OpenACS / openacs-4 / packages / xotcl-core / tcl

context-procs.tcl

Tools

Line History

Line Count Graph
Line Count Graph

Stats

Commits this week: 0
Total Committers: 5
Last Commit: 12 Jun
Commits this week: 0
Total Lines of Code (LoC): 822
Net change in LoC this week: 0

Commit Activity

Commits By Day In Week
52 week commits volume
Commits By Day In Week
Commits by day
Commits By Day In Week
Commits by hour
Commits By Hour In Day
Commit calendar
 

Most active committers (90 days)

loading
loading
  • last updated 1 hour ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
Wednesday 16 Oct 2024
11:21 am

gustafn

Added code to skip suspicious looking query variables

On openacs.org, we are experiencing numerous requests with

multiply very long and strange query variables like in the example

below. So far, it is not clear, whether these requests are the

consequence of a double encoding or a deliberate attack. Many (most)

of the requests contain the query variable names containing the

(decoded) pattern "*amp;*".

This is a relatively new phenomenon. I cannot exclude that this is a

bug introduced lately in OpenACS, or a bug in an external bot, or

whatever. The problem with these query variables is that OpenACS

propagates these further, e.g., when updating query variables in

ad_dimensional, via export_vars, or return_urls.

Since OpenACS never uses these query-variables, these can be safely

skipped, without loosing functionality in OpenACS. It is possible to

construct examples, where skipping such variables can change the

semantics. Therefore, the change introduces a single function

util::suspicious_query_variable where in case of problems, the

skipping feature can be deactivated.

GET /api-doc/proc-browse?amp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3btype=All&amp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3borderby=name&type=All&amp%3btype=All&amp%3bamp%3btype=All&amp%3bamp%3bamp%3btype=All&amp%3bamp%3bamp%3bamp%3btype=All&amp%3bamp%3bamp%3bamp%3bamp%3btype=All&amp%3bamp%3bamp%3bamp%3bamp%3bamp%3btype=All&amp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3btype=All&amp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3btype=All&amp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3borderby=name&amp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3btype=Private&amp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3btype=All&amp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3btype=All&amp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3btype=All&amp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3borderby=name&amp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3btype=All HTTP/1.1" 200 62378 "" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/605.1.15 (KHTML, like Gecko; compatible; FriendlyCrawler/1.0) Chrome/120.0.6099.216 Safari/605.1.15" "1729029614.331581 0.109805 0.000434 0.004026 0.215927

Options
    • -6
    • +12
    ./context-procs.tcl
  2. … 6 more files in changeset.
Tuesday 08 Oct 2024
5:04 pm

antoniop

Prefer unset to array unset when the whole array should be deleted

See https://wiki.tcl-lang.org/page/Dict+VS+Array+Speed

Options
    • -2
    • +2
    ./context-procs.tcl
  2. … 7 more files in changeset.
Wednesday 11 Sep 2024
8:11 am

gustafn

merge with missing files

Options
    • -0
    • +0
    ./context-procs.tcl
  2. … 1464 more files in changeset.
Tuesday 03 Sep 2024
5:37 pm

gustafn

merge from oacs-5-10

Options
    • -178
    • +403
    ./context-procs.tcl
  2. … 8099 more files in changeset.
Sunday 05 Aug 2018
11:09 pm

gustafn

improve spelling

Options
    • -2
    • +2
    ./context-procs.tcl
  2. … 8 more files in changeset.
Monday 11 Jun 2018
11:14 am

gustafn

improve spelling

Options
    • -2
    • +2
    ./context-procs.tcl
  2. … 12 more files in changeset.
Sunday 20 May 2018
1:23 pm

gustafn

improving comments

Options
    • -3
    • +5
    ./context-procs.tcl
  2. … 3 more files in changeset.
Monday 30 Apr 2018
11:38 am

gustafn

improve spelling

Options
    • -4
    • +4
    ./context-procs.tcl
  2. … 7 more files in changeset.
Wednesday 21 Mar 2018
8:52 pm

gustafn

prefer XOTcl2 idioms

Options
    • -2
    • +2
    ./context-procs.tcl
  2. … 4 more files in changeset.
Sunday 24 Dec 2017
1:28 pm

gustafn

Reduce numbber of "catch" operations

Options
    • -10
    • +12
    ./context-procs.tcl
  2. … 8 more files in changeset.
Wednesday 13 Dec 2017
9:42 pm

gustafn

Use consistently xo::library to ensure application specific subclassability

Options
    • -2
    • +6
    ./context-procs.tcl
  2. … 13 more files in changeset.
Wednesday 04 Oct 2017
10:53 am

trenner

fix typo

Options
    • -3
    • +3
    ./context-procs.tcl
Sunday 01 Oct 2017
1:57 pm

gustafn

Prefer XOTcl 2.0 idioms

Options
    • -123
    • +115
    ./context-procs.tcl
  2. … 2 more files in changeset.
Tuesday 08 Aug 2017
1:47 am

gustafn

merged changes from the oacs-5-9 branch and resolved conflicts

Options
    • -14
    • +15
    ./context-procs.tcl
  2. … 7834 more files in changeset.
Monday 27 Apr 2015
5:28 pm

victorg

Merging back to HEAD all changes that happened in branch oacs-5-8 between tags: vg-merge-oacs-5-8-from-20141027 and vg-merge-oacs-5-8-from-20150427

Options
    • -14
    • +29
    ./context-procs.tcl
  2. … 520 more files in changeset.
Monday 27 Oct 2014
5:38 pm

victorg

Merging back to HEAD branch oacs-5-8 (using tag vg-merge-oacs-5-8-from-20141027).

Options
    • -32
    • +43
    ./context-procs.tcl
  2. … 2547 more files in changeset.
Monday 12 Aug 2013
10:01 pm

gustafn

- use more tcl 8.5 idioms

Options
    • -2
    • +2
    ./context-procs.tcl
  2. … 6 more files in changeset.
Monday 12 Nov 2012
3:37 pm

victorg

Removing unneeded --

Options
    • -2
    • +2
    ./context-procs.tcl
Friday 02 Nov 2012
12:06 am

gustafn

- define global variable ::xo::naviserver for quick test, whether we are running under NaviServer

- fix ns_ur[en|de]code of "--" and "-charset" etc. This fixes the behavior of NaviServer, which has a "--" option terminator

Options
    • -6
    • +16
    ./context-procs.tcl
  2. … 2 more files in changeset.
Sunday 30 Sep 2012
12:44 pm

gustafn

- make sure to avoid namespace overwrite due to form-vars with colons

Options
    • -3
    • +3
    ./context-procs.tcl
Friday 30 Mar 2012
11:13 am

gustafn

- don't throw errors in scheduled procs, when no actual query paramters are available

Options
    • -2
    • +4
    ./context-procs.tcl
Saturday 28 May 2011
7:15 pm

gustafn

- fix pattern for mobile detection, include form paramteres only for POST

Options
    • -3
    • +5
    ./context-procs.tcl
Thursday 26 May 2011
7:29 pm

gustafn

- add simple mobile detection

Options
    • -1
    • +10
    ./context-procs.tcl
Wednesday 23 Feb 2011
1:32 pm

gustafn

- handle potential enconding problems in update_query

Options
    • -2
    • +2
    ./context-procs.tcl
Monday 12 Jul 2010
4:38 pm

gustafn

- don't set query-variables with empty names

Options
    • -3
    • +5
    ./context-procs.tcl
Friday 18 Jun 2010
12:26 pm

gustafn

- added method ::xo::update_query (more conveniant than ::xo::update_query_var)

- bumped version number to 0.115

Options
    • -2
    • +19
    ./context-procs.tcl
  2. … 2 more files in changeset.
Tuesday 01 Jun 2010
10:43 am

victorg

Rolling back previous commit. http://cvs.openacs.org/changelog/OpenACS?cs=MAIN:victorg:20100531141048

Options
    • -13
    • +3
    ./context-procs.tcl
Monday 31 May 2010
4:10 pm

victorg

Falling back to locale en_US and charset UTF-8 in case there is an error fetching them.

Options
    • -3
    • +13
    ./context-procs.tcl
Monday 17 May 2010
11:13 am

gustafn

- make require_package_id_from_url more robust in cases, where the url is not provided (e.g. empty)

Options
    • -11
    • +13
    ./context-procs.tcl
Wednesday 28 Apr 2010
2:17 pm

gustafn

- fix typo in comment

Options
    • -2
    • +2
    ./context-procs.tcl
  2. … 1 more file in changeset.