• last updated 11 hours ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
reduce verbosity

Quote error message to better protect against XSS attacks

Added parameter to define a default dbn to a database connection

By this change, one can now define a default dbn at the creation time

of a database connection object. Before, it was necessary to pass

the "-dbn" value to every single command. The parameter can still be

used for particular queries as before to overrule the default.

Example for defining a connection context to a pool named "legacy"

using the PostgreSQL database interface

::xo::db::DB-postgresql create ::xo::dc1 -dialect postgresql -dbn legacy

lappend _ [::xo::dc1 get_value . {select count(*) from acs_objects}]

lappend _ [::xo::dc get_value . {select count(*) from acs_objects}]

#> 660 51606

Fix method signature

Fixed implementation of value checker dbtext

The old version was not persistent in the blueprints.

Furthermore, the new version is more than 2x faster by

avoiding regular expressions.

Provide facilities to validate against invalid SQL strings

We introduce a new page contract filter and nsf validator called "dbtext". They implement enforcing of a value to be useable in an SQL query. Currently, this means that the value should not contain the NUL character, but the definition may change in the future or become database-specific.

The html contract filter has also be extended to reject the NUL character.

The test suite has been updated/extended to reflect the changes.

  1. … 2 more files in changeset.
reduced verbosity

Chat reform

The goal of these changes is to reduce the "mode" specific javascript code in the chat implementation and reduce server-side guessing of browser capabilities.

- In the MessageRelay class from xotcl-core, we rework the javascript code sent to the connection when doing scripted streaming to make less assumptions about the functions defined in the parent scope

- In the chat code from xowiki, we move most of the logics to guess the mode into javascript, where we can test the actual capabilities of the browser without relying on the user agent

- The previously 4 javascript files dependant on the chat mode have been made into one

  1. … 7 more files in changeset.
When the mode is "streaming", use Server Sent Events instead of a "plain" endless request

This has the advantage of a clearer, less hacky api, which, for instance, does not require manual parsing of the partial response.

  1. … 4 more files in changeset.
avoid double quoting

Add type=oneof to Serializer exportMethods

Many thanks to Sebastian Scheder and Günter Ernst

Simplify oneof filters to not depend on other api

Fix syntax of new oneof value checker

  1. … 1 more file in changeset.
Implement a oneof value checker for xowiki query parameters

The ad_ filter was used to have a localized error message

  1. … 1 more file in changeset.
free explicitly answer ns_set in "sets" method

free ns_set storage more eager (when e.g. large queries are used in longer loops)

use "ns_set stats" when available in memory statistics of ::xo::stats

  1. … 1 more file in changeset.
maintenance: simplified and shortened nested if expression

don't send messages to other threads during shutdown

The threads might be gone already, causing error log entries

Disable tests to check for executables on the system

  1. … 7 more files in changeset.
do not show invalid input to the user

improved spelling

  1. … 7 more files in changeset.
improve listing of properties of NX classes

Test external command dependencies

  1. … 1 more file in changeset.
Undo part of the recent cache-deactivation for attribute definitions

When all calls for "db_attribute_defined" are performed without

caching, this results in a huge amount of additional SQL queries,

since these tests are performed during blueprint definition as well

during every blueprint reload of every db attribute. On a small site

with just 6 connection threads (2 monitor, 2 default, 2 slow), this

results during startup with 969 additional SQL queries, a reload of

xowiki causes an additional 1063 of such queries. When a site defines

much more connection threads ((the LEARN site has e.g. 85 connection

threads defined), these DB attribute testing operations will result in

10K+ of mostly useless SQL queries. As a consequence of this, the

startup of the server will become slower, reloads will become slower

etc., which is bad especially for large sites.

The new implementation seems to fix the original problem case (running

xotcl_core_tutorial_4 multiple times). If there is still a problem

with installing xolp [2] this problem should be analyzed and fixed

probably there. If necessary, a proper bug report would be appreciated

to reduce guessing work.

[1] https://fisheye.openacs.org/changelog/OpenACS/?cs=oacs-5-10%3Aantoniop%3A20230310183055

[2] https://fisheye.openacs.org/changelog/OpenACS/?cs=oacs-5-10%3Aantoniop%3A20230317160241

Use the usual idiom for checking if the connection is active

... why in the first place was this change necessary? Who calls this

in which way this www-*method without a connection?

Don't run the spiel when we are not connected

As it turns out, even caching only by request has consequences e.g. when one installs xolp from scratch

Disabl caching and prepare the statement instead

Improve robustness when a class is created/deleted multiple times (e.g. by repeating xotcl-core.xotcl_core_tutorial_4 automated test)

Factor out Package->process_init_parameter into package-custom-procs

This change makes it easier to provide instance specific customization.

In general, these package-custom-procs could also be kept in other

packages.

  1. … 4 more files in changeset.