request-processor-procs.tcl

  • last updated 2 hours ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
added a partial backwards compatibility implementation of for ns_baseunit (as used in request processor)

  1. … 1 more file in changeset.
move broken procs based on undefined function to decprecated procs and comment it out

  1. … 2 more files in changeset.
Fix typo

Streamline idiom and merge if condition

mitigate attacks, where the referer header field is changed to a malicious value

The problem does not exist, when CSP is defined properly.

Many thanks to Frank Bergmann for sharing the pen-test protocol

  1. … 2 more files in changeset.
Add missing argument expansion and comply with automated test

prettify error message

fixed bug in redirects and disabled acs-testing package, changed node info from array to dict

Fix expression to the original intention: check if ns_conn url ends by ad_conn extra_url

fix once more handling of internal redirects in error cases

many thanks to thomas renner!

Fixed a bug in the request processor, when URL is /%3F

The problem was that /%3F corresponds to a URL which is literally '/?'

(question mark is not the separator for query variables). In this case

a "string match" operation to determine the suffix based on this

string will lead to unexpected characters since '?' is a match

character. This lead in turn to a problem with redirects to the

internally redirect of custom error pages. So, in this case (and

probably others) the custom error page was not displayed.

improve comments

added minor debugging aids, make disk-cache more similar to ns_cache

  1. … 2 more files in changeset.
Make api public, complies with acs-api-browser.graph__bad_calls automated test

  1. … 4 more files in changeset.
mark functions called only internally as private

  1. … 15 more files in changeset.
make use of built-in reverse proxy mode of newer versions of NaviServer

  1. … 1 more file in changeset.
make end of options explicit

  1. … 42 more files in changeset.
improve spelling (follow LDP)

  1. … 15 more files in changeset.
avoid to try to return an error to client in request processor when connection was already closed

Prefer 'namespace which' over 'info commands', as it is faster (on local tests, around 2x) and returns a single value. Many thanks to Nathan Coulter.

  1. … 58 more files in changeset.
added "ad_conn bot_p" to check, whether request was initiated by a bot

This feature is based on a simple heuristic based on the user-agent

(which can be certainly extended). It is useful to avoid e.g. Google

bot to run into "notifications subscribe" + login attempts, which

are useful for not-logged-in user, but not for bots. These attemps

lead to failures in google statistics that might reduce the google

ranking of a web site.

  1. … 2 more files in changeset.
improve handling of errors, which are triggerd by the error template

fix typo

introduced "ad_file" as a means to avoid unexpected tilde substitution in file names

  1. … 50 more files in changeset.
improve spelling: move closer to the linux documentation recommendations

  1. … 34 more files in changeset.
improve comments and spelling

  1. … 2 more files in changeset.
provide better recovery from internal redirects, where ::ad_conn is not available

provide better handling of deactivated packages

use dot instead of colon as separator between package name and cache key to ease readability

  1. … 10 more files in changeset.
acs::per_thread_cache: standardize per-thread caching

- added per-thread cache based on namespaced Tcl variables.

- use per-thread-cache on several occasions

- bump version number of acs-tcl to 5.10.0d34

  1. … 14 more files in changeset.