OpenACS / openacs-4 / packages / acs-tcl / tcl

tcl-documentation-procs.tcl

Tools

Line History

Line Count Graph
Line Count Graph

Stats

Commits this week: 0
Total Committers: 16
Last Commit: 14 May
Commits this week: 0
Total Lines of Code (LoC): 2,628
Net change in LoC this week: 0

Commit Activity

Commits By Day In Week
52 week commits volume
Commits By Day In Week
Commits by day
Commits By Day In Week
Commits by hour
Commits By Hour In Day
Commit calendar
 

Most active committers (90 days)

loading
loading
  • last updated 15 hours ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
Friday 13 Dec 2024
10:40 am

gustafn

avoid error, when page_contract is called without an ns_set and without an open connection

Options
    • -4
    • +8
    ./tcl-documentation-procs.tcl
Wednesday 13 Nov 2024
9:43 am

gustafn

prefer more efficient approach to iterate over all key/values of an ns_set

Options
    • -18
    • +5
    ./tcl-documentation-procs.tcl
Tuesday 24 Sep 2024
1:44 pm

antoniop

Ensure we fail the check and complain when a localurl is invalid

Options
    • -10
    • +15
    ./tcl-documentation-procs.tcl
Thursday 19 Sep 2024
12:59 pm

antoniop

Fix passing complaints info to the complain template

Options
    • -3
    • +5
    ./tcl-documentation-procs.tcl
Wednesday 11 Sep 2024
8:11 am

gustafn

merge with missing files

Options
    • -0
    • +0
    ./tcl-documentation-procs.tcl
  2. … 1464 more files in changeset.
Tuesday 03 Sep 2024
5:37 pm

gustafn

merge from oacs-5-10

Options
    • -116
    • +435
    ./tcl-documentation-procs.tcl
  2. … 8099 more files in changeset.
Tuesday 27 Aug 2024
2:12 pm

gustafn

fixed old bug via regression test in page contract filters

The binding variable for "min_length" and others was not passed correctly.

We saw unexpected warning of the following form during regression test:

Warning: Message contains a variable named 'min_length' which doesn't exist in the caller's environment:

Options
    • -4
    • +4
    ./tcl-documentation-procs.tcl
1:29 pm

gustafn

handle cases in the page contract, when not connected (used this way in the regression test)

Options
    • -5
    • +9
    ./tcl-documentation-procs.tcl
Monday 26 Aug 2024
4:28 pm

gustafn

comment unexpectged behaviour

Options
    • -2
    • +7
    ./tcl-documentation-procs.tcl
Tuesday 20 Aug 2024
10:41 am

antoniop

Make localurl filter more robust to invalid URLs: fail validation in this case, intead of crashing

Options
    • -5
    • +9
    ./tcl-documentation-procs.tcl
Wednesday 24 Jul 2024
12:01 pm

gustafn

fix broken variable name

Options
    • -3
    • +3
    ./tcl-documentation-procs.tcl
11:06 am

gustafn

Do not allow unusual schemas like base64 and json as local URLs

This case was flagged by a vulnerability scan, but at least at the found instance

it was a false positive...

Options
    • -5
    • +9
    ./tcl-documentation-procs.tcl
Friday 05 Apr 2024
10:28 am

gustafn

Improved readability of configuration parameter "parameterSecret"

- Switched to camelCase for better readabilty and uniformity

- NaviServer configuration parameters are case insensitive, so no danger for backward compatibility

Options
    • -4
    • +4
    ./tcl-documentation-procs.tcl
  2. … 5 more files in changeset.
Thursday 15 Feb 2024
7:04 pm

gustafn

page filters with NUL value

Prefer "string first" over "regexp" since this is twice as fast.

Options
    • -4
    • +5
    ./tcl-documentation-procs.tcl
1:27 pm

antoniop

Provide facilities to validate against invalid SQL strings

We introduce a new page contract filter and nsf validator called "dbtext". They implement enforcing of a value to be useable in an SQL query. Currently, this means that the value should not contain the NUL character, but the definition may change in the future or become database-specific.

The html contract filter has also be extended to reject the NUL character.

The test suite has been updated/extended to reflect the changes.

Options
    • -2
    • +30
    ./tcl-documentation-procs.tcl
  2. … 2 more files in changeset.
Tuesday 13 Feb 2024
5:48 pm

antoniop

Reform of error handling in ad_page_contract when template recursion is detected

A "complaint recursion" happens if a validation error takes place in one of the templates used while rendering the error page (for instance, anything we include in the master template or the master template itself).

Previously, we would give up complaining after 10 recursions were detected. This had the consequence that after 10 attempt, the failing template involved in rendering the complaint would be fed the invalid data we were trying to reject.

Now, we complain and stop the execution as soon as a recursion is detected. The error will be rendered in a very basic way that overrides the templating system, so that we can exit the recursion cycle.

In practice, only malicious page manipulation attempts should be affected by this change.

Options
    • -35
    • +60
    ./tcl-documentation-procs.tcl
Thursday 16 Mar 2023
3:17 pm

gustafn

addeded page contract filter: safetclchars

safetclchars should be used in cases, were the variable value is passed

to "subst", or "eval"...

Options
    • -2
    • +25
    ./tcl-documentation-procs.tcl
  2. … 1 more file in changeset.
Tuesday 07 Feb 2023
5:57 pm

antoniop

Deprecate usphone page filter, as a more generic alternative exists that does not assume the US as target audience

Options
    • -3
    • +8
    ./tcl-documentation-procs.tcl
2:15 pm

antoniop

Deprecate ad_dateentrywidget, with hardcoded values, superseded by modern features

Options
    • -3
    • +3
    ./tcl-documentation-procs.tcl
  2. … 3 more files in changeset.
Tuesday 13 Sep 2022
6:55 pm

gernst

ns_quotehtml user submitted value inside error message to prevent potential XSS attack

Options
    • -3
    • +3
    ./tcl-documentation-procs.tcl
Thursday 08 Sep 2022
6:16 pm

antoniop

Allow to deprecate ad_page_contract_filters, improve doc

Options
    • -4
    • +11
    ./tcl-documentation-procs.tcl
Monday 29 Aug 2022
12:34 pm

gustafn

improve spelling

Options
    • -3
    • +3
    ./tcl-documentation-procs.tcl
  2. … 6 more files in changeset.
Friday 26 Aug 2022
2:06 pm

antoniop

tmpfile page contract filter reform:

do not allow acs-subsite TmpDir parameter to define where the tmpfolder is located anymore. This MUST be the one configured in the server-wide configuration. Tmpfiles cannot be in a subfolder of the tmpfolder, they MUST be direct children instead. A tmpfile MUST exist beforehand and be owned, be readable and writable by the user running the nsd process. This complies with the definition of a tmpfile by AolServer/NaviServer when they are created to store content coming from a file upload.

Options
    • -24
    • +10
    ./tcl-documentation-procs.tcl
  2. … 4 more files in changeset.
Thursday 25 Aug 2022
6:01 pm

antoniop

Extend tmpfile filter to behave in the "old way" (default), or in strict mode e.g. tmpfile(strict), enforcing the behavior for tmpfile in Aolserver/Naviserver when a form is processed

Options
    • -12
    • +30
    ./tcl-documentation-procs.tcl
5:37 pm

antoniop

Reimplement ad_page_contract_filter_proc_tmpfile using security::safe_tmpfile_p

Some of the features implemented by this filter have been ported into the api, namely the possibility to fetch the valid temp folders from the subsite TmpDir parameter and the possibility to relax the check and allow also files deeper in the tmpfolder hierachy.

Notably, the hardcoded tmpfolders "/var/tmp" and "/tmp" have NOT been ported. One should configure these values via the many available options. security::safe_tmpfile_p is also more restrictive when a file exists, because it checks for ownership and read and write permissions on the file.

Options
    • -17
    • +8
    ./tcl-documentation-procs.tcl
  2. … 2 more files in changeset.
Tuesday 23 Aug 2022
8:44 pm

gustafn

Properly escape "<" and ">" in api-doc documentation.

Since all documentation is rendered via HTML, the characters

"<" and ">" have to be HTML-quoted, otherwise strange things

(omission, unintended renderings) might occur.

E.g. the sentence

Define an interface between a page and an

ADP <include> similar to the page_contract.

was rendered as

Define an interface between a page and an

ADP similar to the page_contract.

which is incorrect.

Options
    • -17
    • +22
    ./tcl-documentation-procs.tcl
  2. … 13 more files in changeset.
Thursday 14 Jul 2022
6:58 pm

antoniop

Fix typo

Options
    • -2
    • +2
    ./tcl-documentation-procs.tcl
6:56 pm

antoniop

Provide a default value for the filter

Options
    • -1
    • +5
    ./tcl-documentation-procs.tcl
6:55 pm

antoniop

New ad_page_contract filter object_type

Rhis can enforce an object id to not only be formally correct, but also to be an object of a specific type. It can also be used as a simple existance check

Options
    • -1
    • +25
    ./tcl-documentation-procs.tcl
  2. … 1 more file in changeset.
5:17 pm

antoniop

Update documentation

Options
    • -1
    • +7
    ./tcl-documentation-procs.tcl