +2
    /openacs-4/packages/acs-tcl/tcl/acs-permissions-procs.tcl
    • -2
    • +2
    /openacs-4/packages/acs-tcl/tcl/request-processor-procs.tcl
    • -2
    • +2
    /openacs-4/packages/acs-tcl/tcl/text-html-procs.tcl
    • -4
    • +4
    /openacs-4/packages/acs-tcl/tcl/utilities-procs.tcl
    • -2
    • +2
    /openacs-4/packages/acs-templating/tcl/list-procs.tcl
1:48 pm

gustafn

updated jqueryui to latest version

Options
    • -5
    • +5
    /openacs-4/packages/xowiki/www/resources/jquery/jquery-ui.css
    • -323
    • +331
    /openacs-4/packages/xowiki/www/resources/jquery/jquery-ui.js
    • -4
    • +4
    /openacs-4/packages/xowiki/www/resources/jquery/jquery-ui.min.js
1:34 pm

gustafn

improved spelling

Options
    • -2
    • +2
    /openacs-4/packages/xowiki/tcl/form-field-procs.tcl
    • -3
    • +3
    /openacs-4/packages/xowiki/tcl/xowiki-www-procs.tcl
1:32 pm

gustafn

bumped version numbers due to upstream releases

Options
    • -2
    • +2
    /openacs-4/packages/fa-icons/fa-icons.info
    • -2
    • +2
    /openacs-4/packages/fa-icons/tcl/resource-procs.tcl
    • -2
    • +2
    /openacs-4/packages/highcharts/highcharts.info
    • -1
    • +1
    /openacs-4/packages/highcharts/tcl/resource-procs.tcl
Wednesday 29 May
11:24 am

gustafn

Extended "ad_conn behind_secure_proxy_p"

This test will be now true, when either the recieved request

contains one of those request header fields.

- "X-SSL-Request: 1"

- "X-Forwarded-Proto: https"

Before, only the first variant was accepted.

The AWS load balancer uses the second variant.

Options
    • -2
    • +5
    /openacs-4/packages/acs-tcl/tcl/request-processor-procs.tcl
Wednesday 22 May
1:23 pm

gustafn

whitespace changes

Options
    • -14
    • +14
    /openacs-4/packages/acs-api-browser/tcl/acs-api-documentation-procs.tcl
1:18 pm

gustafn

Fixed potential infinie loop when source code looks like an regexp call

The api-code prettifier contains several heuristics for prettifying

source code without being a proper parser. It contains a

"Hack for nasty regexp stuff" which could run potentially into an infinite

parsing loop. This change fixes an acutal bug on openacs.org for file [1]

which is site-local.

[1] https://openacs.org/api-doc/procs-file-view?path=packages/xowf/tcl/openacs-procs.tcl&version_id=5526548&source_p=1

Options
    • -2
    • +6
    /openacs-4/packages/acs-api-browser/tcl/acs-api-documentation-procs.tcl
10:34 am

trenner

fix typo

Options
    • -2
    • +2
    /openacs-4/packages/acs-tcl/tcl/request-processor-procs.tcl
Friday 17 May
7:04 pm

gustafn

Permit "lang::message::cache" in acs::clusterwide operations

Options
    • -0
    • +1
    /openacs-4/packages/acs-tcl/tcl/cluster-procs.tcl
7:01 pm

gustafn

improvement for ACS clusters

Incorporated changes as suggested by Jonathan Kelley

For details, see https://openacs.org/forums/message-post?parent_id=5814308

Options
    • -8
    • +6
    /openacs-4/packages/acs-lang/tcl/lang-message-procs.tcl
    • -1
    • +2
    /openacs-4/packages/acs-tcl/tcl/memoize-procs-naviserver.tcl
4:05 pm

gustafn

Base "ad_conn behind_proxy_p" on "ns_conn details" when available

Options
    • -1
    • +6
    /openacs-4/packages/acs-tcl/tcl/00-icanuse-procs.tcl
    • -10
    • +27
    /openacs-4/packages/acs-tcl/tcl/request-processor-procs.tcl
Wednesday 08 May
2:41 pm

antoniop

Inject a reference to the current connection package into the tinymce conf (when used outside of xowiki)

Options
    • -1
    • +7
    /openacs-4/packages/richtext-tinymce/tcl/richtext-procs.tcl
2:37 pm

antoniop

Fix file metadata

Options
    • -3
    • +3
    /openacs-4/packages/richtext-tinymce/tcl/richtext-procs.tcl
2:31 pm

antoniop

Provide a reference to the current object when configuring tinymce

Options
    • -1
    • +7
    /openacs-4/packages/xowiki/tcl/form-field-procs.tcl