Index: openacs-4/packages/acs-tcl/tcl/request-processor-procs.tcl =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/acs-tcl/tcl/request-processor-procs.tcl,v diff -u -r1.12 -r1.13 --- openacs-4/packages/acs-tcl/tcl/request-processor-procs.tcl 20 Aug 2002 12:39:46 -0000 1.12 +++ openacs-4/packages/acs-tcl/tcl/request-processor-procs.tcl 2 Sep 2002 13:20:39 -0000 1.13 @@ -632,11 +632,11 @@ } else { set auto_report 1 ns_returnerror 200 " -
+ [export_form_vars error_url error_info] This file has generated an error. - -
+ +
[ns_quotehtml $error_info]
[ad_footer]" } } else { Index: openacs-4/packages/acs-tcl/tcl/table-display-procs.tcl =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/acs-tcl/tcl/Attic/table-display-procs.tcl,v diff -u -r1.5 -r1.6 --- openacs-4/packages/acs-tcl/tcl/table-display-procs.tcl 19 Aug 2002 23:46:50 -0000 1.5 +++ openacs-4/packages/acs-tcl/tcl/table-display-procs.tcl 2 Sep 2002 13:20:39 -0000 1.6 @@ -57,7 +57,7 @@ set url [ad_conn url] } - append html "\n\n" + append html "
\n\n" foreach option $option_list { append html " \n" @@ -67,7 +67,7 @@ append html "\n" foreach option $option_list { - append html " \n" } else { - set Trow_default "\n" + set Trow_default "\n" } } else { set Trow_default "\n" @@ -450,12 +450,12 @@ set Tcolumn [lindex $Tcol 0] switch $Tformat { "" {set Tdisplay_field " \n"} - r {set Tdisplay_field " \n"} - l {set Tdisplay_field " \n"} - c {set Tdisplay_field " \n"} - tf {set Tdisplay_field " \n"} - 01 {set Tdisplay_field " \n"} - bz {set Tdisplay_field " \n"} + r {set Tdisplay_field " \n"} + l {set Tdisplay_field " \n"} + c {set Tdisplay_field " \n"} + tf {set Tdisplay_field " \n"} + 01 {set Tdisplay_field " \n"} + bz {set Tdisplay_field " \n"} default {set Tdisplay_field " [subst $Tformat]\n"} } @@ -561,11 +561,11 @@ } } -proc_doc ad_table_span {str {td_html "align=left"}} { +proc_doc ad_table_span {str {td_html "align=\"left\""}} { given string the function generates a row which spans the whole table. } { - return "" + return "" } proc_doc ad_table_form {datadef {type select} {return_url {}} {item_group {}} {item {}} {columns {}} {allowed {}}} { @@ -592,9 +592,9 @@ # now spit out the form fragment. if {![empty_string_p $item]} { append html "

Editing $item

" - append html "" - append html "" - append html "" + append html "" + append html "" + append html "" append html "[export_form_vars item_group item]" if {![empty_string_p $return_url]} { append html "[export_form_vars return_url]" @@ -614,13 +614,13 @@ if {![empty_string_p $item]} { set item_original $item append html "[export_form_vars item_original]" - append html "" + append html "" } else { - append html "" + append html "" } append html "
[lindex $option 1]
\[" + append html " \[" # find out what the current option value is. # check if a default is set otherwise the first value is used @@ -194,7 +194,7 @@ -Tmax_rows 0 -Ttable_extra_html {} -Theader_row_extra {bgcolor="#f8f8f8"} - -Ttable_break_html "

" + -Ttable_break_html "

" -Tpre_row_code {} -Trow_code {[subst $Trow_default]} -Tpost_data_ns_sets {} @@ -434,7 +434,7 @@ if {[empty_string_p [lindex $Tband_colors $Tband_color]]} { set Trow_default "

[set $Tcolumn][set $Tcolumn][set $Tcolumn][set $Tcolumn][util_PrettyBoolean [set $Tcolumn]][util_PrettyTclBoolean [set $Tcolumn]] [blank_zero [set $Tcolumn]][set $Tcolumn][set $Tcolumn][set $Tcolumn][util_PrettyBoolean [set $Tcolumn]][util_PrettyTclBoolean [set $Tcolumn]] [blank_zero [set $Tcolumn]]
$str
$str
" - append html "" + append html "" if {![empty_string_p $item]} { set item_original item append html "[export_form_vars item_original]" @@ -629,15 +629,15 @@ if {[string compare $type select] == 0} { # select table - set options "" foreach opt $sel_list { - append options " " } for {set i 0} { $i < $max_columns} {incr i} { if {$i < $n_sel_columns} { set match [lindex [lindex $datadef [lindex $sel_columns $i]] 0] - regsub "(" + append options "" } for {set i 0} { $i < $max_columns} {incr i} { if {$i < $n_sel_columns} { set match [lindex [lindex $datadef [lindex $sel_columns $i]] 0] - regsub "( type=radio )(value=\"$match\">)" $options "\\1 checked \\2" out + regsub "( type=\"radio\" )(value=\"$match\">)" $options "\\1 checked=\"checked\" \\2" out } else { set out $options } @@ -717,9 +717,9 @@ # now spit out the form fragment. if {![empty_string_p $item]} { append html "

Editing $item

" - append html "" - append html "" - append html "" + append html "" + append html "" + append html "" append html "[export_form_vars item_group item]" if {![empty_string_p $return_url]} { append html "[export_form_vars return_url]" @@ -739,38 +739,38 @@ if {![empty_string_p $item]} { set item_original $item append html "[export_form_vars item_original]" - append html "" + append html "" } else { - append html "" + append html "" } append html "
Name:
Name:
" - append html "" + append html "" if {![empty_string_p $item]} { set item_original item append html "[export_form_vars item_original]" append html "" } - set options "" foreach opt $sel_list { - append options " " } for {set i 0} { $i < $max_columns} {incr i} { if {$i < $n_sel_columns} { set match [lindex $sel_columns $i] - regsub "(\n" Index: openacs-4/packages/acs-tcl/tcl/tcl-documentation-procs.tcl =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/acs-tcl/tcl/tcl-documentation-procs.tcl,v diff -u -r1.2 -r1.3 --- openacs-4/packages/acs-tcl/tcl/tcl-documentation-procs.tcl 9 Feb 2002 02:33:35 -0000 1.2 +++ openacs-4/packages/acs-tcl/tcl/tcl-documentation-procs.tcl 2 Sep 2002 13:20:39 -0000 1.3 @@ -279,8 +279,8 @@ An argspec takes one of two forms, depending on whether there's a default value or not:
    -
  1. {name[:flag,flag,flag] default}
    -
  2. name[:flag,flag,flag]
    +
  3. {name[:flag,flag,flag] default}
    4. +
  4. name[:flag,flag,flag]

@@ -1082,7 +1082,7 @@ upvar 1 $return_errors error_list set error_list [ad_complaints_get_list] } else { - ad_return_complaint [ad_complaints_count] "

  • [join [ad_complaints_get_list] "\n
  • "]" + ad_return_complaint [ad_complaints_count] "
  • [join [ad_complaints_get_list] "
    • \n
  • "]
    • \n" ad_script_abort } } Index: openacs-4/packages/acs-tcl/tcl/utilities-procs.tcl =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/acs-tcl/tcl/utilities-procs.tcl,v diff -u -r1.12 -r1.13 --- openacs-4/packages/acs-tcl/tcl/utilities-procs.tcl 2 Sep 2002 08:17:26 -0000 1.12 +++ openacs-4/packages/acs-tcl/tcl/utilities-procs.tcl 2 Sep 2002 13:20:39 -0000 1.13 @@ -32,27 +32,27 @@ ns_log Notice $message } -# stuff to process the data that comes -# back from the users - -# if the form looked like -# and -# then after you run this function you'll have Tcl vars -# $foo and $bar set to whatever the user typed in the form - -# this uses the initially nauseating but ultimately delicious -# Tcl system function "uplevel" that lets a subroutine bash -# the environment and local vars of its caller. It ain't Common Lisp... - -# This is an ad-hoc check to make sure users aren't trying to pass in -# "naughty" form variables in an effort to hack the database by passing -# in SQL. It is called in all instances where a Tcl variable -# is set from a form variable. - proc_doc check_for_form_variable_naughtiness { name value } { + stuff to process the data that comes + back from the users + + if the form looked like + and + then after you run this function you'll have Tcl vars + $foo and $bar set to whatever the user typed in the form + + this uses the initially nauseating but ultimately delicious + tcl system function "uplevel" that lets a subroutine bash + the environment and local vars of its caller. It ain't Common Lisp... + + This is an ad-hoc check to make sure users aren't trying to pass in + "naughty" form variables in an effort to hack the database by passing + in SQL. It is called in all instances where a Tcl variable + is set from a form variable. + Checks the given variable for against known form variable exploits. If it finds anything objectionable, it throws an error. } { @@ -385,7 +385,8 @@ 
     	$errmsg
    - " + +

    " return } @@ -672,9 +673,9 @@ foreach option $options { if { [string compare $option $select_option] == 0 } { - append select_options "\n" } else { - append select_options "\n" } } return $select_options @@ -707,9 +708,9 @@ foreach option $options { if { [string compare $select_option [lindex $option $value_index]] == 0 } { - append select_options "\n" } else { - append select_options "\n" } } return $select_options @@ -997,7 +998,7 @@ set export_string [join $export_list "&"] } else { for { set i 0 } { $i < $export_size } { incr i } { - append export_string "\n" + append export_string "\n" } } @@ -1148,8 +1149,8 @@ } else { set export_list [list] foreach varname [array names export] { - lappend export_list "" + lappend export_list "" } return [join $export_list \n] } @@ -1193,15 +1194,15 @@ switch $type { multiple { foreach item $value { - append hidden "\n" + append hidden "\n" } } default { - append hidden "\n" + append hidden "\n" } } if { $sign_p } { - append hidden "\n" + append hidden "\n" } } } @@ -1219,7 +1220,7 @@ for {set i 0} {$i<[ns_set size $the_form]} {incr i} { set varname [ns_set key $the_form $i] set varvalue [ns_set value $the_form $i] - append hidden "\n" + append hidden "\n" } } return $hidden @@ -1256,7 +1257,7 @@ if {$format == "url"} { return [join $return_list "&"] } else { - return "\n " + return "\n " } } @@ -1871,7 +1872,7 @@ ns_returnerror 500 [lindex $exception_list 0] return -code return } elseif { $n_exceptions > 1 } { - ns_returnerror 500 "
  • [join $exception_list "\n
  • "]\n" + ns_returnerror 500 "
  • [join $exception_list "
    • \n
  • "]
    • \n" return -code return } } @@ -1916,7 +1917,7 @@ if { $n_exceptions == 1 } { $complain_proc $n_exceptions [lindex $exception_list 0] } else { - $complain_proc $n_exceptions "
  • [join $exception_list "\n
  • "]\n" + $complain_proc $n_exceptions "
  • [join $exception_list "
    • \n
  • "]
    • \n" } return -code return } @@ -2365,10 +2366,10 @@ ReturnHeaders ns_write " - + - If your browser does not automatically redirect you, please go here. + If your browser does not automatically redirect you, please go here. " } @@ -2909,16 +2910,14 @@ proc ad_dateentrywidget {column {default_date "1940-11-03"}} { ns_share NS - set output "\n" for {set i 0} {$i < 12} {incr i} { - append output "\n" } - append output \ -"  " + append output "  " + return [ns_dbformvalueput $output $column date $default_date] } Index: openacs-4/packages/acs-tcl/tcl/widgets-procs.tcl =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/acs-tcl/tcl/widgets-procs.tcl,v diff -u -r1.2 -r1.3 --- openacs-4/packages/acs-tcl/tcl/widgets-procs.tcl 23 Oct 2001 20:13:10 -0000 1.2 +++ openacs-4/packages/acs-tcl/tcl/widgets-procs.tcl 2 Sep 2002 13:20:39 -0000 1.3 @@ -1,4 +1,4 @@ -ad_library { +1ad_library { UI widgets for use in forms, etc. @cvs-id $Id$ @@ -8,14 +8,14 @@ set widget_value "\n" - append output "\n" } else { - append retval "\n" } } } @@ -232,25 +229,25 @@ set value [ns_set value $selection 1] if { (!$multiple && [string compare $value $default] == 0) || ($multiple && [lsearch -exact $default $value] > -1)} { - append retval "\n" } else { - append retval "\n" } } if_no_rows { if {![empty_string_p $default]} { - return "\n" + return "\n" } else { return {} } } } if { $count == 1 || ($dbcount == 1 && $hidden_if_one_db) } { - return "$item\n" + return "$item\n" } else { - set select "
    Name:
    Name:
     Editing the name will rename the sort
    [expr $i + 1]" switch [lindex $direction $i] { asc { - append html "" + append html "" } default { - append html "" + append html "" } } @@ -949,7 +949,7 @@ proc_doc ad_custom_form {return_url item_group item} { sets up the head of a form to feed to /tools/form-custom.tcl } { - append html "\n" + append html "\n" if {![empty_string_p $return_url]} { append html "[export_form_vars return_url]\n" } @@ -958,7 +958,7 @@ } set item_original $item append html "[export_form_vars item_group item item_original]\n" - append html "" + append html "" } proc_doc ad_dimensional_settings {define current} { @@ -968,9 +968,9 @@ NB...this does not close either the table or the form... } { foreach opt $define { - append html "
    [lindex $opt 1]" - append html "
    [lindex $opt 1]" + append html "
      " + append out "  " } append out "
    \n" return $out