• last updated 12 hours ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
Mark value checking functions from before ad_page_contract as deprecated

(see also issue #3407)

A 16 years old comment says:

This is some old security crud from before we had ad_page_contract

check_for_form_variable_naughtiness

ad_var_type_check_integer_p

ad_var_type_check_safefilename_p

ad_var_type_check_dirname_p

ad_var_type_check_number_p

ad_var_type_check_word_p

ad_var_type_check_nocheck_p

ad_var_type_check_noquote_p

ad_var_type_check_integerlist_p

Fix ad_generate_random_string

it seems, that "-ulevel" is used more often than "-level"

  1. … 1 more file in changeset.
use "-level" instead of "-ulevel", since "-level" is used e.g. in

template::util::multirow_to_list or template::util::list_of_ns_sets_to_multirow

as well.

  1. … 1 more file in changeset.
Added switch "-ulevel" to proc "util::var_subst_quotehtml";

ad_form: quote form field values in validation error messages to prevent XSS attacks

  1. … 1 more file in changeset.
Fix typo

new support function util::var_subst_quotehtml to perform variable substitution with ns_quotehtml

use capitals for abbreaviation

change references from "http://*tcl.tk/" to "https://*tcl-lang.org/"

  1. … 5 more files in changeset.
avoid double substitutions

  1. … 2 more files in changeset.
Add remarks about "correct" usage of ad_decode in proc doc

improve spelling

  1. … 14 more files in changeset.
Default value for "sign" in export vars should be empty, and not "0"

- relax strict error handling on export_vars_sign for the time being

ad_sign: generalize last ad_sign handling to

allow user and csrf binding

  1. … 4 more files in changeset.
ad_sign: new optional parameter "user_binding"

The parameter user_binding allows to bind a signature to a user.

When the value is "-1" only the user who created the signature can

obtain the value again. A value of 0 (default) means no user binding.

The permissible values might be extended in the future.

bump version number to 5.10.0d24

  1. … 2 more files in changeset.
Remove backtick from the list of characters to be replaced by 'ad_sanitize_filename', as 'util::zip' deals with them properly now

util::zip reform.

+ Use '::zipfile::mkzip', introduced in tcllib 1.18, if available.

+ For unix-like systems, with older tcllib versions, bash was used for changing directories. This method was problematic when using certain characters for the filenames, such as backticks, for example. In order to avoid this and properly quote everything, we use tclsh instead, in a convoluted and funny way (thanks to Nathan Coulter for the hack).

+ TODO: test this method also on windows, and unify the legacy implementations if it works.

Add '`' to the list of sanitazable characters by 'ad_sanitize_filename'

Proc "util_get_subset_missing": make sure to return the found elements.

Added test case for this proc.

  1. … 1 more file in changeset.
Make 'util_user_message' quote the message when the parameter 'html_p' is false, not otherwise, restoring pre-refactoring behavior and making it coherent with the parameter doc

Simplify code and exploit parameter contract (we know flags are boolean)

Put some sanity in ancient proc docs with 'pre' tags that were breaking api-doc

clean up temporary objects after scheduled jobs

Make util_current_location robust such it does not raise an exception when not connected. In these cases, the configured ad_url is returned. This is not perfect either, since it would not work with host-node mapped subsites, and maybe, there are cases, where one wants just information based on the actual connection. so, maybe, one should provide either a higher level API and/or parameterize util_current_location in the future.

improve comments

  1. … 10 more files in changeset.
Fix doc typo

don't be so quick on phasing out deprecated code

  1. … 1 more file in changeset.
add flag "-suppress_port" to util::configured_location

fix bug with SuppressHttpPort on admin/index page of acs-subsite

see: https://openacs.org/forums/message-view?message_id=5399931

  1. … 3 more files in changeset.