• last updated 13 hours ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
- only subst value, when it was provided explicitely in the "- -export" list. (see also change in www/register/user-new.tcl in http://cvs.openacs.org/changelog/OpenACS?cs=oacs-5-9%3Agustafn%3A20160525130725)

- protect against certain characters in return_url (the real solution is probably a fix in ad_form, which could cause some collateral damage)

- protect against manipulated hidden input fields

- hardening page contracts (invalid values for color_filter_value could cause postgres errors; example color_filter_value=1%00%c0%a7%c0%a2%252527%252522)

- improve page contracts on demo pages

- add errorCode to reported context information

- protect against too large bug numbers (causes pg errors)

- don't access @patch.patch_id@ for displayed_object_id, if it does

not exist (view mode)

- don't perform message key subsitution in user contributed bug description

- add csrf protection for search

- add csrf token to advanced search template

- add csrf token to advanced search

    • -1
    • +2
    /openacs-4/packages/search/www/search.tcl
- improve page contract

- Add safety belt to prevent recursive loop

- add return link for complaint pages

- handle both complaints the same way

- abort script after error

- add actual length

- fix message key

- require at lease three characters

- fix typo

- don't allow empty searches in forums-search (might take long)

- fix broken demo page

- make ::security::csrf::token public

- improve appearance and safety of demo pages

file compile.adp was initially added on branch oacs-5-9.

file show.adp was initially added on branch oacs-5-9.

Fix bug http://openacs.org/bugtracker/openacs/bug?bug_number=3292:

Native and curl implementation of util::http behave inconsistently when dealing with json content and special characters

Also fix another inconsistency: curl added an extra space after pager content.

- validate start_date and end_date

- add scrf protection for dropzone

    • -3
    • +3
    /openacs-4/packages/xowiki/xowiki.info
- add method CSRFToken to tdom::Object

- bump version number to 0.147

- handle source_p set to empty via client property in all cases the same way

- add scrf token for show/hide cases