• last updated 13 hours ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
file edit.adp was initially added on branch oacs-5-9.

    • -0
    • +0
    /openacs-4/packages/xowiki/resources/templates/edit.adp
file error-template.adp was initially added on branch oacs-5-9.

- fix stupid cut&paste bug

- simplify script

- improve error handling of closed connections

- add csrf protection (bulk-delete, save operations in FormPages)

- add input checking for optional query-parameter "master"

- bump version number to 5.9.1d8

    • -3
    • +3
    /openacs-4/packages/xowiki/xowiki.info
    • -1
    • +1
    /openacs-4/packages/xowiki/tcl/folder-procs.tcl
- added tdom command "::html::CSRFToken" similar to html::div etc. for easy generation of csrf token in tdom contexts

- output more detail for errors

- only subst value, when it was provided explicitely in the "- -export" list. (see also change in www/register/user-new.tcl in http://cvs.openacs.org/changelog/OpenACS?cs=oacs-5-9%3Agustafn%3A20160525130725)

- protect against certain characters in return_url (the real solution is probably a fix in ad_form, which could cause some collateral damage)

- protect against manipulated hidden input fields

- hardening page contracts (invalid values for color_filter_value could cause postgres errors; example color_filter_value=1%00%c0%a7%c0%a2%252527%252522)

- improve page contracts on demo pages

- add errorCode to reported context information

- protect against too large bug numbers (causes pg errors)

- don't access @patch.patch_id@ for displayed_object_id, if it does

not exist (view mode)

- don't perform message key subsitution in user contributed bug description

- add csrf protection for search

- add csrf token to advanced search template

- add csrf token to advanced search

    • -1
    • +2
    /openacs-4/packages/search/www/search.tcl
- improve page contract

- Add safety belt to prevent recursive loop

- add return link for complaint pages

- handle both complaints the same way

- abort script after error

- add actual length

- fix message key

- require at lease three characters

- fix typo

- don't allow empty searches in forums-search (might take long)

- fix broken demo page

- make ::security::csrf::token public

- improve appearance and safety of demo pages