OpenACS / openacs-4 / packages / acs-tcl / tcl

utilities-procs.tcl

Tools

Line History

Line Count Graph
Line Count Graph

Stats

Commits this week: 1
Total Committers: 33
Last Commit: 11 Jun
Commits this week: 1
Total Lines of Code (LoC): 4,828
Net change in LoC this week: 1

Commit Activity

Commits By Day In Week
52 week commits volume
Commits By Day In Week
Commits by day
Commits By Day In Week
Commits by hour
Commits By Hour In Day
Commit calendar
 

Most active committers (90 days)

loading
loading
  • last updated 15 hours ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
Sunday 08 Jun
11:57 am

gustafn

::util::resources::cdnjs_get_newest_version: support cases, where multiple tags are returned

Options
    • -2
    • +3
    ./utilities-procs.tcl
Thursday 05 Jun
3:42 pm

gustafn

added support for jsdelivr, since cdnjs misses many new releases

Options
    • -18
    • +52
    ./utilities-procs.tcl
  2. … 2 more files in changeset.
Thursday 24 Apr
5:56 pm

gustafn

new feature: added database vulnerability checks to posture overview

Extended the /acs-admin/posture-overview page to include known CVEs

for both the database client library and the database server in

use. Previously, the overview displayed privacy and privilege analyses

and flagged vulnerable JavaScript libraries; it now also surfaces

database‐related vulnerabilities.

* Leverage the NaviServer–nsdbpg API to fetch and display client‐ and

server‐side version numbers

* Drive this feature via a database‐agnostic interface—only the nsdbpg

driver currently returns versions, but support for other databases

can be added by updating their drivers (no NaviServer core changes

required)

To use this new feature, use the latest NaviServer and nsdbpg releases.

Otherwise, the section "Database Vulnerability Check" won't appear.

Options
    • -7
    • +76
    ./utilities-procs.tcl
  2. … 2 more files in changeset.
Thursday 03 Apr
7:16 pm

gustafn

Fixed snyk vulnerability check (backport from HEAD)

Snyk page has changed, we have to switch the pattern we are looking for.

Bumped version number to flage the change to "upgrade from repository"

Options
    • -2
    • +2
    ./utilities-procs.tcl
  2. … 1 more file in changeset.
7:11 pm

gustafn

Fixed snyk vulnerability check

Snyk page has changed, we have to switch the pattern we are looking for.

Options
    • -2
    • +2
    ./utilities-procs.tcl
Wednesday 02 Apr
10:58 am

gernst

Do not modify posted form data when logging the request. In addition mask log output for all fields having password in their name

Options
    • -6
    • +9
    ./utilities-procs.tcl
Monday 03 Mar
9:26 am

gustafn

fixed variable name

Options
    • -3
    • +3
    ./utilities-procs.tcl
Friday 28 Feb
2:41 pm

gustafn

provent passwords from form being logged via ad_log

Options
    • -18
    • +11
    ./utilities-procs.tcl
Saturday 28 Dec 2024
4:37 pm

gustafn

improved comments

Options
    • -5
    • +7
    ./utilities-procs.tcl
Monday 25 Nov 2024
2:20 pm

gustafn

removed deprecated "ns_set new" by "ns_set create"

Options
    • -19
    • +4
    ./utilities-procs.tcl
  2. … 1 more file in changeset.
Thursday 07 Nov 2024
12:54 pm

antoniop

Extend user_message feature so that a "severity" information can be passed alongside the message

This allows theme templates to color code messages according to their severity. Severity follows the Bootstrap nomenclature of "info", "success", "warning" and "danger".

Default severity has been set to "success" consistent with styling applied so far by OpenACS to the user messages.

Options
    • -4
    • +14
    ./utilities-procs.tcl
  2. … 8 more files in changeset.
Thursday 24 Oct 2024
4:09 pm

gustafn

make use of new NaviServer command: ns_joinurl

the implementation provides a fallback when used with older versions of

NaviServer

Options
    • -26
    • +5
    ./utilities-procs.tcl
  2. … 1 more file in changeset.
Monday 21 Oct 2024
5:49 pm

gustafn

improved inline documentation

Options
    • -1
    • +4
    ./utilities-procs.tcl
  2. … 1 more file in changeset.
Sunday 20 Oct 2024
12:13 pm

gustafn

improved API documentation

Options
    • -13
    • +22
    ./utilities-procs.tcl
  2. … 1 more file in changeset.
Friday 18 Oct 2024
2:02 pm

gustafn

fixed test cases and improve documentation, added :util::block_request

Options
    • -6
    • +36
    ./utilities-procs.tcl
Wednesday 16 Oct 2024
11:21 am

gustafn

Added code to skip suspicious looking query variables

On openacs.org, we are experiencing numerous requests with

multiply very long and strange query variables like in the example

below. So far, it is not clear, whether these requests are the

consequence of a double encoding or a deliberate attack. Many (most)

of the requests contain the query variable names containing the

(decoded) pattern "*amp;*".

This is a relatively new phenomenon. I cannot exclude that this is a

bug introduced lately in OpenACS, or a bug in an external bot, or

whatever. The problem with these query variables is that OpenACS

propagates these further, e.g., when updating query variables in

ad_dimensional, via export_vars, or return_urls.

Since OpenACS never uses these query-variables, these can be safely

skipped, without loosing functionality in OpenACS. It is possible to

construct examples, where skipping such variables can change the

semantics. Therefore, the change introduces a single function

util::suspicious_query_variable where in case of problems, the

skipping feature can be deactivated.

GET /api-doc/proc-browse?amp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3btype=All&amp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3borderby=name&type=All&amp%3btype=All&amp%3bamp%3btype=All&amp%3bamp%3bamp%3btype=All&amp%3bamp%3bamp%3bamp%3btype=All&amp%3bamp%3bamp%3bamp%3bamp%3btype=All&amp%3bamp%3bamp%3bamp%3bamp%3bamp%3btype=All&amp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3btype=All&amp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3btype=All&amp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3borderby=name&amp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3btype=Private&amp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3btype=All&amp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3btype=All&amp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3btype=All&amp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3borderby=name&amp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3btype=All HTTP/1.1" 200 62378 "" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/605.1.15 (KHTML, like Gecko; compatible; FriendlyCrawler/1.0) Chrome/120.0.6099.216 Safari/605.1.15" "1729029614.331581 0.109805 0.000434 0.004026 0.215927

Options
    • -4
    • +56
    ./utilities-procs.tcl
  2. … 6 more files in changeset.
Wednesday 11 Sep 2024
8:11 am

gustafn

merge with missing files

Options
    • -0
    • +0
    ./utilities-procs.tcl
  2. … 1464 more files in changeset.
Tuesday 03 Sep 2024
5:37 pm

gustafn

merge from oacs-5-10

Options
    • -1307
    • +1701
    ./utilities-procs.tcl
  2. … 8099 more files in changeset.
Thursday 29 Aug 2024
10:37 am

gustafn

Use "ns_mkdtemp" when available to create temporary directories

Options
    • -13
    • +27
    ./utilities-procs.tcl
  2. … 1 more file in changeset.
Tuesday 27 Aug 2024
3:01 pm

gustafn

align nameing with 'resource_info_procs'

Options
    • -4
    • +4
    ./utilities-procs.tcl
  2. … 7 more files in changeset.
Tuesday 20 Aug 2024
3:58 pm

gustafn

Fix potential problems when calling polymorphic SQL functions from Tcl

Some functions are defined in the database with the same number of

arguments but different types, e.g., first argument "package_key"

(type text) or "package_id" (type integer). This is fine from the SQL

standpoint, but when calling from Tcl via bind-vars

(e.g. ":package_id"), everything is passed as a string, and

potentially, the wrong function is called.

Now, all the automatically generated subs are generated with casts,

when the integer based variant must be called.

Some examples:

Before:

set s [ns_pg_bind 0or1row $__DB {select apm__set_value(:package_id,:parameter_name,:attr_value)}]

set s [ns_pg_bind 0or1row $__DB {select apm__get_value(:package_id,:parameter_name)}]

Now:

set s [ns_pg_bind 0or1row $__DB {select apm__set_value(CAST(:package_id AS integer),:parameter_name,:attr_value)}]

set s [ns_pg_bind 0or1row $__DB {select apm__get_value(CAST(:package_id AS integer),:parameter_name)}]

- bumped version number to 5.10.1b11

Options
    • -2
    • +2
    ./utilities-procs.tcl
  2. … 2 more files in changeset.
Saturday 17 Aug 2024
7:07 pm

gustafn

More resource-info updates:

- fixed wrong and inconsistent naming of dict members (many thanks to Sebastian Scheder for figuring this out)

- removed duplicated slashes in resource paths

- fixed incorrect paths when CDN is used

- simplified handling of cspMaps

- added test checking consistency of resource-info dicts

Options
    • -10
    • +10
    ./utilities-procs.tcl
  2. … 10 more files in changeset.
Tuesday 13 Aug 2024
4:33 pm

gustafn

::util::resources::resource_info_procs: function to improve roustness of fetching of resource info procs

bumped version number to 5.10.1b10

Options
    • -3
    • +43
    ./utilities-procs.tcl
  2. … 1 more file in changeset.
Monday 12 Aug 2024
3:03 pm

gustafn

added link to snyk advisor (bumped version to 5.10.1b9)

Options
    • -2
    • +6
    ./utilities-procs.tcl
  2. … 3 more files in changeset.
Sunday 11 Aug 2024
8:22 am

gustafn

Further simplify handling of resource_info specs

- Added convenience function "::util::resources::register_urns" to

register all URNs with CSP handling provided by a package (denoted

by its top level namespace)

- made parameter "version" in "check-installed" include optional

- bumped version number to 5.10.1b8

Options
    • -1
    • +25
    ./utilities-procs.tcl
  2. … 2 more files in changeset.
Monday 05 Aug 2024
4:42 pm

gustafn

factored out vulerability check to make it reusable

- New proc ::util::resources::check_vulnerability

- bumped verison number to 5.10.1b7

Options
    • -1
    • +40
    ./utilities-procs.tcl
  2. … 3 more files in changeset.
Tuesday 30 Jul 2024
7:53 pm

gustafn

improved spelling

Options
    • -2
    • +2
    ./utilities-procs.tcl
  2. … 4 more files in changeset.
7:49 pm

gustafn

added comment

Options
    • -1
    • +8
    ./utilities-procs.tcl
1:22 pm

antoniop

Latest released NaviServer still requires for servers using SNI that the -hostname flag is specified with ns_http, while it seems that in latest code we can omit it

The wrapper utility already takes care of this

Options
    • -3
    • +3
    ./utilities-procs.tcl
12:25 pm

gustafn

Ease management of external js packages to automate admin tasks

- provide explicit information about optional package paramters

- make these accessible from site-wide admin pages

- provide information, how the configuration of the version number happend

- improve design of site-wide admin pages with action items

- further streamlined handling of external js packages

Options
    • -3
    • +4
    ./utilities-procs.tcl
  2. … 18 more files in changeset.