• last updated 13 hours ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
fix typo

perform javascript escaping with more regular semantics

Introduce new ad_js_escape with the purpose of sanitizing tcl strings used inside javascript code from escape sequences and from quotes in particular and provide some test cases

TODO: consider its usage into templates when e.g. we are putting a URL into javascript functions such as acs_ListBulkActionClick. URLs might in fact contain single and double quotes.

Proc "util_get_subset_missing": make sure to return the found elements.

Added test case for this proc.

Make 'util_user_message' quote the message when the parameter 'html_p' is false, not otherwise, restoring pre-refactoring behavior and making it coherent with the parameter doc

Simplify code and exploit parameter contract (we know flags are boolean)

Put some sanity in ancient proc docs with 'pre' tags that were breaking api-doc

Whitespace changes

Fix typo in proc doc

Whitespace changes

Fix typo in proc doc

Whitespace changes

Remove duplicated comments

Whitespace changes

Add missing parameter to include doc

Use ad_include_contract on this page

Replace custom arg checks with proper ad_include_contract

Add some @see in deprecated procs

add procdic for private function

Cookie security reform:

- fix handling of persistent logins while addressing problems of last commits

- increase usage of try/throw to be able to distinguish exceptions

- fix handling of LoginTimeout 0 in cryptographic expiration

- use [ad_conn behind_secure_proxy_p] on more occasions, where

security::secure_conn_p is used (maybe fold these together in the future)

- new private proc security::log to ease debugging of cookie management

- further improved documentation

Wrap legacy and current ns_http api behavior in a proc with a common interface in a way that people with newer Naviserver can exploit e.g. ns_http run capabilities (in particular, not being forced to queue and potentially block concurrent HTTP requests)

- fix serveral documentation bugs (align decumentation with implementation)

- use "throw" as well for invalid cookies (in addition to non-existent cookies)

Replace removed query in xotcl implementation as well

Init cache using values from db instead than cached api (fixes install from scratch)

Reduce code duplication (passes automated tests)

Make test locale-aware

add session_id invalidation

treat behind_secure_proxy_p like security::secure_conn_p for useing secure cookies in general and for the secure login cookie

use secure token when running behind a secure proxy the same way as when running directly a secure session

Don't trust value of login_level just on basis of the session cookie