• last updated 4 hours ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
Test the behavior of the file-storage when a malicious user would try to store a pre-existing file on the server as its own

The fix for the file-storage is a simple validation to make sure that the tmpfile exists, however, for the generic case of the file widget, we cannot trust the tmpfile value when this was not generated by the server. This will probably cause regression when one wants to show a "preview" of a form, to be continued.

  1. … 2 more files in changeset.
Prevent names made only of invalid characters to end up null after sanitization, as done in other UIs in this package

improve validation

provide missing value for inform widget

improve validation

Make use of util::file_content_check and check also in other cases

This change also covers the case, where the checkmark for uploading

zip files was added marked in "upload file". It will also report

errors which were silently swalled before.

Bumped version number to 5.10.1d1

  1. … 1 more file in changeset.
provide value attribute

added validator for zip files

Don't try to deliver files that do not have any live revision

Fix typo

Restrict more the kind of items that can pass through the initial check

Deprecate template::util::tcl_to_sql_list, completely replaced by ns_dbquotelist, a native NaviServer command

  1. … 15 more files in changeset.
Fix typo

Similar to the folder-create script, complain if the filename turns out empty after sanitizing

fix SQL query

break overlong lines and whitespace cleanup

Intercept the cornercase of a pretty name made exclusively of invalid characters, which would result in an empty cr_items.name and in an error

Bring SQL inline, cleanup obsolete remarks

Whitespace changes

Reduce divergency between oracle and postgres codebase

Whitespace cleanup

  1. … 1 more file in changeset.
Make sure a non-empty return URL is always provided when downloading a zipfile, or the javascript idiom implementing the redirect would return to the page itself and restart the archiving from scratch

regenerated documentation

  1. … 466 more files in changeset.
Improve zip file download solution: instead of a link to be clicked, stay closer to previous implementation and trigger the download automatically by including an invisible iframe pointing to the file in the user message

  1. … 4 more files in changeset.
file download-zip-2.tcl was initially added on branch oacs-5-10.

Implement a simple "progress-bar" interaction when one downloads a zip file:

file is generated while the progress bar is running and the download link is generated and served to the user as part of a util_user_message

  1. … 4 more files in changeset.
Move operations so that they are closer to their computation's actual usage

We are only interested in the side effects of this computation

Break overlong line

Take more advantage of exception handling