• last updated 2 hours ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
revert escaped change

allow parameter::get_from_package_key to be called before acs-tcl/tcl/utilities-procs.tcl are called

don't raise exception when folder_path is empty

activate usage of "ns_db currenthandles" when available

add error, when we are running out of handles

reduce verbosity, deactivate usage 'ns_db currenthandles' for now

fix typo

db_handle reform

Use "ns_db currenthandles" (when available) to implement "db_with_handle"

instead of the old approach based on the global db_state variables.

The enws approach has the advantantge that it is

- more robust (deletion and creation of the per-request variables,

no coherency problem),

- simpler, and

- faster (less overhead per db_with_handle call, simple queries up to 20% faster)

time {db_string . {select object_id from acs_objects limit 1}} 1000

old: 200-230 microseconds per iteration

new: 160-180 microseconds per iteration

    • -113
    • +334
    ./tcl/00-database-procs.tcl
fix typo

perform javascript escaping with more regular semantics

Introduce new ad_js_escape with the purpose of sanitizing tcl strings used inside javascript code from escape sequences and from quotes in particular and provide some test cases

TODO: consider its usage into templates when e.g. we are putting a URL into javascript functions such as acs_ListBulkActionClick. URLs might in fact contain single and double quotes.

Proc "util_get_subset_missing": make sure to return the found elements.

Added test case for this proc.

Make 'util_user_message' quote the message when the parameter 'html_p' is false, not otherwise, restoring pre-refactoring behavior and making it coherent with the parameter doc

Simplify code and exploit parameter contract (we know flags are boolean)

Put some sanity in ancient proc docs with 'pre' tags that were breaking api-doc

Whitespace changes

Fix typo in proc doc

Whitespace changes

Fix typo in proc doc

Whitespace changes

Remove duplicated comments

Whitespace changes

Add missing parameter to include doc

Use ad_include_contract on this page

Replace custom arg checks with proper ad_include_contract

Add some @see in deprecated procs

add procdic for private function

Cookie security reform:

- fix handling of persistent logins while addressing problems of last commits

- increase usage of try/throw to be able to distinguish exceptions

- fix handling of LoginTimeout 0 in cryptographic expiration

- use [ad_conn behind_secure_proxy_p] on more occasions, where

security::secure_conn_p is used (maybe fold these together in the future)

- new private proc security::log to ease debugging of cookie management

- further improved documentation

Wrap legacy and current ns_http api behavior in a proc with a common interface in a way that people with newer Naviserver can exploit e.g. ns_http run capabilities (in particular, not being forced to queue and potentially block concurrent HTTP requests)

- fix serveral documentation bugs (align decumentation with implementation)

- use "throw" as well for invalid cookies (in addition to non-existent cookies)