• last updated 10 hours ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
Default value for "sign" in export vars should be empty, and not "0"

- relax strict error handling on export_vars_sign for the time being

Fix regression in 'if_no_rows' idiom for db_foreach, document alternative syntax, create a test for db_foreach main functionalities

    • -0
    • +35
    ./acs-tcl/tcl/test/acs-tcl-test-procs.tcl
simplify and fix subst operation

    • -3
    • +2
    ./acs-admin/www/apm/packages-install.tcl
distinguish between "install" and "upgrade" in heading and explanation text

    • -5
    • +5
    ./acs-admin/www/apm/packages-install.tcl
- ad_set_cookie: add option "-samesite" and use it, when the server supports it (NaviServer 4.99.18)

- use "-samesite strict" per default on signed cookies

Background from NaviServer commit:

ns_setcookie: add flag "-samesite" with values "strict|lax|none"

When the flag is set it prevents the browser from

sending this cookie along with cross-site requests to mitigate cross site

scripting attacks. Permissible values are [term strict], [term lax],

or [term none] (default). While the value [term strict] prevents

sending the cookie to the target site in all cross-site browsing

context, the value of [term lax] allows sending the cookie when the

user clicks on regular links. For details, see

https://www.owasp.org/index.php/SameSite

This cookie flag is not yet part of an RFC, but most major browsers

support it. Browsers that do not support it, ignore the flag

silently (see https://caniuse.com/#search=samesite).

Although most cookies should probably use the flags, in order to

provide backward compatibility, the flag can't be activated by

default on all cookies.

    • -0
    • +1
    ./acs-tcl/tcl/utilities-procs-aolserver.tcl
    • -3
    • +17
    ./acs-tcl/tcl/utilities-procs-naviserver.tcl
Bring files on oacs-5-10 in sync with HEAD

    • -0
    • +37
    ./general-comments/tcl/general-comments-procs-oracle.xql
    • -0
    • +39
    ./general-comments/tcl/general-comments-procs-postgresql.xql
whitespace and spelling changes

    • -3
    • +3
    ./xowiki/resources/templates/oacs-view.adp
    • -2
    • +2
    ./xowiki/resources/templates/view-book.adp
    • -12
    • +12
    ./xowiki/tcl/adp-generator-procs.tcl
category_tree::get_categories reform:

always return all root categories of given tree. Keep sorting by localized name, but use the en_US translation as a default when desired one is missing. Improve documentation.

    • -10
    • +26
    ./categories/tcl/category-trees-procs.tcl
    • -11
    • +0
    ./categories/tcl/category-trees-procs.xql
Rollback of 'boolean' parameter datatype, as oracle does not see necessary to have 'boolean' datatypes, and they do not even provide with a proper alternative on what to use instead. Great. See: https://asktom.oracle.com/pls/asktom/f?p=100:11:0::::P11_QUESTION_ID:6263249199595#876972400346931526

    • -2
    • +2
    ./acs-kernel/sql/oracle/apm-create.sql
    • -2
    • +2
    ./acs-kernel/sql/postgresql/apm-create.sql
Add 'boolean' parameter datatype and increase version number

    • -2
    • +2
    ./acs-kernel/sql/oracle/apm-create.sql
    • -2
    • +2
    ./acs-kernel/sql/postgresql/apm-create.sql
file upgrade-5.10.0d12-5.10.0d13.sql was initially added on branch oacs-5-10.

Fix typo

activate warnings in case the old IE bug is still around

Whitespace changes

    • -17
    • +17
    ./acs-subsite/www/shared/parameters.tcl
Fix dynamic-types package installation (many Thanks to Iuri Sanpaio) See #3381

Remove trailing "Class" keyword so classes are correctly displayed in the api-doc (See #3383)

ad_sign: generalize last ad_sign handling to

allow user and csrf binding

    • -18
    • +29
    ./acs-tcl/tcl/security-procs.tcl
use user-specific sign operations for protecting delete operations

ad_sign: new optional parameter "user_binding"

The parameter user_binding allows to bind a signature to a user.

When the value is "-1" only the user who created the signature can

obtain the value again. A value of 0 (default) means no user binding.

The permissible values might be extended in the future.

bump version number to 5.10.0d24

    • -10
    • +39
    ./acs-tcl/tcl/security-procs.tcl
Bring files on oacs-5-10 in sync with HEAD

    • -59
    • +59
    ./acs-admin/www/apm/package-add-2.tcl
    • -17
    • +17
    ./acs-admin/www/apm/parameter-add-2.tcl
    • -10
    • +9
    ./acs-admin/www/apm/parameter-edit-2.tcl
    • -13
    • +1
    ./acs-authentication/tcl/authentication-procs.tcl
    • -17
    • +1
    ./acs-core-docs/www/db-api-detailed.adp
    • -28
    • +1
    ./acs-core-docs/www/db-api-detailed.html
    • -29
    • +1
    ./acs-core-docs/www/xml/kernel/db-api.xml
    • -1
    • +3
    ./acs-datetime/tcl/acs-datetime-procs.tcl
    • -12
    • +16
    ./acs-tcl/tcl/00-database-procs.tcl
    • -20
    • +1
    ./acs-tcl/tcl/apm-install-procs.tcl
  1. … 148 more files in changeset.
Secure forums delete button by protecting the message_id with a timed signature

    • -5
    • +6
    ./forums/www/moderate/message-delete.tcl
make sure to populate global variable for different notations of the default database

    • -1
    • +3
    ./acs-bootstrap-installer/tcl/20-db-bootstrap-procs.tcl
Bring files on oacs-5-10 in sync with HEAD

    • -4
    • +4
    ./acs-authentication/acs-authentication.info
    • -0
    • +2
    ./acs-authentication/catalog/acs-authentication.de_DE.ISO-8859-1.xml
    • -0
    • +2
    ./acs-authentication/catalog/acs-authentication.en_US.ISO-8859-1.xml
    • -0
    • +2
    ./acs-authentication/catalog/acs-authentication.es_ES.ISO-8859-1.xml
    • -0
    • +2
    ./acs-authentication/catalog/acs-authentication.it_IT.ISO-8859-1.xml
    • -1
    • +187
    ./acs-kernel/sql/oracle/utilities-create.sql
    • -70
    • +71
    ./acs-service-contract/tcl/acs-service-contract-procs.tcl
    • -57
    • +63
    ./intermedia-driver/tcl/intermedia-procs.tcl
    • -0
    • +2
    ./notifications/catalog/notifications.it_IT.ISO-8859-1.xml
    • -5
    • +6
    ./openacs-default-theme/lib/plain-master.tcl
  1. … 2 more files in changeset.
add missing file

    • -0
    • +134
    ./acs-authentication/www/doc/acs-authentication.adp
Fix incorrect default value

Whitespace changes + editor hints

    • -180
    • +186
    ./adserver/tcl/adserver-procs.tcl
    • -22
    • +21
    ./download/tcl/download-procs.tcl
    • -1
    • +7
    ./download/www/archive-version-add-2.tcl
    • -7
    • +13
    ./download/www/admin/approve-or-reject-2.tcl
    • -84
    • +89
    ./dynamic-types/tcl/dynamic-type-procs.tcl
    • -270
    • +275
    ./dynamic-types/tcl/form-procs.tcl
    • -2
    • +8
    ./image-magick/tcl/image-magick-procs.tcl
    • -91
    • +68
    ./jabber/www/edit-external-contact-2.tcl
    • -131
    • +126
    ./jabber/www/edit-user-2.tcl
  1. … 11 more files in changeset.
Replace/remove deprecated proc 'db_null'

    • -6
    • +6
    ./download/www/archive-version-add-2.tcl
    • -2
    • +2
    ./download/www/admin/approve-or-reject-2.tcl
    • -17
    • +1
    ./dynamic-types/tcl/dynamic-type-procs.tcl
    • -8
    • +0
    ./image-magick/tcl/image-magick-procs.tcl
    • -1
    • +1
    ./jabber/www/edit-external-contact-2.tcl
  1. … 11 more files in changeset.
Remove deprecated proc 'db_nullify_empty_string' from doc

Whitespace changes + editor hints

    • -58
    • +58
    ./acs-admin/www/apm/package-add-2.tcl
    • -16
    • +16
    ./acs-admin/www/apm/parameter-add-2.tcl
    • -9
    • +8
    ./acs-admin/www/apm/parameter-edit-2.tcl
    • -422
    • +422
    ./assessment/tcl/as-qti-procs.tcl
    • -335
    • +338
    ./content-portlet/tcl/content-portlet-compare-procs.tcl
    • -131
    • +137
    ./ecommerce/www/admin/products/delete-2.tcl
    • -62
    • +62
    ./forums/tcl/forums-callback-procs.tcl
  1. … 5 more files in changeset.