• last updated 12 hours ago
Constraints: committers
Constraints: files
Constraints: dates
fix once more handling of internal redirects in error cases

many thanks to thomas renner!

Remove message keys sanitizing, which does not belong here

use the right message key

VS: ----------------------------------------------------------------------

Fixed a bug in the request processor, when URL is /%3F

The problem was that /%3F corresponds to a URL which is literally '/?'

(question mark is not the separator for query variables). In this case

a "string match" operation to determine the suffix based on this

string will lead to unexpected characters since '?' is a match

character. This lead in turn to a problem with redirects to the

internally redirect of custom error pages. So, in this case (and

probably others) the custom error page was not displayed.

improved spelling

Added page_contract filter "object_id"

This change adds the page_contract filter "object_id", which validates

values whether these are syntactically acceptable as object_ids in

PostgreSQL and Oracle.

Note that before one is able to use the filter, the server has to be

restarted. Otherwise, when e.g. "apm/version_reload.tcl" would be

executed with the new filter, it would fail. So, one has to be careful

on update scripts, when people upgrade from old version not to create

a blocking mutual blocking condition.

  1. … 3 more files in changeset.
improve comments

new variant of zip_file_contains_valid_filenames independent of "unuip -l"

unfortunately the behavior of "unzip -l" differs not only between

macOS and Linux, but even between different linux families, although

showing the same version.

fix typo

improve handling of zip files that contain filenames, which are not valid UTF-8

In acs-tcl.documentation__check_proc_doc automated test, if the test fails on procs that belong to namespaces outside the OpenACS codebase, just issue a warning rather than failing

improved listing of covered procs

added minor debugging aids, make disk-cache more similar to ns_cache

Remove non-functional "double click protection" in order to remove a potential attack vector

added page contract filter "printable" to avoid passing of binary values to certain pages

  1. … 1 more file in changeset.
removed unclear test

Whitespace changes + Editor hints

Relax error level

whitespace changes

  1. … 2 more files in changeset.
Mark 'whos_online::interval' as public, as it is used in 'acs-subsite'

Make a bunch of apm procs public, as they are used in 'acs-admin'.

Could be worth considering moving the ones used only in 'acs-admin' to that package, and making them private again, leaving public only those who may be useful to other packages/applications (i.e. CI/CD logic).

Mark 'apm_application_new_checkbox' as public, as it is used in the site-map

Mark 'sec_get_random_cached_token_id' as public, as it is used in 'acs-subsite'

Mark 'apm_mark_version_for_reload' as public, as it is used in 'acs-automated-testing'

Check also token value in nsv in 'secret_tokens_get' test case

fix and extend regression test, when bread-crumb label needs quoting

Whitespace changes

Change test category and rollback after execution

Add new 'secret_tokens_get' and refactor 'test_set_cookie_procs' to include cases handled by the deleted ancient tests in 'acs-admin/www/test/signed-cookies-test'

    • -64
    • +118
Improve robustness over invalid configurations

Previouly, the configuration of invalid hostnames (i.e. hostnames,

which cannot be resolved via the OS means) for a network driver

lead to runtime errors under certain conditions.