Index: openacs-4/packages/acs-tcl/tcl/tcl-documentation-procs.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/acs-tcl/tcl/tcl-documentation-procs.tcl,v
diff -u -r1.36.2.11 -r1.36.2.12
--- openacs-4/packages/acs-tcl/tcl/tcl-documentation-procs.tcl 25 Sep 2015 08:42:42 -0000 1.36.2.11
+++ openacs-4/packages/acs-tcl/tcl/tcl-documentation-procs.tcl 8 Oct 2015 19:21:59 -0000 1.36.2.12
@@ -326,8 +326,8 @@
verify
Will invoke ad_verify_signature
to verify the value of the variable, to make sure it's the value that was output by us, and haven't been tampered with.
- If you use export_form_vars -sign
- or export_url_vars -sign to export the
+ If you use export_vars -form -sign
+ or export_vars -sign to export the
variable, use this flag to verify it. To verify a variable named foo, the verify flag
looks for a form variable named foo:sig. For a :multiple, it only expects one single
signature for the whole list. For :array it also expects one signature only, taken on the
@@ -1011,15 +1011,19 @@
if { ![info exists apc_internal_filter($formal_name:array)] } {
# This is not an array, verify the variable
if { ![info exists apc_signatures($formal_name)]
- || ![ad_verify_signature $var $apc_signatures($formal_name)]
+ || ![ad_verify_signature \
+ -secret [ns_config "ns/server/[ns_info server]/acs" parametersecret ""] \
+ $var $apc_signatures($formal_name)]
} {
ad_complain -key $formal_name:verify "[_ acs-tcl.lt_The_signature_for_the]"
continue
}
} else {
# This is an array: verify the [array get] form of the array
if { ![info exists apc_signatures($formal_name)]
- || ![ad_verify_signature [lsort [array get var]] $apc_signatures($formal_name)]
+ || ![ad_verify_signature \
+ -secret [ns_config "ns/server/[ns_info server]/acs" parametersecret ""] \
+ [lsort [array get var]] $apc_signatures($formal_name)]
} {
ad_complain -key $formal_name:verify "[_ acs-tcl.lt_The_signature_for_the]"
continue
Index: openacs-4/packages/acs-tcl/tcl/utilities-procs.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/acs-tcl/tcl/utilities-procs.tcl,v
diff -u -r1.140.2.6 -r1.140.2.7
--- openacs-4/packages/acs-tcl/tcl/utilities-procs.tcl 17 Sep 2015 07:26:11 -0000 1.140.2.6
+++ openacs-4/packages/acs-tcl/tcl/utilities-procs.tcl 8 Oct 2015 19:21:59 -0000 1.140.2.7
@@ -762,11 +762,16 @@
if { $precedence_type ne "exclude" } {
foreach flag [split [lindex $name_spec 1] ","] {
- set exp_flag($name:$flag) 1
+ ns_log notice "process flag '$flag'"
+ set exp_flag($name:$flag) 0
+ if {[regexp {^(\w+)[\(](.+)[\)]$} $flag . flag value]} {
+ ns_log notice "set value [list set exp_flag($name:$flag) $value]"
+ set exp_flag($name:$flag) $value
+ }
}
if { $sign_p } {
- set exp_flag($name:sign) 1
+ set exp_flag($name:sign) 0
}
if { [llength $var_spec] > 1 } {
@@ -793,7 +798,7 @@
# If no_empty_p isn't set, just do an array get
set exp_value($name) [array get upvar_variable]
}
- set exp_flag($name:array) 1
+ set exp_flag($name:array) 0
} else {
if { [info exists exp_flag($name:array)] } {
return -code error "Variable \"$name\" is not an array"
@@ -857,8 +862,8 @@
# very first time I tried to sign an array passed to a page that used
# ad_page_contract to verify the veracity of the parameter.
- ns_set put $export_set "$name:sig" [ad_sign [lsort $exp_value($name)]]
-
+ ns_set put $export_set "$name:sig" \
+ [export_vars_sign -params $exp_flag($name:sign) [lsort $exp_value($name)]]
}
} else {
if { [info exists exp_flag($name:multiple)] } {
@@ -869,7 +874,8 @@
ns_set put $export_set $name "$exp_value($name)"
}
if { [info exists exp_flag($name:sign)] } {
- ns_set put $export_set "$name:sig" [ad_sign $exp_value($name)]
+ ns_set put $export_set "$name:sig" \
+ [export_vars_sign -params $exp_flag($name:sign) $exp_value($name)]
}
}
}
@@ -927,6 +933,24 @@
return $export_string
}
+ad_proc -private export_vars_sign {
+ {-params ""}
+ value
+} {
+ Call ad_sign parameterized via max_age and secret specified in urlencoding
+} {
+ set max_age ""
+ set secret [ns_config "ns/server/[ns_info server]/acs" parametersecret ""]
+ foreach def [split $params &] {
+ lassign [split $def =] key val
+ switch $key {
+ max_age -
+ secret {set $key [ad_urldecode_query $val]}
+ }
+ }
+ ns_log notice [list ad_sign -max_age $max_age -secret $secret $value]
+ return [ad_sign -max_age $max_age -secret $secret $value]
+}
ad_proc -deprecated ad_export_vars {