• last updated 20 hours ago
Constraints: committers
Constraints: files
Constraints: dates
strengthen boolean parameters in page contracts

  1. … 23 more files in changeset.
Make values optional, as the user should supply them via the form

Reintroduce "short_name" list element in the folder-chunk, used in the list format and not exactly equivalent to "name"

regenerated documentation

  1. … 294 more files in changeset.
Sign the return_url we set when we generate a zip file to prevent tampering

Make sure, that also when the number of days is supplied as empty, we set it to a valid default

harden page_contract

Deprecate trivial fs::get_archive_extension and inline its only upstream occurrence

  1. … 1 more file in changeset.
check permission before adding file to zip directory

Improve validation

Fix typo

Refactor the query in the folder-chunk page so that on postgres one can enforce permissions in bulk, rather than for each file

Make use of new API "ad_mktmpdir" and "ad_opentmpfile" instead of "ad_tmpnam"

  1. … 2 more files in changeset.
Make use of new API "ad_mktmpdir" and "ad_opentmpfile" instead of "ad_tmpnam"

  1. … 4 more files in changeset.
provided a helper proc to query the mapping of a generic icon name to a concrete

This function is necessary in boundary cases, where e.g. a display_template passes the generic

name of the icon via template variables which have to be

@-substituted before adp-tag resolution, which performs the

regular icon name mapping (otherwise, the tag resolver receives

e.g. ...name=@icon@...)

  1. … 3 more files in changeset.
prefer adp:icon over old-style .gif images

  1. … 2 more files in changeset.
Don't go to the cache to tell if a command is available

Don't go to the cache to tell if commands are available

Don't go to the cache to tell if the views package is installed

Test the behavior of the file-storage when a malicious user would try to store a pre-existing file on the server as its own

The fix for the file-storage is a simple validation to make sure that the tmpfile exists, however, for the generic case of the file widget, we cannot trust the tmpfile value when this was not generated by the server. This will probably cause regression when one wants to show a "preview" of a form, to be continued.

  1. … 2 more files in changeset.
Prevent names made only of invalid characters to end up null after sanitization, as done in other UIs in this package

improve validation

provide missing value for inform widget

improve validation

Make use of util::file_content_check and check also in other cases

This change also covers the case, where the checkmark for uploading

zip files was added marked in "upload file". It will also report

errors which were silently swalled before.

Bumped version number to 5.10.1d1

  1. … 1 more file in changeset.
provide value attribute

added validator for zip files

Don't try to deliver files that do not have any live revision

Fix typo

Restrict more the kind of items that can pass through the initial check