• last updated 8 hours ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
Don't load the DAV callbacks when oacs-dav is not installed

Commit remaining files

Make oacs-dav an optional dependency for the file-storage package

Callback implementations and folder registrations will happen only when the package is detected at startup. For existing installations, no action is performed, buit the oacs-dav package can now be deleted without complaints.

Improve validation

Fix typo

Refactor the query in the folder-chunk page so that on postgres one can enforce permissions in bulk, rather than for each file

Make use of new API "ad_mktmpdir" and "ad_opentmpfile" instead of "ad_tmpnam"

  1. … 2 more files in changeset.
Make use of new API "ad_mktmpdir" and "ad_opentmpfile" instead of "ad_tmpnam"

  1. … 1 more file in changeset.
prefer adp:icon over old-style .gif files

provided a helper proc to query the mapping of a generic icon name to a concrete

This function is necessary in boundary cases, where e.g. a display_template passes the generic

name of the icon via template variables which have to be

@-substituted before adp-tag resolution, which performs the

regular icon name mapping (otherwise, the tag resolver receives

e.g. ...name=@icon@...)

  1. … 2 more files in changeset.
prefer adp:icon over old-style .gif images

  1. … 2 more files in changeset.
Don't go to the cache to tell if a command is available

Don't go to the cache to tell if commands are available

Don't go to the cache to tell if the views package is installed

Make service contract implementation private and replace foreign occurrences

    • -10
    • +37
    ./tcl/file-storage-dav-procs.tcl
  1. … 1 more file in changeset.
Whitespace changes

    • -17
    • +17
    ./tcl/file-storage-dav-procs.tcl
Make service contract implementation private: they are not meant to be invoked directly

    • -14
    • +14
    ./tcl/file-storage-dav-procs.tcl
Make service contract implementations private

Whitespace cleanup

Deprecate twt::user::create and twt::user::delete, superseded by their acs::test::user:: counterparts

  1. … 11 more files in changeset.
Fix self-inflicted bug: one should indeed be able to specify the same form var multiple time, test the behavior for the future

  1. … 2 more files in changeset.
Reimplement upload automated test using a real multipart request, as newer naviserver will reject handcrafted .tmpfile parameters

Bring test closer to reality

Test the behavior of the file-storage when a malicious user would try to store a pre-existing file on the server as its own

The fix for the file-storage is a simple validation to make sure that the tmpfile exists, however, for the generic case of the file widget, we cannot trust the tmpfile value when this was not generated by the server. This will probably cause regression when one wants to show a "preview" of a form, to be continued.

    • -1
    • +121
    ./tcl/test/file-storage-procs.tcl
  1. … 1 more file in changeset.
Whitespace cleanup

acs::test::user::delete: added flag -delete_created_acs_objects and fix regression test for file-storage

  1. … 4 more files in changeset.
Prevent names made only of invalid characters to end up null after sanitization, as done in other UIs in this package

improve validation

provide missing value for inform widget

improve validation