• last updated 10 hours ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
Cleanup duplicated and slower proc definition

Properly escape "<" and ">" in api-doc documentation.

Since all documentation is rendered via HTML, the characters

"<" and ">" have to be HTML-quoted, otherwise strange things

(omission, unintended renderings) might occur.

E.g. the sentence

Define an interface between a page and an

ADP <include> similar to the page_contract.

was rendered as

Define an interface between a page and an

ADP similar to the page_contract.

which is incorrect.

  1. … 13 more files in changeset.
Generalized "version_dir" handling a little for download specs

The problem was that bootstrap5 uses a version directory, which

consists of the version plus an extra string element. The previous

version assumed that the version is always used as a directory name.

Whe track now the versionDir information in the resource_info dict and

use this, when available (otherwise the version number is used as before).

The resource_info dict contains now the following path components:

# Provide paths for loading either via /resources/ or CDN

#

# "resourceDir" is the absolute path in the filesystem

# "resourceUrl" is the URL path provided to the request processor

# "versionDir" is the version-specific element both in the

# URL and in the filesystem.

#

bumped acs-tcl to 5.10.1d19

  1. … 2 more files in changeset.
Deprecate ad_apply, made obsolete in modern Tcl by the expansion operator "{*}"

  1. … 4 more files in changeset.
provided a default value for udp:// requests

whitespace cleanup

added sni hostname and redirect on 301 and 302

Added new private helper proc ::util::resources::download_helper

to deal with redirects on github, when "util::http::get" is used.

Provide better debug info in case "ns_parseurl" fails inside util::split_location

Factor our private function "util::ns_set_pretty_print" which might be

used also on other occasions.

rework of ad_decode

- modernize code

- improve performance

- extend regression test

  1. … 1 more file in changeset.
improve spelling and formulations

  1. … 2 more files in changeset.
util::file_content_check: new utility for checking content of a file

Check whether the provided file is of the requested type.

This function is more robust and protable than relying on

external programs and their output, but it does not work on

all possible file types. It checks a few common cases that

could lead to problems otherwise, like when uploading archives.

Bump version to 5.10.1d9

  1. … 2 more files in changeset.
improve spelling

  1. … 2 more files in changeset.
Cleanup smelly comment: we don't need to catch the error, if it fails it fails and the application should handle it

Move deprecated api out of the way

  1. … 1 more file in changeset.
Streamline ns_set idioms

Streamline ns_set idioms

Streamline ns_set idiom

Deprecate oacs_util::vars_to_ns_set: modern ns_set idioms make this proc obsolete

  1. … 7 more files in changeset.
Deprecate ad_tcl_vars_list_to_ns_set: modern ns_set idioms make this proc obsolete

  1. … 1 more file in changeset.
Deprecate ad_tcl_vars_to_ns_set: modern ns_set idioms make it obsolete

  1. … 1 more file in changeset.
Streamline ns_set idioms

Deprecate util_ns_set_to_list: ns_set array is an equivalent oneliner

  1. … 5 more files in changeset.
Streamline ns_set idioms

Deprecate util_list_to_ns_set: it can be replaced with a more efficient oneliner

  1. … 2 more files in changeset.
Make "util::split_location" more robust

This change fixes exceptions for util::split_location in

cases, where the URL could not be parsed at all. The function

should return the success indicator instead of raising an

exception. The problem showed up in connection with

attempted log4j attacks.

Close parenthesis in doc

fix broken util::word_diff and add regression test

The function was already broken before the change of today,

removing the needed for a pipe open.

  1. … 1 more file in changeset.
reduce cases of tcl pipe open in acs-core

AFIKT, the semantics are the same.

For background, see: https://openacs.org/forums/message-view?message_id=5539060

  1. … 1 more file in changeset.
mitigate attacks, where the referer header field is changed to a malicious value

The problem does not exist, when CSP is defined properly.

Many thanks to Frank Bergmann for sharing the pen-test protocol

  1. … 2 more files in changeset.