• last updated 9 hours ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
it seems, that "-ulevel" is used more often than "-level"

  1. … 1 more file in changeset.
use "-level" instead of "-ulevel", since "-level" is used e.g. in

template::util::multirow_to_list or template::util::list_of_ns_sets_to_multirow

as well.

  1. … 1 more file in changeset.
Added switch "-ulevel" to proc "util::var_subst_quotehtml";

ad_form: quote form field values in validation error messages to prevent XSS attacks

  1. … 1 more file in changeset.
improve spelling

  1. … 14 more files in changeset.
fix typos

ad_form reform:

- use actual flags instead of parsing arguments all the time

- retrieve proc flags from ad_proc definition (TODO: have some api for this?)

- follow the thread of peculiar ad_form logic to fix new csrf signing feature

- improve documentation using @param instead of manual formatting

- leave some note to travellers in the code

    • -243
    • +229
    ./form-processing-procs.tcl
reflow overlong lines in comments

ad_form: Add optional parameter -csrf_protection_p (defaults to false)

white space changes

simplify code

improve security of ad_forms by binding request to a user

fix bracket in last commit

use usual idioms, white space changes

Greatly reduce complexity of code required to support -export flag for ad_form:

instead of juggle variables around to mimick export_vars, just set -export flag

value as a form property, then use the real export_vars on it later when form

is rendered. This will support all current features (e.g. :multiple, :sign, :array)

more reliably and reduce code duplication.

  1. … 1 more file in changeset.
improve wording

  1. … 7 more files in changeset.
make spelling of names more consistent

  1. … 5 more files in changeset.
Revert massive replacement of empty list creation sentences. The use of '[list]' instead of '{}' adds semantics that could be used for performance improvements in the future, such as using a different internal representation. There is already work in this direction, avoiding the generation of the string representation during comparison of empty strings (huge thanks to Stefan Sobernig for the pointer: https://core.tcl.tk/tcl/info/44527c632ed609c2).

  1. … 475 more files in changeset.
Prefer '{}' to '[list]' when creating empty lists

  1. … 71 more files in changeset.
Fix typos

  1. … 34 more files in changeset.
Fix typos

  1. … 14 more files in changeset.
Use consistently ad_script_abort after ad_return_error.

Removed incorrectly placed "--" between named parameter and its value

Bug fix: avoid confusion between command argument and option, when argument starts with "-"

  1. … 81 more files in changeset.
merged changes from the oacs-5-9 branch and resolved conflicts

  1. … 7834 more files in changeset.
Fix spelling errors

  1. … 22 more files in changeset.
- add validation against invalid host header fields

  1. … 3 more files in changeset.
Fix indentation from previous commit

Fixed problem when exporting empty variables pointed by Gustaf:

when one exported something like {{var ""} ... this was seen as absence of value,

so $var was searched for one in the caller scope. Hardened check for presence of an explicit value.

- only subst value, when it was provided explicitely in the "- -export" list. (see also change in www/register/user-new.tcl in http://cvs.openacs.org/changelog/OpenACS?cs=oacs-5-9%3Agustafn%3A20160525130725)

- set port to default-port when switching proto to https behind a proxy

  1. … 1 more file in changeset.