OpenACS

Tools

Line History

Line Count Graph
Line Count Graph

Stats

Commits this week: 6
Total Committers: 146
Last Commit: 21 Nov
Commits this week: 6
Total Lines of Code (LoC): 7,560,943
Net change in LoC this week: 122

Commit Activity

Commits By Day In Week
52 week commits volume
Commits By Day In Week
Commits by day
Commits By Day In Week
Commits by hour
Commits By Hour In Day
Commit calendar
 

Most active committers (90 days)

loading
loading
  • last updated 10 hours ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
Monday 26 Feb
10:52 am

gustafn

reduced number of external dependencies

Options
    • -2
    • +2
    /openacs-4/packages/acs-automated-testing/tcl/tclwebtest-procs.tcl
10:51 am

gustafn

fixed typo

Options
    • -2
    • +2
    /openacs-4/packages/acs-automated-testing/tcl/aa-test-procs.tcl
Sunday 25 Feb
6:29 pm

gustafn

Improved consistency with external programs

Since "unzip" is used as well on various other places,

use it as well in the file storage. This means that

the parameter "UnzipBinary" for the file-storage package

is now obsolete.

Options
    • -1
    • +0
    /openacs-4/packages/file-storage/file-storage.info
    • -2
    • +2
    /openacs-4/packages/file-storage/www/file-add.tcl
6:25 pm

gustafn

Cleanup of external binaries: always use "util::which" to resolve binaries

Background: it is important to always use the same binaries of some

programs. This is important for security reasons, consistency, and

configurability (some operating systems have read-only file systems,

which might be on the path and should be avoided for some operations).

Options
    • -2
    • +2
    /openacs-4/packages/acs-tcl/tcl/test/http-client-procs.tcl
5:13 pm

gustafn

Cleanup of external binaries: always use "util::which" to resolve binaries

Background: it is important to always use the same binaries of some

programs. This is important for security reasons, consistency, and

configurability (some operating systems have read-only file systems,

which might be on the path and should be avoided for some operations).

Options
    • -1
    • +1
    /openacs-4/packages/acs-admin/tcl/acs-admin-procs.tcl
    • -2
    • +2
    /openacs-4/packages/acs-automated-testing/tcl/aa-test-procs.tcl
    • -2
    • +2
    /openacs-4/packages/acs-tcl/tcl/http-client-procs.tcl
    • -2
    • +2
    /openacs-4/packages/caldav/tcl/caldav-interface-procs.tcl
4:46 pm

gustafn

Use GNU grep when available

GNU grep is now used for the lookup of message keys using the

"--include=" parameter. This improves the speed of the command

significantly and reduces the number of external dependencies (no

"find", or "xargs" needed).

Options
    • -4
    • +29
    /openacs-4/packages/acs-lang/www/admin/message-usage-include.tcl
    • -8
    • +9
    /openacs-4/packages/acs-tcl/tcl/00-icanuse-procs.tcl
4:43 pm

gustafn

Removed obsolete files www/admin/lookups-include.tcl

The file www/admin/lookups-include.tcl was replaced some time ago by

www/admin/message-usage-include.tcl but as it looks, not removed from

the repository.

Options
    • -23
    • +0
    /openacs-4/packages/acs-lang/www/admin/lookups-include.tcl
11:49 am

gustafn

Cleanup of external binaries: always use "util::which" to resolve binaries

Options
    • -3
    • +3
    /openacs-4/packages/acs-tcl/tcl/apm-file-procs.tcl
11:40 am

gustafn

Cleanup of external binaries: always use "util::which" to resolve binaries

Furthermore, this change makes the handling of "identify" consistent

with "convert". Before, the parameter "ImageMagickIdentifyBinary"

could not be modified via the parameter settings, only

"ImageMagickConvertBinary" was defined.

Bump version number to 5.10.1b3 to pick up additional parameter.

Options
    • -3
    • +4
    /openacs-4/packages/acs-content-repository/acs-content-repository.info
    • -9
    • +9
    /openacs-4/packages/acs-content-repository/tcl/image-procs.tcl
Friday 23 Feb
2:14 pm

antoniop

Improve test:

whether the html filter will accept or not a script tag is configuration-dependent. We now enforce that the outcome is consistent with the security check for HTML used in the filter itself.

Options
    • -1
    • +1
    /openacs-4/packages/acs-tcl/tcl/test/acs-tcl-test-procs.tcl
1:58 pm

antoniop

Fix method signature

Options
    • -1
    • +1
    /openacs-4/packages/xotcl-core/tcl/01-debug-procs.tcl
Friday 16 Feb
5:46 pm

antoniop

Flush the whole key pattern, now that the key can end either in true or false

Fixes locale__test_lang_conn_browser_locale automated test

Options
    • -2
    • +2
    /openacs-4/packages/acs-lang/tcl/locale-procs.tcl
12:38 pm

antoniop

Manually replace the ":" entity to prevent attempts at disguising "javascript:" links

Options
    • -1
    • +17
    /openacs-4/packages/acs-tcl/tcl/text-html-procs.tcl
12:36 pm

antoniop

Replicate injection attempt by penetration tools

Options
    • -0
    • +14
    /openacs-4/packages/acs-tcl/tcl/test/text-html-procs.tcl
11:31 am

gustafn

Fixed unreviewed commit, which might lead to hard-to-spot errors

The last change assumed that "nls_language" can be hard-wired to

contain most 5 characters. While this not backed by the OpenACS data

model, the standard (RFC 5646) explicitly states that there is no

upper limit on the size of language tags. The tree letter language

codes have been standard since 2001 (RFC 4646).

The change accepts now all defined locales. When the specified locale

is not enabled, it provides a log notice, when the locale is not

defined at all, it provides a warning and falls back to "en_US".

Options
    • -2
    • +2
    /openacs-4/packages/acs-lang/acs-lang.info
    • -10
    • +19
    /openacs-4/packages/acs-lang/tcl/locale-procs.tcl
    • -3
    • +3
    /openacs-4/packages/xowiki/xowiki.info
    • -2
    • +17
    /openacs-4/packages/xowiki/tcl/xowiki-form-procs.tcl
Thursday 15 Feb
7:04 pm

gustafn

page filters with NUL value

Prefer "string first" over "regexp" since this is twice as fast.

Options
    • -4
    • +5
    /openacs-4/packages/acs-tcl/tcl/tcl-documentation-procs.tcl
6:36 pm

gustafn

Fixed implementation of value checker dbtext

The old version was not persistent in the blueprints.

Furthermore, the new version is more than 2x faster by

avoiding regular expressions.

Options
    • -8
    • +9
    /openacs-4/packages/xotcl-core/tcl/01-debug-procs.tcl
6:00 pm

gustafn

bootstrap5 theme: prettify appearance for "ad_form -mode display"

The previous change was already a big improvement. The change makes

it easier to distinguish the field labels from the field content.

Options
    • -6
    • +18
    /openacs-4/packages/openacs-bootstrap5-theme/resources/forms/standard.adp
5:47 pm

gustafn

security::validated_host_header: Made acceptance of configured vhosts the first check

Under certain conditions (such as running in a container, or reverse

proxy situations) the admin of a server wants to specify accepted host

names. This can be achieved in the "*/servers" section of a network

driver. These values are used now first for accepting host header

fields. This change avoids unexpected redirects to, e.g., internal

server addresses.

Options
    • -35
    • +41
    /openacs-4/packages/acs-tcl/tcl/security-procs.tcl
5:41 pm

gustafn

bugfix: fixed test test_ad_register_proc when running in a container

When runnig in a container, one cannot use util_current_localtion, which refers

to the URL to reach the server from the container host. To address the server

inside the container, acs::test::url should be used.

This change does not matter for non-containerized applications

Options
    • -2
    • +2
    /openacs-4/packages/acs-tcl/tcl/test/request-processor-procs.tcl
1:27 pm

antoniop

Provide facilities to validate against invalid SQL strings

We introduce a new page contract filter and nsf validator called "dbtext". They implement enforcing of a value to be useable in an SQL query. Currently, this means that the value should not contain the NUL character, but the definition may change in the future or become database-specific.

The html contract filter has also be extended to reject the NUL character.

The test suite has been updated/extended to reflect the changes.

Options
    • -2
    • +30
    /openacs-4/packages/acs-tcl/tcl/tcl-documentation-procs.tcl
    • -5
    • +41
    /openacs-4/packages/acs-tcl/tcl/test/acs-tcl-test-procs.tcl
    • -0
    • +18
    /openacs-4/packages/xotcl-core/tcl/01-debug-procs.tcl
Wednesday 14 Feb
5:15 pm

antoniop

Separate form widgets from label and help-text vertically by wrapping them in a div, render form labels in a larger font for better visibility

Options
    • -22
    • +24
    /openacs-4/packages/openacs-bootstrap5-theme/resources/forms/standard.adp
    • -0
    • +4
    /openacs-4/packages/openacs-bootstrap5-theme/www/resources/css/main.css
4:12 pm

antoniop

Whitespace changes

Options
    • -118
    • +118
    /openacs-4/packages/openacs-bootstrap5-theme/resources/forms/standard.adp
2:23 pm

antoniop

Harden page contracts

Options
    • -4
    • +2
    /openacs-4/packages/calendar-portlet/www/calendar-admin-portlet.tcl
    • -12
    • +2
    /openacs-4/packages/calendar-portlet/www/calendar-full-portlet.tcl
    • -12
    • +2
    /openacs-4/packages/calendar-portlet/www/calendar-list-portlet.tcl
1:54 pm

antoniop

Validate as a token also the default coming from _nls_language, ensure the resulting language key is at most 5 chars long (many thanks to Markus Moser for this)

Options
    • -3
    • +5
    /openacs-4/packages/xowiki/tcl/xowiki-form-procs.tcl
12:01 pm

antoniop

Update external dependencies to use the URN version

Options
    • -17
    • +16
    /openacs-4/packages/dotlrn-bootstrap3-theme/dotlrn-bootstrap3-theme.info
    • -3
    • +53
    /openacs-4/packages/dotlrn-bootstrap3-theme/tcl/apm-callback-procs.tcl
11:15 am

antoniop

Provide a more meaningful error message

Options
    • -2
    • +7
    /openacs-4/packages/dotlrn-portlet/tcl/test/dotlrn-portlet-procs.tcl
Tuesday 13 Feb
5:48 pm

antoniop

Reform of error handling in ad_page_contract when template recursion is detected

A "complaint recursion" happens if a validation error takes place in one of the templates used while rendering the error page (for instance, anything we include in the master template or the master template itself).

Previously, we would give up complaining after 10 recursions were detected. This had the consequence that after 10 attempt, the failing template involved in rendering the complaint would be fed the invalid data we were trying to reject.

Now, we complain and stop the execution as soon as a recursion is detected. The error will be rendered in a very basic way that overrides the templating system, so that we can exit the recursion cycle.

In practice, only malicious page manipulation attempts should be affected by this change.

Options
    • -35
    • +60
    /openacs-4/packages/acs-tcl/tcl/tcl-documentation-procs.tcl
Monday 12 Feb
7:31 pm

gustafn

improved portability: some versions of "gzip" do not support option "-S"

Options
    • -3
    • +2
    /openacs-4/packages/acs-tcl/tcl/apm-file-procs.tcl
7:29 pm

gustafn

improved spelling

Options
    • -1
    • +1
    /openacs-4/packages/acs-tcl/tcl/test/apm-file-procs.tcl