• last updated 8 hours ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
ad_form reform:

- use actual flags instead of parsing arguments all the time

- retrieve proc flags from ad_proc definition (TODO: have some api for this?)

- follow the thread of peculiar ad_form logic to fix new csrf signing feature

- improve documentation using @param instead of manual formatting

- leave some note to travellers in the code

    • -243
    • +229
    ./form-processing-procs.tcl
Fix typo (thanks to Thomas Renner)

reflow overlong lines in comments

ad_form: Add optional parameter -csrf_protection_p (defaults to false)

white space changes

simplify code

Cleanup not more relevant comments, remove idiom meant to work in the context of a db_with_handle we are not using anymore

Reuse already existing db_list_of_ns_sets inside db_foreach and db_list_of_lists, as it uses the most native return type: the ns_set

reduce verbosity

Operate on the original list to not incur in possible memory foortprint inflation via lrange

Exploit new -with_headers flag in db_list_of_lists to reimplement db_foreach in a way that only one db handle is used

Advantages:

- api is now transaction safe (with respect to database operations executed in the code block)

- nested db_foreach statements won't risk to occupy all available handles anymore

Possible drawbacks:

- query result needs to be completely stored inside a list before looping

- calling stack is now one level deeper...

This passes automated tests

Reduce code duplication

Introduce -with_headers flag in db_list_of_lists so names of returned column values can be returned as well as the first list in the result

Reduce code duplication (passes automated tests)

improve security of ad_forms by binding request to a user

fix bracket in last commit

use usual idioms, white space changes

Remove backtick from the list of characters to be replaced by 'ad_sanitize_filename', as 'util::zip' deals with them properly now

util::zip reform.

+ Use '::zipfile::mkzip', introduced in tcllib 1.18, if available.

+ For unix-like systems, with older tcllib versions, bash was used for changing directories. This method was problematic when using certain characters for the filenames, such as backticks, for example. In order to avoid this and properly quote everything, we use tclsh instead, in a convoluted and funny way (thanks to Nathan Coulter for the hack).

+ TODO: test this method also on windows, and unify the legacy implementations if it works.

ad_return_url: change default value for default_url to "."

this is not terribly important, but probably a better approximation

switch from security::nonce_token to ::security::csp::nonce and update comments

Allow ad_return_url to be called also, when connection is closed.

This might be the case e.g. for the search renderer. In this case, a default_url is used

  1. … 3 more files in changeset.
Deprecate duplicated api and replace its only occurence in upstream codebase

  1. … 2 more files in changeset.
Add '`' to the list of sanitazable characters by 'ad_sanitize_filename'

Whitespace changes

  1. … 1 more file in changeset.
Fix typos

  1. … 1 more file in changeset.
Remove trailing whitespace

replace broken redirect with standard redirect function (auth::require_login)

Greatly reduce complexity of code required to support -export flag for ad_form:

instead of juggle variables around to mimick export_vars, just set -export flag

value as a form property, then use the real export_vars on it later when form

is rendered. This will support all current features (e.g. :multiple, :sign, :array)

more reliably and reduce code duplication.

  1. … 1 more file in changeset.
no need for eagerly releasing handles