• last updated a few minutes ago
Constraints: committers
Constraints: files
Constraints: dates
remove uneeded flag

new funcion: util::inline_svg_from_dot: refactored version from private api-procs function.

use new function in api-doc

CVS: ----------------------------------------------------------------------

  1. … 3 more files in changeset.
ad_schedule_proc: change default of optional parameter "-thread" to "t" to reduce likelyhood that

main sched thread is blocked to long. While the main sched thread is blocked, no other jobs

will be scheduled. This can lead to potential problems, when scheduled procs should be executed

at certain times.

improve spelling

  1. … 15 more files in changeset.
improve spelling

  1. … 15 more files in changeset.
NaviServer handles no continuation lines in a secure way, no need to make multiple log-entries

improve readability with sanitized error log

Move 'util::content_size_pretty' into 'acs-lang' and rename it to 'lc_content_size_pretty', localicing 'bytes' and adapting automated tests. Bump 'acs-lang' version.

  1. … 41 more files in changeset.
Localize dot/comma just before return on 'util::content_size_prettyutil::content_size_pretty'

"Replace 'decimal' parameter with 'standard' in 'util::content_size_pretty', wich now supports three different standards (SI base-10, IEC base-2 and the old JEDEC base-2), change default to SI base-10 and modify automated tests accordingly". +info: https://en.wikipedia.org/wiki/Binary_prefix

  1. … 1 more file in changeset.
Add new proc 'util::content_size_pretty', to prettify data size given in bytes, and its automated tests.

It supports both binary and decimal representations, a resolution up to YB/YiB, and setting the precision via parameter.

It should replace ad-hoc size prettyfication done manually in several places of the codebase.

  1. … 1 more file in changeset.
Mark value checking functions from before ad_page_contract as deprecated

(see also issue #3407)

A 16 years old comment says:

This is some old security crud from before we had ad_page_contract










Fix ad_generate_random_string

it seems, that "-ulevel" is used more often than "-level"

  1. … 1 more file in changeset.
use "-level" instead of "-ulevel", since "-level" is used e.g. in

template::util::multirow_to_list or template::util::list_of_ns_sets_to_multirow

as well.

  1. … 1 more file in changeset.
Added switch "-ulevel" to proc "util::var_subst_quotehtml";

ad_form: quote form field values in validation error messages to prevent XSS attacks

  1. … 1 more file in changeset.
Fix typo

new support function util::var_subst_quotehtml to perform variable substitution with ns_quotehtml

use capitals for abbreaviation

change references from "http://*tcl.tk/" to "https://*tcl-lang.org/"

  1. … 5 more files in changeset.
avoid double substitutions

  1. … 2 more files in changeset.
Add remarks about "correct" usage of ad_decode in proc doc

improve spelling

  1. … 14 more files in changeset.
Default value for "sign" in export vars should be empty, and not "0"

- relax strict error handling on export_vars_sign for the time being

ad_sign: generalize last ad_sign handling to

allow user and csrf binding

  1. … 4 more files in changeset.
ad_sign: new optional parameter "user_binding"

The parameter user_binding allows to bind a signature to a user.

When the value is "-1" only the user who created the signature can

obtain the value again. A value of 0 (default) means no user binding.

The permissible values might be extended in the future.

bump version number to 5.10.0d24

  1. … 2 more files in changeset.
Remove backtick from the list of characters to be replaced by 'ad_sanitize_filename', as 'util::zip' deals with them properly now

util::zip reform.

+ Use '::zipfile::mkzip', introduced in tcllib 1.18, if available.

+ For unix-like systems, with older tcllib versions, bash was used for changing directories. This method was problematic when using certain characters for the filenames, such as backticks, for example. In order to avoid this and properly quote everything, we use tclsh instead, in a convoluted and funny way (thanks to Nathan Coulter for the hack).

+ TODO: test this method also on windows, and unify the legacy implementations if it works.

Add '`' to the list of sanitazable characters by 'ad_sanitize_filename'