OpenACS / openacs-4 / packages / acs-tcl / tcl

security-procs.tcl

Tools

Line History

Line Count Graph
Line Count Graph

Stats

Commits this week: 0
Total Committers: 22
Last Commit: 17 May
Commits this week: 0
Total Lines of Code (LoC): 2,822
Net change in LoC this week: 0

Commit Activity

Commits By Day In Week
52 week commits volume
Commits By Day In Week
Commits by day
Commits By Day In Week
Commits by hour
Commits By Hour In Day
Commit calendar
 

Most active committers (90 days)

loading
loading
  • last updated 7 hours ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
Monday 29 Aug 2016
1:42 pm

gustafn

- address bug #3293: actual code in oacs-5-9 used full host header

(from request header fields) which might contain port.

db-query is now performed without the optional port

- improve Tcl coding (use defaults, break long lines)

Options
    • -9
    • +12
    ./security-procs.tcl
Saturday 20 Aug 2016
8:58 am

gustafn

- security::validated_host_header: Handle aliases for locations, which cannot be determined from config files, but which are supposed to be ok

Options
    • -1
    • +14
    ./security-procs.tcl
Friday 19 Aug 2016
5:27 pm

gustafn

- don't report urls in security::locations obtained form https drivers which loaded but not listening (identifiable via port number 0)

Options
    • -4
    • +15
    ./security-procs.tcl
Wednesday 08 Jun 2016
9:17 am

gustafn

- unset coockies with the same "-secure" setting, which was used when creating it (differed for ad_session_id and ad_user_login).

Options
    • -3
    • +3
    ./security-procs.tcl
Tuesday 07 Jun 2016
11:34 am

gustafn

- improve documentation

Options
    • -11
    • +19
    ./security-procs.tcl
Saturday 04 Jun 2016
1:10 pm

gustafn

- improve behavior on invalid host headers and comment the purpose in more detail

Options
    • -2
    • +20
    ./security-procs.tcl
  2. … 1 more file in changeset.
Monday 30 May 2016
3:26 pm

gustafn

- allow empty port from provided host header

Options
    • -2
    • +3
    ./security-procs.tcl
3:07 pm

gustafn

- add validation against invalid host header fields

Options
    • -2
    • +104
    ./security-procs.tcl
  2. … 3 more files in changeset.
Tuesday 24 May 2016
11:16 am

gustafn

- make ::security::csrf::token public

Options
    • -2
    • +2
    ./security-procs.tcl
Monday 23 May 2016
12:01 pm

gustafn

- modularize CSRF handling

Options
    • -79
    • +118
    ./security-procs.tcl
Sunday 22 May 2016
9:20 pm

gustafn

- add infrastructure support for CSRF protection

Options
    • -10
    • +111
    ./security-procs.tcl
Tuesday 23 Feb 2016
2:51 pm

gustafn

- set always token_id, when it is passed as ""

Options
    • -6
    • +5
    ./security-procs.tcl
Saturday 02 Jan 2016
9:42 pm

gustafn

- prefer braces around sql statements

Options
    • -4
    • +4
    ./security-procs.tcl
  2. … 3 more files in changeset.
1:46 am

gustafn

.xql-file reform of acs-tcl (part 1)

- remove sql statements from the code, where these are provided via .xql

- prefer empty sql statements over various forms of *SQL*

Options
    • -15
    • +3
    ./security-procs.tcl
  2. … 7 more files in changeset.
Tuesday 20 Oct 2015
10:01 am

gustafn

- no need to use backslash for continuation between curly brackets

- improve readability of code

- modernize tcl

Options
    • -6
    • +7
    ./security-procs.tcl
  2. … 13 more files in changeset.
Monday 19 Oct 2015
11:03 am

gustafn

- reduce verbosity

Options
    • -5
    • +5
    ./security-procs.tcl
Wednesday 14 Oct 2015
11:26 am

gustafn

- in case a secret is passed explicitly to ad_get_signed_cookie/ad_get_signed_cookie_with_expr, pass it further to signing functions (was missing, many thanks to Franz Penz for reporting)

Options
    • -3
    • +3
    ./security-procs.tcl
Sunday 20 Sep 2015
11:59 am

gustafn

- improve API documentation

Options
    • -3
    • +4
    ./security-procs.tcl
11:28 am

gustafn

- return default instead of "" in case a lookup fails or not configured

Options
    • -4
    • +4
    ./security-procs.tcl
Tuesday 30 Jun 2015
11:14 pm

gustafn

- use stored procedure sec_session_property__upsert

Options
    • -20
    • +28
    ./security-procs.tcl
  2. … 2 more files in changeset.
Saturday 27 Jun 2015
7:32 pm

gustafn

- standardize url construction to protect against injection attacks

Options
    • -1
    • +4
    ./security-procs.tcl
  2. … 5 more files in changeset.
Monday 27 Apr 2015
5:28 pm

victorg

Merging back to HEAD all changes that happened in branch oacs-5-8 between tags: vg-merge-oacs-5-8-from-20141027 and vg-merge-oacs-5-8-from-20150427

Options
    • -8
    • +20
    ./security-procs.tcl
  2. … 520 more files in changeset.
Friday 20 Feb 2015
3:58 pm

gustafn

- address bugs #3244 and #3245

Options
    • -8
    • +20
    ./security-procs.tcl
  2. … 1 more file in changeset.
Wednesday 19 Nov 2014
8:22 am

gustafn

- handle case, where driver is loaded, but not started. Recent NaviServer uses for this case port == 0

Options
    • -2
    • +2
    ./security-procs.tcl
Monday 27 Oct 2014
5:38 pm

victorg

Merging back to HEAD branch oacs-5-8 (using tag vg-merge-oacs-5-8-from-20141027).

Options
    • -375
    • +356
    ./security-procs.tcl
  2. … 2547 more files in changeset.
Sunday 19 Oct 2014
9:46 pm

gustafn

- don't look for configuraton parameter "Hostname", but use "hostname" as used in the sample configfiles

Options
    • -3
    • +3
    ./security-procs.tcl
Tuesday 09 Sep 2014
10:31 am

gustafn

- change spelling of TCL to Tcl

- change requirements to Tcl 8.5

Options
    • -3
    • +3
    ./security-procs.tcl
  2. … 64 more files in changeset.
Tuesday 26 Aug 2014
3:25 pm

gustafn

- only variables in a non-top namespace survive session cleanup. The logic of the old code assumed that global variables survive the request-cleanup. now, the cached values is kept in the ::acs::* namespace

Options
    • -7
    • +7
    ./security-procs.tcl
Wednesday 30 Jul 2014
1:22 pm

gustafn

- undo previous secure-cookie change since it interacts badly in situations where "RestrictLoginToSSLP" is "1" and https is available: In such cases, e.g. the login page is redirected from a http (insecure) url to an https (secure) page. But when later continuing on the http connection, the user appears to be not logged in, since a well-behaved browser does not send the "secure" login coockie over the insecure connection.

Options
    • -3
    • +3
    ./security-procs.tcl
12:37 pm

gustafn

- white space changes: replace tabs by spaces

Options
    • -233
    • +250
    ./security-procs.tcl