Activity OpenACS/openacs-4/packages/acs-tcl/tcl/tcl-documentation-procs.tcl

Tree
Accordion

Stats

Commits this week: 0

Total Committers:	16
Last Commit:	05 Apr
Commits this week:	0
Total Lines of Code (LoC):	2,311
Net change in LoC this week:	0

Commit Activity

last updated 10 hours ago

Constraints

Constraints: committers

Committer:

Log Comment:

Constraints: files

File Extension:

File Name:

Constraints: dates

Start Date:

End Date:

Thursday 25 Aug 2022

6:01 pm

antoniop

Extend tmpfile filter to behave in the "old way" (default), or in strict mode e.g. tmpfile(strict), enforcing the behavior for tmpfile in Aolserver/Naviserver when a form is processed

- -12
- +30
./tcl-documentation-procs.tcl
- History
- Source
- Diff
./tcl-documentation-procs.tcl

5:37 pm

antoniop

Reimplement ad_page_contract_filter_proc_tmpfile using security::safe_tmpfile_p

Some of the features implemented by this filter have been ported into the api, namely the possibility to fetch the valid temp folders from the subsite TmpDir parameter and the possibility to relax the check and allow also files deeper in the tmpfolder hierachy.

Notably, the hardcoded tmpfolders "/var/tmp" and "/tmp" have NOT been ported. One should configure these values via the many available options. security::safe_tmpfile_p is also more restrictive when a file exists, because it checks for ownership and read and write permissions on the file.

- -17
- +8
./tcl-documentation-procs.tcl
- History
- Source
- Diff
./tcl-documentation-procs.tcl
… 2 more files in changeset.

Tuesday 23 Aug 2022

8:44 pm

gustafn

Properly escape "<" and ">" in api-doc documentation.

Since all documentation is rendered via HTML, the characters

"<" and ">" have to be HTML-quoted, otherwise strange things

(omission, unintended renderings) might occur.

E.g. the sentence

Define an interface between a page and an

ADP <include> similar to the page_contract.

was rendered as

Define an interface between a page and an

ADP similar to the page_contract.

which is incorrect.

- -17
- +22
./tcl-documentation-procs.tcl
- History
- Source
- Diff
./tcl-documentation-procs.tcl
… 13 more files in changeset.

Thursday 14 Jul 2022

6:58 pm

antoniop

Fix typo

- -2
- +2
./tcl-documentation-procs.tcl
- History
- Source
- Diff
./tcl-documentation-procs.tcl

6:56 pm

antoniop

Provide a default value for the filter

- -1
- +5
./tcl-documentation-procs.tcl
- History
- Source
- Diff
./tcl-documentation-procs.tcl

6:55 pm

antoniop

New ad_page_contract filter object_type

Rhis can enforce an object id to not only be formally correct, but also to be an object of a specific type. It can also be used as a simple existance check

- -1
- +25
./tcl-documentation-procs.tcl
- History
- Source
- Diff
./tcl-documentation-procs.tcl
… 1 more file in changeset.

5:17 pm

antoniop

Update documentation

- -1
- +7
./tcl-documentation-procs.tcl
- History
- Source
- Diff
./tcl-documentation-procs.tcl

4:30 pm

antoniop

Collect common definition of an argspec flag in a proc to improve clarity

- -6
- +16
./tcl-documentation-procs.tcl
- History
- Source
- Diff
./tcl-documentation-procs.tcl

3:52 pm

antoniop

Introduce a new clock ad_page_contract filter:

this filter enforces that a datestring belongs to one of the clock formats specified in the argspec. By default, this will be %Y-%m-%d.

- -1
- +24
./tcl-documentation-procs.tcl
- History
- Source
- Diff
./tcl-documentation-procs.tcl

3:35 pm

antoniop

Cleanup

- -7
- +2
./tcl-documentation-procs.tcl
- History
- Source
- Diff
./tcl-documentation-procs.tcl

3:31 pm

antoniop

ad_page/include_contract argspec parsing reform: allow arbitrary characters in the argspec flag parameters

This reform allows to specify an argspec containing pipes, parenthesys and other so far forbidden characters as parameters for a flag. The purpose is to enhance the expressiveness of existing validators (e.g. the oneof validator) and enable new one, for instance, a date validator using a clock format as parameter.

Pipes and parenthesys need to be escaped via the backslash character in the new syntax.

- -11
- +93
./tcl-documentation-procs.tcl
- History
- Source
- Diff
./tcl-documentation-procs.tcl
… 1 more file in changeset.

Thursday 04 Nov 2021

5:11 pm

gustafn

mitigate attacks, where the referer header field is changed to a malicious value

The problem does not exist, when CSP is defined properly.

Many thanks to Frank Bergmann for sharing the pen-test protocol

- -5
- +5
./tcl-documentation-procs.tcl
- History
- Source
- Diff
./tcl-documentation-procs.tcl
… 2 more files in changeset.

Thursday 30 Sep 2021

6:21 pm

antoniop

Set ad_include_contract's local variables in a way that they are hinted as private by the "__" prefix: this reduces the chance of conflicting with popular variable names to pass to an include such as "context"

- -5
- +5
./tcl-documentation-procs.tcl
- History
- Source
- Diff
./tcl-documentation-procs.tcl

Friday 24 Sep 2021

1:38 pm

gustafn

Improved spelling

- -2
- +2
./tcl-documentation-procs.tcl
- History
- Source
- Diff
./tcl-documentation-procs.tcl
… 1 more file in changeset.

Friday 20 Aug 2021

10:38 am

gustafn

add log warnings when include-contract is violated, since (in most cases) the passed values should be pre-checked

- -4
- +13
./tcl-documentation-procs.tcl
- History
- Source
- Diff
./tcl-documentation-procs.tcl

Monday 02 Aug 2021

7:38 pm

gustafn

make using page-filter "object_id" backwards compatible by allowing it to be used also during update scripts

- -5
- +20
./tcl-documentation-procs.tcl
- History
- Source
- Diff
./tcl-documentation-procs.tcl
… 1 more file in changeset.

Thursday 24 Jun 2021

1:36 pm

hectorr

Reuse email validation logic

- -2
- +2
./tcl-documentation-procs.tcl
- History
- Source
- Diff
./tcl-documentation-procs.tcl

12:42 pm

hectorr

Fix ancient typo

- -2
- +2
./tcl-documentation-procs.tcl
- History
- Source
- Diff
./tcl-documentation-procs.tcl

Thursday 27 May 2021

9:08 pm

gustafn

use the right message key

VS: ----------------------------------------------------------------------

- -2
- +2
./tcl-documentation-procs.tcl
- History
- Source
- Diff
./tcl-documentation-procs.tcl

Sunday 23 May 2021

7:56 pm

gustafn

Added page_contract filter "object_id"

This change adds the page_contract filter "object_id", which validates

values whether these are syntactically acceptable as object_ids in

PostgreSQL and Oracle.

Note that before one is able to use the filter, the server has to be

restarted. Otherwise, when e.g. "apm/version_reload.tcl" would be

executed with the new filter, it would fail. So, one has to be careful

on update scripts, when people upgrade from old version not to create

a blocking mutual blocking condition.

- -2
- +30
./tcl-documentation-procs.tcl
- History
- Source
- Diff
./tcl-documentation-procs.tcl
… 4 more files in changeset.

Friday 23 Apr 2021

11:01 am

gernst

Remove non-functional "double click protection" in order to remove a potential attack vector

- -16
- +1
./tcl-documentation-procs.tcl
- History
- Source
- Diff
./tcl-documentation-procs.tcl
… 1 more file in changeset.

Thursday 22 Apr 2021

8:47 pm

gustafn

added page contract filter "printable" to avoid passing of binary values to certain pages

- -1
- +20
./tcl-documentation-procs.tcl
- History
- Source
- Diff
./tcl-documentation-procs.tcl
… 2 more files in changeset.

Friday 27 Nov 2020

10:27 am

gustafn

provide name for mutexes to ease spotting potential locks

- -4
- +3
./tcl-documentation-procs.tcl
- History
- Source
- Diff
./tcl-documentation-procs.tcl
… 1 more file in changeset.

Monday 23 Nov 2020

3:11 pm

antoniop

Important, although very simple reform in the page-contract filters: do not kill the case in the filter specs, or filters such as "w:oneof(One|Two)" or "locale:oneof(en_US|de_DE)" would not have a chance to match

Note that this makes the contracts stricter with respect to case, which might break obscure use cases...

- -2
- +4
./tcl-documentation-procs.tcl
- History
- Source
- Diff
./tcl-documentation-procs.tcl

Friday 20 Nov 2020

12:52 pm

gustafn

fix typo

- -2
- +2
./tcl-documentation-procs.tcl
- History
- Source
- Diff
./tcl-documentation-procs.tcl

Friday 03 Jul 2020

9:27 am

gustafn

improve spelling: move closer to the linux documentation recommendations

- -2
- +2
./tcl-documentation-procs.tcl
- History
- Source
- Diff
./tcl-documentation-procs.tcl
… 34 more files in changeset.

Monday 18 May 2020

9:24 am

gustafn

make minus sign optional again

- -2
- +2
./tcl-documentation-procs.tcl
- History
- Source
- Diff
./tcl-documentation-procs.tcl

Sunday 17 May 2020

7:04 pm

gustafn

fix typos

- -3
- +3
./tcl-documentation-procs.tcl
- History
- Source
- Diff
./tcl-documentation-procs.tcl
… 1 more file in changeset.

3:39 pm

gustafn

Make number checking more strict (allow just number literals, which are OK for Tcl and SQL)

- -10
- +16
./tcl-documentation-procs.tcl
- History
- Source
- Diff
./tcl-documentation-procs.tcl

Wednesday 11 Dec 2019

7:13 pm

antoniop

Deprecated get_referrer and NsSettoTclString, replace them with versions that respect OpenACS naming convention

- -3
- +3
./tcl-documentation-procs.tcl
- History
- Source
- Diff
./tcl-documentation-procs.tcl
… 7 more files in changeset.

tcl-documentation-procs.tcl

Line History

Stats

Commits this week: 0

Commit Activity

52 week commits volume

Commits by day

Commits by hour

Commit calendar

Most active committers (90 days)

antoniop

antoniop

gustafn

antoniop

antoniop

antoniop

antoniop

antoniop

antoniop

antoniop

antoniop

gustafn

antoniop

gustafn

gustafn

gustafn

hectorr

hectorr

gustafn

gustafn

gernst

gustafn

gustafn

antoniop

gustafn

gustafn

gustafn

gustafn

gustafn

antoniop