OpenACS / openacs-4 / packages

acs-tcl

Tools

Line History

Line Count Graph
Line Count Graph

Stats

Commits this week: 3
Total Committers: 73
Last Commit: 02 Jul
Commits this week: 3
Total Lines of Code (LoC): 68,337
Net change in LoC this week: 0

Commit Activity

Commits By Day In Week
52 week commits volume
Commits By Day In Week
Commits by day
Commits By Day In Week
Commits by hour
Commits By Hour In Day
Commit calendar
 

Most active committers (90 days)

loading
loading
  • last updated 9 hours ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
Friday 14 Oct 2016
8:58 pm

gustafn

- use for hex codes 2-digit notation \xHH to make it compatible for tcl8.6

Options
    • -3
    • +3
    ./tcl/utilities-procs.tcl
  2. … 5 more files in changeset.
Thursday 13 Oct 2016
10:05 am

gustafn

- change special markers in text_to_html from \x001 and \x002 to \u0002 (start of text) and \u0003 (end of text). The previous coding did not work always reliably, regsub was missing some entries, probably due to a mess-up of the internal representation.

Options
    • -12
    • +14
    ./tcl/text-html-procs.tcl
Wednesday 12 Oct 2016
12:14 pm

gustafn

- fixing a probably old bug: changed the markers in ad_text_to_html since the old markers with the funy camel case led to problems (at least with current regexp implementations)

in the text below, only 5 of the 8 urls were correctly transformed into anchor markup. The new markers uses uniqe single char starting and ending marker, marking also regexp much simpler.

- the function is further generalized (unifying http/https/ftp urls with mailto urls) and probably faster

A welcome contribution would be e.g. an extension of the api-browser for callbacks (listing contracts/implementations, etc.).

[1] http://openacs.org/api-doc/proc-view?proc=callback&source_p=1

[2] https://github.com/openacs/openacs-core/blob/oacs-5-9/packages/search/tcl/search-procs.tcl#L309

[3] https://github.com/openacs/forums/blob/master/tcl/forums-callback-procs.tcl#L104

[4] https://github.com/openacs/openacs-core/blob/oacs-5-9/packages/acs-tcl/tcl/apm-procs.tcl

[5] http://openacs.org/api-doc/proc-view?source_p=1&proc=apm_arg_names_for_callback_type

[6] https://github.com/openacs/xowiki/blob/oacs-5-9/tcl/xowiki-callback-procs.tcl

[7] https://github.com/openacs/openacs-core/blob/oacs-5-9/packages/acs-subsite/tcl/subsite-callback-procs.tcl#L69

[8] https://github.com/openacs/xotcl-core/blob/oacs-5-9/tcl/06-param-procs.tcl#L386

Options
    • -25
    • +27
    ./tcl/text-html-procs.tcl
7:58 am

gustafn

- fix variable name

Options
    • -2
    • +2
    ./tcl/text-html-procs.tcl
Tuesday 11 Oct 2016
1:32 pm

gustafn

- remove erroneous warnings

- reduce the number of regsub operations in ad_text_to_html

- improve/fix souce code comments

Options
    • -42
    • +51
    ./tcl/text-html-procs.tcl
Monday 10 Oct 2016
3:38 pm

antoniop

Removed use of deprecated ns_ssl API for Naviserver versions newer than 4.99.12

Removed use of util_memoize in favor of ns_memoize

Options
    • -4
    • +21
    ./tcl/http-client-procs.tcl
10:44 am

gustafn

- nsproxy handling: switch back to previous directory in after changing to a new one (which might be deleted before the next call)

Options
    • -1
    • +13
    ./tcl/proxy-procs.tcl
10:43 am

gustafn

- show debug data as well for forms

Options
    • -2
    • +2
    ./tcl/utilities-procs.tcl
Tuesday 04 Oct 2016
9:31 pm

gustafn

- only get data via [ns_conn content] when it is text/*

Options
    • -4
    • +7
    ./tcl/utilities-procs.tcl
Friday 30 Sep 2016
1:00 pm

gustafn

- include information about current object and the current class in debug output if available

Options
    • -7
    • +30
    ./tcl/utilities-procs.tcl
Thursday 29 Sep 2016
11:24 pm

gustafn

- allow csrf token generation in background jobs

Options
    • -5
    • +12
    ./tcl/security-procs.tcl
Tuesday 27 Sep 2016
11:09 am

gustafn

- replace javascript: urls by event listeners

Options
    • -5
    • +4
    ./tcl/defs-procs.tcl
  2. … 2 more files in changeset.
9:54 am

gustafn

- adding nonce values to script tags

Options
    • -1
    • +1
    ./lib/progress-bar.adp
    • -2
    • +2
    ./tcl/defs-procs.tcl
    • -3
    • +3
    ./tcl/navigation-procs.tcl
    • -2
    • +2
    ./tcl/utilities-procs.tcl
  5. … 8 more files in changeset.
Thursday 22 Sep 2016
7:30 pm

gustafn

- handle error when opening psql and error from withing psql the same way

Options
    • -28
    • +35
    ./tcl/00-database-procs.tcl
7:28 pm

gustafn

- improve line reaks in source control

Options
    • -9
    • +9
    ./tcl/apm-install-procs.tcl
7:23 pm

gustafn

- improve comments

Options
    • -4
    • +10
    ./tcl/security-procs.tcl
10:47 am

gustafn

- move deprecated proc lmap (since this conflicts with the built-in function of tcl 8.6) to acs-outdated

- use dicts for default ports

Options
    • -15
    • +9
    ./tcl/utilities-procs.tcl
  2. … 1 more file in changeset.
Thursday 15 Sep 2016
9:23 am

gustafn

- added default CSP directive "font-src data:"

Options
    • -1
    • +7
    ./tcl/security-procs.tcl
Tuesday 13 Sep 2016
10:23 am

gustafn

- adding "-force" parameter to security::csp::require

- bump version number to 5.9.1d12

Options
    • -2
    • +2
    ./acs-tcl.info
    • -3
    • +21
    ./tcl/security-procs.tcl
Monday 12 Sep 2016
1:10 pm

gustafn

- shorten export_vars argument list

Options
    • -1
    • +1
    ./tcl/http-client-procs.tcl
1:05 pm

gustafn

- replace deprecated "cc_email_from_party ..." by "party::email -party_id ..."

Options
    • -2
    • +2
    ./tcl/apm-install-procs.tcl
  2. … 3 more files in changeset.
1:02 pm

gustafn

- replace deprecated "cc_email_from_party ..." by "party::email -party_id ..."

- replace deprecated "cc_lookup_email_user ..." by "party::get_by_email -email ..."

Options
    • -4
    • +4
    ./tcl/test/community-core-test-procs.tcl
  2. … 2 more files in changeset.
12:37 pm

gustafn

- mark cc_* functions as deprecated, since more general functions exists in acs_user::, party::, or group:: namespaces

Options
    • -13
    • +22
    ./tcl/community-core-procs.tcl
10:31 am

gustafn

- move comment to the right place

Options
    • -3
    • +5
    ./tcl/request-processor-procs.tcl
10:29 am

gustafn

- Refine security policies: when necessary, define both a nonce and a

'unsafe-inline' to ensure compatibility on some less adavanced

browsers

- use same "secure" setting for ad_session_id, otherwise, just the

last one is honored

- fix linefeed and semicolon in js for focus handling

Options
    • -23
    • +26
    ./tcl/security-procs.tcl
  2. … 2 more files in changeset.
Friday 09 Sep 2016
10:27 am

gustafn

- add CSP directive "img-src 'self'" per default

Options
    • -1
    • +2
    ./tcl/security-procs.tcl
Tuesday 06 Sep 2016
7:33 pm

gustafn

- Added support for W3C Content Security Policy(CSP)

* For details about CSP, see https://www.w3.org/TR/CSP/

* New calls:

security::csp::nonce:

Generate a CSP nonce token token

security::csp::require /directive/ /value/:

Add a requirements of a page to the CSP in order to generate

later a tailored policy with the minimal permissions for

this page. For example, the following requirement is

currently added per default to the oacs-master template to

permit style tags and style attribites in the markup.

security::csp::require style-src 'unsafe-inline'

security::csp::render:

Generate a policy from the requirements

* Added Kernel Parameter CSPEnabledP to activate/desctivate CSP

(default on)

- Bump version numbers

acs-tcl to 5.9.1d11

acs-bootstrap-installer to 5.9.1d4

acs-kernel to 5.9.1d17

Options
    • -2
    • +2
    ./acs-tcl.info
    • -33
    • +124
    ./tcl/security-procs.tcl
  3. … 6 more files in changeset.
10:14 am

gustafn

- new function ::security::nonce_token to generate a nonce token as described in W3C Content Security Policy

Options
    • -5
    • +51
    ./tcl/security-procs.tcl
Monday 05 Sep 2016
10:53 am

gustafn

- Implements "Upgrade Insecure Requests" headers:

W3C Candidate Recommendation

https://www.w3.org/TR/upgrade-insecure-requests/

Options
    • -1
    • +9
    ./tcl/request-processor-procs.tcl
10:32 am

gustafn

- security::redirect_to_secure: add flag "-script_abort" to make it

usable in filter procs (ad_script_abort triggers errors without

error message)

- security::get_secure_location:

* align implementation to function documentation (to make it usable

for sub-sites). Last version returned always the "configured

secure" location, not the "current secure location"

* replace regexps by util::split_location/util::join_location/

Options
    • -22
    • +16
    ./tcl/security-procs.tcl