• last updated 20 hours ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
reduced verbosity

tdom: "dom parse -html" implies the "simple" parser

The flag "-simple" is not needed when parsing with the flag "-html". This meanse

that

dom parse -simple -html ...

is equivalent with

dom parse -html ...

  1. … 3 more files in changeset.
Always use "--" in "dom parse" when document is interpolated

This is a safety measure to make sure that the document parsed is

never confused with an option, when the document starts with a "-". In

the best case, the error message provided by "dom parse" might be

misleading. This might be a problem for user contributed documents

(passed as variables, or return values from functions).

The double dash is supported in tdom since version 0.9.0.

  1. … 18 more files in changeset.
improved spelling

  1. … 14 more files in changeset.
improved spelling

  1. … 1 more file in changeset.
Fix variable name

Reduced attack vectors for query and form variables while keeping semantics

- improve form_parameter and query variable validation

- revert partly change: it is intentional that in case of validation errors, the

instances variables of the in-memory object contain invalid data in order

to be able to show the use the invalid data in the form.

- prefer "string first" idiom over regular expression

Fix typo

Revert to an approach that will not change the [self] object, which has unexpected consequences

Use a better idiom to revert changes on the object, that e.g. will handle the same arrays and variables

Port of downstream modification:

do not restrict the format the user can supply. Sanitize the filename later and complain only if this is made exclusively of invalid characters.

get_form_data reform:

when validation fails, revert all changes performed on the object while filling up the form fields.

Rationale: when validation fails, we do not persist the data. The same we should not let unvalidated data sneak into the object, as this may be e.g. displayed on the page or be otherwise used by the system.

Do not retrieve extra_css from query_parameters, as this is vulnerable to injections

Many thanks to Markus Moser

Fix syntax of new oneof value checker

  1. … 1 more file in changeset.
Validate nls_language so that the only values allowed are existing enabled locales

  1. … 1 more file in changeset.
move "-destroy_on_cleanup" towards the end of the parameter list

This change improves protection about ambiguous user input

  1. … 8 more files in changeset.
use wordchar instead of word

intensify validation of form variables

  1. … 1 more file in changeset.
Update api

Use signed value for form_parameter "__object_name"

Bumped version number to 5.10.1d40

  1. … 3 more files in changeset.
increased value checking for paramter that might be influenced by user input

  1. … 8 more files in changeset.
improved checking of parameter values, which might be influenced via query parameters

  1. … 6 more files in changeset.
reduce verbosity

Added support for passing parameter_name:value_constraint to xowiki::Package->get_parameter

- The get_parameter method can get values from query-parameters, therefore

we have to validate these.

- Use the new feature at several places (especially for boolean values)

- Still, more places should be checked

- bumped xowiki to 5.10.1d37

- bumped xotcl-core to 5.10.1d14

  1. … 10 more files in changeset.
query_parameter_return_url is defined on the package

improve spelling

  1. … 7 more files in changeset.
Validate field names when these might come directly from the POST request and therefore contain arbitrary text

Fix typo in comment

Use existing api to tell whether a formfield is disabled or not and to set/unset disabled on a field, handle the case of checkboxes and select fields, where the attribute should not be set whe it is false (e.g. disabled=0 == disabled)

This fixes upstream automated tests on xowiki and xowf

  1. … 1 more file in changeset.
Fixed serious bug killing at least short-text questions in inclass exam

The bug was introduced in [1], by testing for the existence of the

disabled attribute, and when it exists, it was omitting values

reading. The problem is that when form-fields are reset, the

"disabled" attribute is set to 0, leading the exists check to

succeed. In essence, This change sets now the default value of the

form-field to "0", such that it is safe to test it everywhere.

Originally, it was not set by default to save resources (memory and

processing power), but this requires a more careful analysis when

changes happen.

[1] https://fisheye.openacs.org/browse/OpenACS/openacs-4/packages/xowiki/tcl/xowiki-www-procs.tcl?r1=1.368.2.125&r2=1.368.2.126

  1. … 1 more file in changeset.