Provide facilities to validate against invalid SQL strings
We introduce a new page contract filter and nsf validator called "dbtext". They implement enforcing of a value to be useable in an SQL query. Currently, this means that the value should not contain the NUL character, but the definition may change in the future or become database-specific. The html contract filter has also be extended to reject the NUL character.
The test suite has been updated/extended to reflect the changes.
Reform of error handling in ad_page_contract when template recursion is detected
A "complaint recursion" happens if a validation error takes place in one of the templates used while rendering the error page (for instance, anything we include in the master template or the master template itself). Previously, we would give up complaining after 10 recursions were detected. This had the consequence that after 10 attempt, the failing template involved in rendering the complaint would be fed the invalid data we were trying to reject.
Now, we complain and stop the execution as soon as a recursion is detected. The error will be rendered in a very basic way that overrides the templating system, so that we can exit the recursion cycle.
In practice, only malicious page manipulation attempts should be affected by this change.