OpenACS / openacs-4 / packages

acs-tcl

Tools

Line History

Line Count Graph
Line Count Graph

Stats

Commits this week: 0
Total Committers: 73
Last Commit: 29 Jul
Commits this week: 0
Total Lines of Code (LoC): 75,031
Net change in LoC this week: 0

Commit Activity

Commits By Day In Week
52 week commits volume
Commits By Day In Week
Commits by day
Commits By Day In Week
Commits by hour
Commits By Hour In Day
Commit calendar
 

Most active committers (90 days)

loading
loading
  • last updated 15 hours ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
Thursday 12 Jun
7:05 pm

gustafn

improved clarity of the code and simplified structure

Options
    • -16
    • +16
    ./tcl/security-procs.tcl
Wednesday 11 Jun
11:36 am

gustafn

fix for using fallback interface and wrong results for non TLS installation

Many thanks to Antonio for flagging this and provide insights

Options
    • -3
    • +8
    ./tcl/security-procs.tcl
Sunday 08 Jun
12:58 pm

gustafn

bumped version number to allow packages to use mutiple tags from jsdelivr

Options
    • -2
    • +2
    ./acs-tcl.info
11:57 am

gustafn

::util::resources::cdnjs_get_newest_version: support cases, where multiple tags are returned

Options
    • -2
    • +3
    ./tcl/utilities-procs.tcl
Thursday 05 Jun
3:48 pm

gustafn

bumped version number to 6.0.0d4

Options
    • -2
    • +2
    ./acs-tcl.info
3:42 pm

gustafn

added support for jsdelivr, since cdnjs misses many new releases

Options
    • -1
    • +1
    ./lib/check-installed.adp
    • -3
    • +3
    ./lib/check-installed.tcl
    • -18
    • +52
    ./tcl/utilities-procs.tcl
Monday 05 May
6:37 pm

gustafn

backport from HEAD

Options
    • -2
    • +23
    ./tcl/security-procs.tcl
6:36 pm

gustafn

fix for "security::get_secure_qualified_url" when no an old-style servername is used

Options
    • -6
    • +27
    ./tcl/security-procs.tcl
Tuesday 29 Apr
3:11 pm

gustafn

don't raise an exception, when invalid host header field is provided

Since this happens often with introsion attempts, provide a security warning.

Options
    • -2
    • +9
    ./tcl/security-procs.tcl
3:09 pm

gustafn

use "ns_log security" when available

Options
    • -3
    • +3
    ./tcl/security-init.tcl
3:08 pm

gustafn

cleared editor buffer

Options
    • -1
    • +1
    ./tcl/00-icanuse-procs.tcl
2:59 pm

gustafn

added: icanuse "ns_log security"

Options
    • -0
    • +1
    ./tcl/00-icanuse-procs.tcl
Thursday 24 Apr
5:56 pm

gustafn

new feature: added database vulnerability checks to posture overview

Extended the /acs-admin/posture-overview page to include known CVEs

for both the database client library and the database server in

use. Previously, the overview displayed privacy and privilege analyses

and flagged vulnerable JavaScript libraries; it now also surfaces

database‐related vulnerabilities.

* Leverage the NaviServer–nsdbpg API to fetch and display client‐ and

server‐side version numbers

* Drive this feature via a database‐agnostic interface—only the nsdbpg

driver currently returns versions, but support for other databases

can be added by updating their drivers (no NaviServer core changes

required)

To use this new feature, use the latest NaviServer and nsdbpg releases.

Otherwise, the section "Database Vulnerability Check" won't appear.

Options
    • -7
    • +76
    ./tcl/utilities-procs.tcl
  2. … 2 more files in changeset.
Thursday 03 Apr
7:16 pm

gustafn

Fixed snyk vulnerability check (backport from HEAD)

Snyk page has changed, we have to switch the pattern we are looking for.

Bumped version number to flage the change to "upgrade from repository"

Options
    • -2
    • +2
    ./acs-tcl.info
    • -2
    • +2
    ./tcl/utilities-procs.tcl
7:11 pm

gustafn

Fixed snyk vulnerability check

Snyk page has changed, we have to switch the pattern we are looking for.

Options
    • -2
    • +2
    ./tcl/utilities-procs.tcl
Wednesday 02 Apr
10:58 am

gernst

Do not modify posted form data when logging the request. In addition mask log output for all fields having password in their name

Options
    • -6
    • +9
    ./tcl/utilities-procs.tcl
Wednesday 12 Mar
10:45 am

gustafn

Enhanced security logging and debugging in security-procs.tcl

- Updated the internal log procedure to accept multiple arguments (using join) for more flexible logging.

- Replace several ns_log calls with ::security::log to standardize logging of session_id, login_cookie, timeout, and other events.

- Add additional log statements in critical functions (e.g. sec_handler, sec_setup_session, __ad_verify_signature, and CSRF token handling)

to provide better traceability of session allocation, cookie generation, session invalidation, and signature verification.

- Improve debug output for CSRF token generation and verification, including logging differences in computed hash values.

Options
    • -14
    • +32
    ./tcl/security-procs.tcl
10:13 am

gustafn

added debugging hook for tracing CSRF livecyle

Options
    • -0
    • +1
    ./tcl/form-processing-procs.tcl
10:11 am

gustafn

improved log messages to pinpoint location and reason

Options
    • -2
    • +2
    ./tcl/01-database-procs.tcl
  2. … 1 more file in changeset.
Monday 03 Mar
9:26 am

gustafn

fixed variable name

Options
    • -3
    • +3
    ./tcl/utilities-procs.tcl
Friday 28 Feb
2:41 pm

gustafn

provent passwords from form being logged via ad_log

Options
    • -18
    • +11
    ./tcl/utilities-procs.tcl
Tuesday 04 Feb
7:15 pm

gustafn

ad_return_url: provide a positive list and a negative list for selecting included query variables

The new parameters follow the terminology of the "export_vars" command.

Options
    • -3
    • +11
    ./tcl/defs-procs.tcl
Friday 31 Jan
2:10 pm

gustafn

ad_return_url: new parameter "-exclude"

This change allows to exclude certain variables (which are e.g. considered as

confidential) from the form, which computes the return_url.

The change is based on a feature request in the OpenACS forums by Josue Cardona.

Options
    • -3
    • +5
    ./tcl/defs-procs.tcl
Sunday 19 Jan
10:01 am

gustafn

reapplied post 5-10 release fix

Many thanks to Claudio Pasolini for reporting and identifying the problem!

Options
    • -2
    • +2
    ./tcl/security-procs.tcl
9:54 am

gustafn

fixed bug security::validated_host_header

Many thanks to Claudio Pasolini for reporting and identifying the problem!

Options
    • -2
    • +2
    ./tcl/security-procs.tcl
Saturday 28 Dec 2024
5:58 pm

gustafn

Fixed 2 bugs: with remote code repository

- fixed repository URL when trying to "install-from-repositry"

on a checkout from the HEAD channel. The code tried to fetch

from a channel "6-0", which does not exist.

- determine the exact repository tag for repository channels

Options
    • -3
    • +14
    ./tcl/apm-install-procs.tcl
  2. … 1 more file in changeset.
4:39 pm

gustafn

Ported essential post-release fixes from oacs-5-10 branch

Options
    • -2
    • +8
    ./tcl/defs-procs.tcl
    • -8
    • +14
    ./tcl/install-procs.tcl
  3. … 2 more files in changeset.
4:37 pm

gustafn

improved comments

Options
    • -5
    • +7
    ./tcl/utilities-procs.tcl
Friday 27 Dec 2024
7:25 pm

gustafn

Fixed bug in install-from-repository (issue #3472)

Install from repository (e.g., of /dotlrn) was horribly broken, see,

e.g., issue #3472. Furthermore, this bug was hard to debug, since it

showed up just during a complex installation attempts involving

install.xml, and it requires fetching from the repository. Therefore,

the debug rounds were quite time-consuming.

There were several problems involved:

1) dotlrn/install.xml was trying to set the theme to the

dotlrn-bootstrap3-theme, which was not loaded from the repository

2) The loading order was not correct, since the theme requires an

existing dotlrn instance to register the theme templates there.

3) The tests in install::xml::action::mount checking, if the package

was already mounted were incorrect, probably since many years. It

looks to me as some refactorings of the "get_node_id" semantics

(many years ago) were not reflected in this code. This bug let

the code assume, that the package was already mounted. Therefore,

the package was never mounted, causing a long tail of subsequent

issues.

4) the site_node::instantiate_and_mount call in

install::xml::action::mount was called with incorrect parameters,

causing overwriting of the site root node, leaving the site

completely unusable.

Bumped version number of acs-tcl to 5.10.2d1

Options
    • -2
    • +2
    ./acs-tcl.info
    • -8
    • +14
    ./tcl/install-procs.tcl
6:31 pm

gustafn

fixed overquoting in "ad_progress_base_end"

Options
    • -2
    • +8
    ./tcl/defs-procs.tcl