OpenACS / openacs-4 / packages / acs-tcl / tcl

tcl-documentation-procs.tcl

Tools

Line History

Line Count Graph
Line Count Graph

Stats

Commits this week: 0
Total Committers: 16
Last Commit: 03 Nov 18
Commits this week: 0
Total Lines of Code (LoC): 2,311
Net change in LoC this week: 0

Commit Activity

Commits By Day In Week
52 week commits volume
Commits By Day In Week
Commits by day
Commits By Day In Week
Commits by hour
Commits By Hour In Day
Commit calendar
 

Most active committers (90 days)

loading
loading
  • last updated 14 hours ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
Thursday 16 Mar
3:17 pm

gustafn

addeded page contract filter: safetclchars

safetclchars should be used in cases, were the variable value is passed

to "subst", or "eval"...

Options
    • -2
    • +25
    ./tcl-documentation-procs.tcl
  2. … 1 more file in changeset.
Tuesday 07 Feb
5:57 pm

antoniop

Deprecate usphone page filter, as a more generic alternative exists that does not assume the US as target audience

Options
    • -3
    • +8
    ./tcl-documentation-procs.tcl
2:15 pm

antoniop

Deprecate ad_dateentrywidget, with hardcoded values, superseded by modern features

Options
    • -3
    • +3
    ./tcl-documentation-procs.tcl
  2. … 3 more files in changeset.
Tuesday 13 Sep 2022
6:55 pm

gernst

ns_quotehtml user submitted value inside error message to prevent potential XSS attack

Options
    • -3
    • +3
    ./tcl-documentation-procs.tcl
Thursday 08 Sep 2022
6:16 pm

antoniop

Allow to deprecate ad_page_contract_filters, improve doc

Options
    • -4
    • +11
    ./tcl-documentation-procs.tcl
Monday 29 Aug 2022
12:34 pm

gustafn

improve spelling

Options
    • -3
    • +3
    ./tcl-documentation-procs.tcl
  2. … 6 more files in changeset.
Friday 26 Aug 2022
2:06 pm

antoniop

tmpfile page contract filter reform:

do not allow acs-subsite TmpDir parameter to define where the tmpfolder is located anymore. This MUST be the one configured in the server-wide configuration. Tmpfiles cannot be in a subfolder of the tmpfolder, they MUST be direct children instead. A tmpfile MUST exist beforehand and be owned, be readable and writable by the user running the nsd process. This complies with the definition of a tmpfile by AolServer/NaviServer when they are created to store content coming from a file upload.

Options
    • -24
    • +10
    ./tcl-documentation-procs.tcl
  2. … 4 more files in changeset.
Thursday 25 Aug 2022
6:01 pm

antoniop

Extend tmpfile filter to behave in the "old way" (default), or in strict mode e.g. tmpfile(strict), enforcing the behavior for tmpfile in Aolserver/Naviserver when a form is processed

Options
    • -12
    • +30
    ./tcl-documentation-procs.tcl
5:37 pm

antoniop

Reimplement ad_page_contract_filter_proc_tmpfile using security::safe_tmpfile_p

Some of the features implemented by this filter have been ported into the api, namely the possibility to fetch the valid temp folders from the subsite TmpDir parameter and the possibility to relax the check and allow also files deeper in the tmpfolder hierachy.

Notably, the hardcoded tmpfolders "/var/tmp" and "/tmp" have NOT been ported. One should configure these values via the many available options. security::safe_tmpfile_p is also more restrictive when a file exists, because it checks for ownership and read and write permissions on the file.

Options
    • -17
    • +8
    ./tcl-documentation-procs.tcl
  2. … 2 more files in changeset.
Tuesday 23 Aug 2022
8:44 pm

gustafn

Properly escape "<" and ">" in api-doc documentation.

Since all documentation is rendered via HTML, the characters

"<" and ">" have to be HTML-quoted, otherwise strange things

(omission, unintended renderings) might occur.

E.g. the sentence

Define an interface between a page and an

ADP <include> similar to the page_contract.

was rendered as

Define an interface between a page and an

ADP similar to the page_contract.

which is incorrect.

Options
    • -17
    • +22
    ./tcl-documentation-procs.tcl
  2. … 13 more files in changeset.
Thursday 14 Jul 2022
6:58 pm

antoniop

Fix typo

Options
    • -2
    • +2
    ./tcl-documentation-procs.tcl
6:56 pm

antoniop

Provide a default value for the filter

Options
    • -1
    • +5
    ./tcl-documentation-procs.tcl
6:55 pm

antoniop

New ad_page_contract filter object_type

Rhis can enforce an object id to not only be formally correct, but also to be an object of a specific type. It can also be used as a simple existance check

Options
    • -1
    • +25
    ./tcl-documentation-procs.tcl
  2. … 1 more file in changeset.
5:17 pm

antoniop

Update documentation

Options
    • -1
    • +7
    ./tcl-documentation-procs.tcl
4:30 pm

antoniop

Collect common definition of an argspec flag in a proc to improve clarity

Options
    • -6
    • +16
    ./tcl-documentation-procs.tcl
3:52 pm

antoniop

Introduce a new clock ad_page_contract filter:

this filter enforces that a datestring belongs to one of the clock formats specified in the argspec. By default, this will be %Y-%m-%d.

Options
    • -1
    • +24
    ./tcl-documentation-procs.tcl
3:35 pm

antoniop

Cleanup

Options
    • -7
    • +2
    ./tcl-documentation-procs.tcl
3:31 pm

antoniop

ad_page/include_contract argspec parsing reform: allow arbitrary characters in the argspec flag parameters

This reform allows to specify an argspec containing pipes, parenthesys and other so far forbidden characters as parameters for a flag. The purpose is to enhance the expressiveness of existing validators (e.g. the oneof validator) and enable new one, for instance, a date validator using a clock format as parameter.

Pipes and parenthesys need to be escaped via the backslash character in the new syntax.

Options
    • -11
    • +93
    ./tcl-documentation-procs.tcl
  2. … 1 more file in changeset.
Thursday 04 Nov 2021
5:11 pm

gustafn

mitigate attacks, where the referer header field is changed to a malicious value

The problem does not exist, when CSP is defined properly.

Many thanks to Frank Bergmann for sharing the pen-test protocol

Options
    • -5
    • +5
    ./tcl-documentation-procs.tcl
  2. … 2 more files in changeset.
Thursday 30 Sep 2021
6:21 pm

antoniop

Set ad_include_contract's local variables in a way that they are hinted as private by the "__" prefix: this reduces the chance of conflicting with popular variable names to pass to an include such as "context"

Options
    • -5
    • +5
    ./tcl-documentation-procs.tcl
Friday 24 Sep 2021
1:38 pm

gustafn

Improved spelling

Options
    • -2
    • +2
    ./tcl-documentation-procs.tcl
  2. … 1 more file in changeset.
Friday 20 Aug 2021
10:38 am

gustafn

add log warnings when include-contract is violated, since (in most cases) the passed values should be pre-checked

Options
    • -4
    • +13
    ./tcl-documentation-procs.tcl
Monday 02 Aug 2021
7:38 pm

gustafn

make using page-filter "object_id" backwards compatible by allowing it to be used also during update scripts

Options
    • -5
    • +20
    ./tcl-documentation-procs.tcl
  2. … 1 more file in changeset.
Thursday 24 Jun 2021
1:36 pm

hectorr

Reuse email validation logic

Options
    • -2
    • +2
    ./tcl-documentation-procs.tcl
12:42 pm

hectorr

Fix ancient typo

Options
    • -2
    • +2
    ./tcl-documentation-procs.tcl
Thursday 27 May 2021
9:08 pm

gustafn

use the right message key

VS: ----------------------------------------------------------------------

Options
    • -2
    • +2
    ./tcl-documentation-procs.tcl
Sunday 23 May 2021
7:56 pm

gustafn

Added page_contract filter "object_id"

This change adds the page_contract filter "object_id", which validates

values whether these are syntactically acceptable as object_ids in

PostgreSQL and Oracle.

Note that before one is able to use the filter, the server has to be

restarted. Otherwise, when e.g. "apm/version_reload.tcl" would be

executed with the new filter, it would fail. So, one has to be careful

on update scripts, when people upgrade from old version not to create

a blocking mutual blocking condition.

Options
    • -2
    • +30
    ./tcl-documentation-procs.tcl
  2. … 4 more files in changeset.
Friday 23 Apr 2021
11:01 am

gernst

Remove non-functional "double click protection" in order to remove a potential attack vector

Options
    • -16
    • +1
    ./tcl-documentation-procs.tcl
  2. … 1 more file in changeset.
Thursday 22 Apr 2021
8:47 pm

gustafn

added page contract filter "printable" to avoid passing of binary values to certain pages

Options
    • -1
    • +20
    ./tcl-documentation-procs.tcl
  2. … 2 more files in changeset.
Friday 27 Nov 2020
10:27 am

gustafn

provide name for mutexes to ease spotting potential locks

Options
    • -4
    • +3
    ./tcl-documentation-procs.tcl
  2. … 1 more file in changeset.