• last updated 18 hours ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
Improved readability of configuration parameter "parameterSecret"

- Switched to camelCase for better readabilty and uniformity

- NaviServer configuration parameters are case insensitive, so no danger for backward compatibility

  1. … 5 more files in changeset.
Rework of util::which

The new version deals now correctly with absolute paths,

where just the extensions are added, and it is checked

whether the program is executable.

Extended regression test to deal with optional and required

external dependencies. Missing optional external programs

produce warnings.

  1. … 1 more file in changeset.
added new flag to util::join_location to avoid removing the default port

this addresses the bug reported by Jonathan Kelley in the openacs.org Q&A forum

  1. … 1 more file in changeset.
skip "-url" in "export_vars -url" since it is the default

  1. … 11 more files in changeset.
improve spelling

  1. … 7 more files in changeset.
Reintroduce exec-based approach for unzipping, as zipfile::decode will not handle files > 2GB well

As tcllib was released in 2016, I believe we can cleanup the legacy zip implementation

  1. … 1 more file in changeset.
Provide exec-free implementation of util::unzip using zipfile::decode

Deprecate ad_ns_set_to_tcl_vars, which can always be replaced with simple tcl idioms

added suport in export_vars for exporting instance variables

example:

xotcl::Object create o1

o1 set x 1

o1 proc foo {} {export_vars -base /foo {a :x b}}

o1 foo

result:

/foo?x=1

provide warning when split-location fails

make util::join_location usabel for udp and smtp

Fully-qualify the file api, in particular for ad_opentmpfile, which might be executed in namespaces already defining a file command

Whitespace cleanup

improve spelling

  1. … 9 more files in changeset.
New API "ad_mktmpdir" and "ad_opentmpfile"

Since "ns_mktemp" is deprecated (on the C level) and is prone

to vulnerabilities. This effects as well "ad_tmpnam" in OpenACS,

which uses "ns_mktemp".

Newer C-compilers complain about this more loudly:

Due to security concerns inherent in the design of mktemp(3),

it is highly recommended that you use mkstemp(3) instead.

The security concern is that when ns_mktemp() is used to generate a

(unique) file name, which is used for opening a file, an attacker can

intercept the running binary and sneak in a different file. Although

ns_mktemp() guarantees to return a unique file name, there is no

mechanism to prevent another process or an attacker from creating a

file with the same name before the application attempts to open it.

The problem with using mkstemp() instead is that it has different

semantics, since it returns the open file. So one cannot blindly

replace these calls, but it requires some refactoring. Unfortunately,

this also effects application code, since NaviServer offers

"ns_mktemp" on the Tcl level.

To make it short: one has to separate out different use_cases of

"ad_tmpnam":

(a) use it to obtain a name for creating a file, which is subsequently opened

(b) use it to obtain a name for creating a directory

(c) use it as a name, providing name as a unique name to some external programs.

Case (a) is similar to the "mkstemp(3)" recommendation above. For this

usage scenario, the call "file tmpfile..." in Tcl 8.6 can be used (but

it should also respect the configured tmp directory. This function

is also very similar to "ns_opentempdir" in NaviServer, which uses

as well "file tmpfile". Therefore, we have created a new API call

"ad_opentmpdir ..." which respects the OpenACS settings.

Case (b) can be addressed by "file tempdir" in Tcl 8.7, or by a function

in tcllib. The new API function "ad_mktmpdir" provides respects the

OpenACS settings, and works for Tcl 8.6 or newer.

Case (c) is somewhat different, since it just wants to create a unique name. This case has not received a special API so far

  1. … 1 more file in changeset.
Deescalation: the usage of the pairs in export_vars is not so dangerous as it looked at first sight.

The problem case was originating from the call

lappend __vars [lindex $_var 0] [uplevel subst [lindex $_var 1]]

which calls Tcl's "uplevel" with two arguments. In this case, the arguments

are concatenated and the evaluated in the caller's frame. There is a substitution

before the evaluation. When just one argument is passed in, this problem there

is only one evaluation:

lappend __vars [lindex $_var 0] [uplevel [list subst [lindex $_var 1]]]

  1. … 1 more file in changeset.
added warning to export_vars

make ad_sanitize_filename more robust to filenames with parentheses + extend automated tests

  1. … 1 more file in changeset.
new API call util::potentially_unsafe_eval_p

Check content of the string to identify potentially unsafe content

in the provided string. The content is unsafe, when it contains

externally provided content, which might be provided e.g. via

query variables, or via user values stored in the database. When

such content contains square braces, a "subst" command on

theses can evaluate arbitrary commands, which is dangerous.

The new API call is used in "::xo::Package->return_page", where the

"subst" command stripped from its command substitution capabilities.

In case, command subsitution is needed, perform this prior this call.

bumped acs-tcl to 5.10.1d23

bumped xotcl-core to 5.10.1d13

  1. … 3 more files in changeset.
don't create version directory in a checking function

Util user messages reform: do not store the messages persistently in the database, as they are volatile in nature

Util user message reform: when a message is repeated, do not create a new entry, but just increase a counter, which will be displayed when the message is retrieved

Increase test coverage

  1. … 1 more file in changeset.
Give people the chance to use OpenACS with WithDeprecatedCode set to 0

When OpenACS is configured to omit loading of long deprecated code

(WithDeprecatedCode set to 0) files like deprecated-procs.tcl are not

loaded. Therefore, these files should only contain code, which was

deprecated at LEAST ONE RELEASE EARLIER, such that site admins have

one release time to fix calls to deprecated code. This is especially

important for public procs.

  1. … 1 more file in changeset.
Document public api

  1. … 1 more file in changeset.
Add doc to public api, fix obvious bug

Document public api

  1. … 1 more file in changeset.
Deprecate util_get_current_url, superseded by ad_return_url

Deprecate export_entire_form_as_url_vars and replace occurrences, add a new -formvars flag to export vars to implement the behavior of the proc, that is, export a subset of the variables coming from the current request

  1. … 5 more files in changeset.
Deprecate export_ns_set_vars and extend export_vars to be able to export also a custom ns_set, which was the real added value provided by this api

  1. … 11 more files in changeset.