• last updated 9 hours ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
- handle invalid input message from bug-tracker via datasource error (not perfect, but better)

- avoid potential recursive loop in error handler

- hardening page contract to avoid attack vectors

- stenghten page contract to avoid attack vactors

- protect against DOS attack with large values of m

- hardening page contract to prevent potential XSS attack

- protect against a potential XSS attack

- prevent potential sql injection attack

- hardening pacge contract (fix potential XSS attack)

    • -2
    • +2
    /openacs-4/packages/calendar/www/view.tcl
- fix potential traversal attack

- hardinging page contracts

    • -4
    • +3
    /openacs-4/packages/search/www/search.tcl
- improve error message and error handling on ad_script_abort

    • -5
    • +8
    /openacs-4/packages/xowiki/tcl/xowiki-procs.tcl
- hardening page contracts

- make sure, url is always set

- fix robustness on mangeled query parameters

- strengthen page contract

- revise last patch

- - fix bug, when "description" is not set either

CVS: ----------------------------------------------------------------------

*** empty log message ***

- raise error, when xowiki package is initialized with an incorrect provided package_id (... and it creates a root folder for that package)

    • -17
    • +28
    /openacs-4/packages/xowiki/tcl/package-procs.tcl
- improve configurability of BootstrapNavbarModeButton

- add example, how to style Bootstrap Navbar buttons

*** empty log message ***

- revise the recent folder-path fix: don't renvode the whole path, but only path segoments (many thank to thomas renner for the fix)

    • -3
    • +3
    /openacs-4/packages/xowiki/tcl/package-procs.tcl
- never call util_memoize with string substitions, but use [list] instead

- fix bug, which occurs, when dotlrn/configure is called, when use is not logged in (portal::get_name returns a runtime error)

- reduce graph size for form-field "current_state"

- allow to specify object_type in new_link method

- bump version number to 5.9.1d6

    • -2
    • +2
    /openacs-4/packages/xowiki/xowiki.info
    • -8
    • +12
    /openacs-4/packages/xowiki/tcl/xowiki-procs.tcl
- improve date checker

    • -1
    • +1
    /openacs-4/packages/xowiki/tcl/weblog-procs.tcl
- fix autoform loader

- bump version to 5.9.1d3

    • -2
    • +4
    /openacs-4/packages/xowf/tcl/xowf-procs.tcl
- improve robustness against invalid input