form-processing-procs.tcl

  • last updated 1 hour ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
ad_form: allow multiple files in 'template::widget::file' by using the 'multiple' attribute of the input tag, new on HTML5.

- Pass the 'multiple' flag to 'template::element::create', so it can be used by widgets to modify their behavior.

- Update 'template::element::create' doc.

- This opens the door to reducing the number of widgets by combining single and multivalued ones into one (for instance, 'multiselect' and 'select' widgets), in the same way the 'file' widget does now.

  1. … 2 more files in changeset.
it seems, that "-ulevel" is used more often than "-level"

  1. … 1 more file in changeset.
use "-level" instead of "-ulevel", since "-level" is used e.g. in

template::util::multirow_to_list or template::util::list_of_ns_sets_to_multirow

as well.

  1. … 1 more file in changeset.
Added switch "-ulevel" to proc "util::var_subst_quotehtml";

ad_form: quote form field values in validation error messages to prevent XSS attacks

  1. … 1 more file in changeset.
improve spelling

  1. … 14 more files in changeset.
fix typos

ad_form reform:

- use actual flags instead of parsing arguments all the time

- retrieve proc flags from ad_proc definition (TODO: have some api for this?)

- follow the thread of peculiar ad_form logic to fix new csrf signing feature

- improve documentation using @param instead of manual formatting

- leave some note to travellers in the code

    • -243
    • +229
    ./form-processing-procs.tcl
reflow overlong lines in comments

ad_form: Add optional parameter -csrf_protection_p (defaults to false)

white space changes

simplify code

improve security of ad_forms by binding request to a user

fix bracket in last commit

use usual idioms, white space changes

Greatly reduce complexity of code required to support -export flag for ad_form:

instead of juggle variables around to mimick export_vars, just set -export flag

value as a form property, then use the real export_vars on it later when form

is rendered. This will support all current features (e.g. :multiple, :sign, :array)

more reliably and reduce code duplication.

  1. … 1 more file in changeset.
improve wording

  1. … 7 more files in changeset.
make spelling of names more consistent

  1. … 5 more files in changeset.
Revert massive replacement of empty list creation sentences. The use of '[list]' instead of '{}' adds semantics that could be used for performance improvements in the future, such as using a different internal representation. There is already work in this direction, avoiding the generation of the string representation during comparison of empty strings (huge thanks to Stefan Sobernig for the pointer: https://core.tcl.tk/tcl/info/44527c632ed609c2).

  1. … 475 more files in changeset.
Prefer '{}' to '[list]' when creating empty lists

  1. … 71 more files in changeset.
Fix typos

  1. … 34 more files in changeset.
Fix typos

  1. … 14 more files in changeset.
Use consistently ad_script_abort after ad_return_error.

Removed incorrectly placed "--" between named parameter and its value

Bug fix: avoid confusion between command argument and option, when argument starts with "-"

  1. … 81 more files in changeset.
merged changes from the oacs-5-9 branch and resolved conflicts

  1. … 7834 more files in changeset.
Fix spelling errors

  1. … 22 more files in changeset.
- add validation against invalid host header fields

  1. … 3 more files in changeset.
Fix indentation from previous commit

Fixed problem when exporting empty variables pointed by Gustaf:

when one exported something like {{var ""} ... this was seen as absence of value,

so $var was searched for one in the caller scope. Hardened check for presence of an explicit value.

- only subst value, when it was provided explicitely in the "- -export" list. (see also change in www/register/user-new.tcl in http://cvs.openacs.org/changelog/OpenACS?cs=oacs-5-9%3Agustafn%3A20160525130725)