• last updated 55 mins ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
- fixed severe vulnerability with path traversal attack

- fixed severe vulnerability with path traversal attack

On my previous commit I added a not null constraint for name column on site_nodes, the problem is that main site node on oracle has a NULL name ( given the fact that empty strings are managed as NULL on Oracle ) therefore doesnt make sense to have such constraint.

- Avoiding usage of coalesce function on site_nodes table columns in WHERE clause, this was leading to usage of sequencial scans which can be expensive when having a huge amount of site_nodes. Instead we go for isolation of the case when requestion a node with a null parent ( this would be the main site node ) and we use the = operator so the planner goes for a index scan.

- Adding not null constraint to site_nodes(name)

adding remember attributes feature for shorthand coding

- fix before-uninstantiate for legacy folders (many thanks to Michael Aram)

- fix class handling for image links, regression test runs again without errors

- fix context_id for inheritance of permissions. After transformation from folders to form-pages, context id was -100

- fix object_type for folders transformed via ::xowiki::tranforms_root_folder

- bump version number to 0.135

    • -3
    • +3
    /openacs-4/packages/xowiki/xowiki.info
    • -1
    • +4
    /openacs-4/packages/xowiki/tcl/package-procs.tcl
adding dynamic forms procs for handling spreadsheet forms etc. status: untested

    • -0
    • +181
    /openacs-4/packages/spreadsheet/tcl/form-procs.tcl
- provide better rfc 3986 compliant url-encoding (relevant when subst_blank_in_name is turned off) to fix behavior in naviserver

    • -4
    • +12
    /openacs-4/packages/xowiki/tcl/package-procs.tcl
- fix passing of "-id i...." in includelets

    • -1
    • +2
    /openacs-4/packages/xowiki/tcl/xowiki-procs.tcl
- added parameter "-cssid ..." to all links generated via [[...]]

    • -11
    • +18
    /openacs-4/packages/xowiki/tcl/link-procs.tcl
- en:photo.form: simple default form

- generalize yui-carousel to work with FormPages of en:photo.form

- pass geometry in links

- bump version number to 0.134

- en:photo.form: simple default form

- generalize yui-carousel to work with FormPages of en:photo.form

- pass geometry in links

- bump version number to 0.134

    • -0
    • +8
    /openacs-4/packages/xowiki/www/prototypes/photo.form.page
- en:photo.form: simple default form

- generalize yui-carousel to work with FormPages of en:photo.form

- pass geometry in links

- bump version number to 0.134

    • -4
    • +4
    /openacs-4/packages/xowiki/xowiki.info
    • -36
    • +102
    /openacs-4/packages/xowiki/tcl/includelet-procs.tcl
    • -4
    • +4
    /openacs-4/packages/xowiki/tcl/package-procs.tcl
- make sure to change image, when a new revision is uploaded

Add test with many datatypes

Added a couple of template validation procedures ("added a couple of

templating system datatypes") to bring the kernel and templating system's

view of datatypes closer together. Added to_sql/from_sql helpers to move

that functionality from ad_form into the templating system.

Add bind var support. Note incomplete hack to handle to_timestamp. Since when we construct the query we don't have access to the attribute/form datatypes. Also return new object_id in new_from_form procedure.

file authentication-procs-oracle.xql was added on branch oacs-5-8 on 2013-08-25 20:04:46 +0000

file authentication-procs-postgresql.xql was added on branch oacs-5-8 on 2013-08-25 20:04:46 +0000

more PG 9.0 compatibility. Avoiding the usage of OIDs in postgresql.

making white space consistent in nsopenssl section, clarified a comment there.

removing wishy-washy statments in nsopenssl section, removing nsopenssl config for aolserver3.3 (no longer supported), adding example 'other db' configuration, minor clarification edits in nsopenssl config. see http://openacs.org/forums/message-view?message_id=3488424

Removing query text that was moved previosly to its respective xql file.

We use the package_key of attachments for checking if there is already an instance of it under dotlrn.

- updated charts.swf and uploader.swf in yui 2.7.0 to address serious vulnerability (see http://yuilibrary.com/support/2.8.2/)

- more changes induced by xotcl 2.0

    • -3
    • +2
    /openacs-4/packages/xowiki/tcl/xowiki-procs.tcl
PG 9.0 compatibility. Changes regarding the usage of sequences in order to avoid errors of 'missing FROM-clause message' on queries.

    • -2
    • +2
    /openacs-4/packages/dotlrn/dotlrn.info
    • -0
    • +1
    /openacs-4/packages/dotlrn/tcl/applets-procs.tcl
    • -1
    • +1
    /openacs-4/packages/dotlrn/tcl/applets-procs.xql
PG 9.0 compatibility. Changes regarding usage of sequences. Deleting unused views and sequences.

PG 9.0 compatibility. Avoiding quering the root folder from dual.

PG 9.0 compatibility. Avoiding fetching next value of sequences using a view.