• last updated 1 hour ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
- replace deprecated "philg_quote_double_quotes" by "ad_quotehtml"

- fix incorrect message key names

- new function ::xo::getObjectProperty to abstract from xotcl and nx

- make use of new function at several places

- improve robustness against outdated links

- fix double-quoting

- fix leak of file handle (opened file was never closed)

- don't prodice 500 status when passed filename does not exists

- fix display of SQL files in package_view

- fix for bug #2769

- avoid error messages in log file after internal_redirect

- improve clarity of the code

- allow form-fields from other packages to specify the message key prefix (package_key) for nationalized validator messages

- allow form-fields from other packages to specify the message key prefix (package_key) for nationalized validator messages

- use tcl 8.5 idioms to improve readability and performance

- show lib files in api browser (this fixes bug #2422)

- make content-page-view more robust in case packages are e.g. deinstalled, or invalid ids are passed in

- fix output of descriptions into catalog files

- add missing message key

- reduce verbosity

- raise limit in html/text processing from 1000 to 3000 in "loop detection"

- improve performance by byte-code-compiling expressions

- use more tcl8.5 idioms

- need better glasses

- modernize tcl

- make proc-view more robust in case packages are e.g. deinstalled, or invalid ids are passed in

- mark util_ReturnMetaRefresh deprecated as indicated in http://openacs.org/forums/message-view?message_id=121704

- replace deprecated "template::util::quote_html" by "ad_quotehtml"

- mark template::util::quote_html as deprecated as argued in bug #2736 and replace it by ad_quotehtml

- fix bug #3179

- include always vuh in ExtensionPrecedence to preserve documented sematics

- fix bug and potential security hole: before this patch, OpenACS was trying to serve files with arbitrary extensions (i.e. not included in the kernel parameter ExtensionPrecedence) in case the requested file was not found. This is quite dangerous and breaks e.g. the listing of openacs.org/repository (which is a directory), since the directory is moved every night into openacs.org/repository.bak. With the given logic, it tries to server the .bak directory as a file (which does of course not work). That blind logic is not inecessary, and is actually a potential attack vector.

- fix bug, when api-browser is called with ad_proc stub (like e.g api-doc/proc-view?proc=form&source_p=1)

- fix quoting of xql files (fixes bug #2302)

- content-page-view: fix cases, where non-existing file is passed in