• last updated 11 hours ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
require at least Tcl 8.5.4 for this version (see as well TIP #143)

Avoid potential attacks via too many open files.

Background: Tcl uses still select() for event processing, which has a pretty much hardcoded limit of max 1024 files (one has to recompile Tcl, libc, and maybe the kernel). With bgdelivery it is possible to deliver more than 1000 files simultaneously, but Tcl panics, when the number of descriptors is too large. We experienced the problem in a sitation, where the 1000+ requests were produced from a incorrect browser behavior (e.g. iPad issues a series of range requests rapidly without closing the last requests); bgdelivery allows now just one spooling request for a file from a user at one time.

- define global variable ::xo::naviserver for quick test, whether we are running under NaviServer

- fix ns_ur[en|de]code of "--" and "-charset" etc. This fixes the behavior of NaviServer, which has a "--" option terminator

- close a few opportunities for cross-site scripting attacks (e.g. via error messages)

    • -1
    • +8
    /openacs-4/packages/xowiki/tcl/package-procs.tcl
    • -1
    • +2
    /openacs-4/packages/xowiki/tcl/xowiki-procs.tcl
fixed Bug #3210 as suggested by Malte

- guard rename-commands to improve robustness for reloading in newer tcl versions

added xo::broadcast -- a simple mechanism to send commands to different connection and scheduled threads

- make sure to avoid namespace overwrite due to form-vars with colons

- added ::xowiki::virus check based on clamav (http://sourceforge.net/projects/clamav/)

- added virus validator for uploaded ::xowiki::Files

- added virus valudator for formfield of type "file"

- add simple link checker for formfield "url" (force http, https, or ftp)

Treating ad_set_cookie's boolean switches as such.

- fixed bug (backport of fix in rev 1.74 of postgresql/apm-create.sql)

- bump version number to 5.6.1

file upgrade-5.6.0-5.6.1.sql was initially added on branch oacs-5-6.

fixed prefixed_lookup to invoke methods on inherited content (the correct one)

    • -7
    • +12
    /openacs-4/packages/xowiki/tcl/package-procs.tcl
Restoring xowiki code to yesterdays state. Hopefully getting rid of today's unwanted commits.

    • -0
    • +23
    /openacs-4/packages/xowiki/COPYRIGHT
    • -0
    • +126
    /openacs-4/packages/xowiki/xowiki.info
    • -0
    • +1
    /openacs-4/packages/xowiki/lib/view.adp
    • -0
    • +30
    /openacs-4/packages/xowiki/lib/view.tcl
    • -0
    • +150
    /openacs-4/packages/xowiki/tcl/chat-procs.tcl
    • -0
    • +928
    /openacs-4/packages/xowiki/tcl/folder-procs.tcl
    • -0
    • +3481
    /openacs-4/packages/xowiki/tcl/form-field-procs.tcl
    • -0
    • +503
    /openacs-4/packages/xowiki/tcl/import-procs.tcl
    • -0
    • +4529
    /openacs-4/packages/xowiki/tcl/includelet-procs.tcl
    • -0
    • +150
    /openacs-4/packages/xowiki/tcl/lcs-procs.tcl
  1. … 985 more files in changeset.
revert previous two changes

    • -14
    • +0
    /openacs-4/packages/xowiki/www/xinha/Makefile
revert previous change

    • -23
    • +0
    /openacs-4/packages/xowiki/COPYRIGHT
    • -126
    • +0
    /openacs-4/packages/xowiki/xowiki.info
    • -1
    • +0
    /openacs-4/packages/xowiki/lib/view.adp
    • -30
    • +0
    /openacs-4/packages/xowiki/lib/view.tcl
    • -150
    • +0
    /openacs-4/packages/xowiki/tcl/chat-procs.tcl
    • -979
    • +0
    /openacs-4/packages/xowiki/tcl/folder-procs.tcl
    • -3481
    • +0
    /openacs-4/packages/xowiki/tcl/form-field-procs.tcl
    • -503
    • +0
    /openacs-4/packages/xowiki/tcl/import-procs.tcl
    • -4529
    • +0
    /openacs-4/packages/xowiki/tcl/includelet-procs.tcl
    • -150
    • +0
    /openacs-4/packages/xowiki/tcl/lcs-procs.tcl
  1. … 973 more files in changeset.
fix prefixed_lookup to invoke methods on inherited content

    • -4
    • +55
    /openacs-4/packages/xowiki/tcl/folder-procs.tcl
    • -6
    • +16
    /openacs-4/packages/xowiki/tcl/package-procs.tcl
    • -0
    • +30
    /openacs-4/packages/xowiki/www/thumbnail.tcl
    • -1
    • +1
    /openacs-4/packages/xowiki/www/view-default.adp
    • binary
    /openacs-4/packages/xowiki/www/resources/jpeg-icon.png
    • binary
    /openacs-4/packages/xowiki/www/resources/mov-icon.png
    • binary
    /openacs-4/packages/xowiki/www/resources/mp4-icon.png
    • binary
    /openacs-4/packages/xowiki/www/resources/pdf-icon.png
- changing folder inheritance from names (was broken) to ids; resolver changes are missing

    • -4
    • +5
    /openacs-4/packages/xowiki/tcl/folder-procs.tcl
    • -18
    • +36
    /openacs-4/packages/xowiki/tcl/package-procs.tcl
    • -1
    • +4
    /openacs-4/packages/xowiki/tcl/xowiki-procs.tcl
improved version of get_super_folders

    • -23
    • +22
    /openacs-4/packages/xowiki/tcl/xowiki-procs.tcl
- fix get_super_folders in cases, where pages are subpages of e.g. an

xowiki::Page; otherwise the regeression test fails

- try to simplify logic with intersect/concat

    • -7
    • +9
    /openacs-4/packages/xowiki/tcl/xowiki-procs.tcl
- don't use numerical comparison for strings, can lead to errors and strange results

- provide message for further debugging, when name lookup fails

    • -4
    • +8
    /openacs-4/packages/xowiki/tcl/package-procs.tcl
renamed formfield->get_dom_spec to formfield->get_json

support for repeatable file fields & util_tdom2list for definition of widget specs the tdom script way

add viewers parameter in folder.form.page

folder configuration & inheritance

    • -138
    • +156
    /openacs-4/packages/xowiki/tcl/folder-procs.tcl
    • -8
    • +63
    /openacs-4/packages/xowiki/tcl/package-procs.tcl
    • -1
    • +110
    /openacs-4/packages/xowiki/tcl/xowiki-procs.tcl
repeatable attributes

    • -18
    • +291
    /openacs-4/packages/xowiki/tcl/form-field-procs.tcl
    • -0
    • +136
    /openacs-4/packages/xowiki/www/resources/wu-repeatable.js
handle invalid input from url-parameter gracefully (many thanks to Frank Bergmann for the hint)

    • -1
    • +2
    /openacs-4/packages/xowiki/tcl/package-procs.tcl
- fix regression test

    • -2
    • +2
    /openacs-4/packages/xowiki/tcl/package-procs.tcl
make sure we exclude null paths from cr_files_to_delete