• last updated 1 hour ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
improve spelling and formulations

  1. … 2 more files in changeset.
util::file_content_check: new utility for checking content of a file

Check whether the provided file is of the requested type.

This function is more robust and protable than relying on

external programs and their output, but it does not work on

all possible file types. It checks a few common cases that

could lead to problems otherwise, like when uploading archives.

Bump version to 5.10.1d9

  1. … 2 more files in changeset.
improve spelling

  1. … 2 more files in changeset.
Cleanup smelly comment: we don't need to catch the error, if it fails it fails and the application should handle it

Move deprecated api out of the way

  1. … 1 more file in changeset.
Streamline ns_set idioms

Streamline ns_set idioms

Streamline ns_set idiom

Deprecate oacs_util::vars_to_ns_set: modern ns_set idioms make this proc obsolete

  1. … 7 more files in changeset.
Deprecate ad_tcl_vars_list_to_ns_set: modern ns_set idioms make this proc obsolete

  1. … 1 more file in changeset.
Deprecate ad_tcl_vars_to_ns_set: modern ns_set idioms make it obsolete

  1. … 1 more file in changeset.
Streamline ns_set idioms

Deprecate util_ns_set_to_list: ns_set array is an equivalent oneliner

  1. … 5 more files in changeset.
Streamline ns_set idioms

Deprecate util_list_to_ns_set: it can be replaced with a more efficient oneliner

  1. … 2 more files in changeset.
Make "util::split_location" more robust

This change fixes exceptions for util::split_location in

cases, where the URL could not be parsed at all. The function

should return the success indicator instead of raising an

exception. The problem showed up in connection with

attempted log4j attacks.

Close parenthesis in doc

fix broken util::word_diff and add regression test

The function was already broken before the change of today,

removing the needed for a pipe open.

  1. … 1 more file in changeset.
reduce cases of tcl pipe open in acs-core

AFIKT, the semantics are the same.

For background, see: https://openacs.org/forums/message-view?message_id=5539060

  1. … 1 more file in changeset.
mitigate attacks, where the referer header field is changed to a malicious value

The problem does not exist, when CSP is defined properly.

Many thanks to Frank Bergmann for sharing the pen-test protocol

  1. … 2 more files in changeset.
improve spelling

provide a fork-free implementation of dot rendering

Improved spelling

  1. … 1 more file in changeset.
improve documentation

break overlong lines and improve comments

improve spelling

Reduce usage of ns_mktemp in OpenACS

ns_mktemp uses the deprecated old POSIX call mktemp(), which should

not be used anymore for security reasons (race between the name

creation and opening the file). This change removes several usages of

"ns_mktemp" from OpenACS and replaces it with calls to the

safe Tcl call "file tempfile ..." (introduced by Tcl 8.6).

  1. … 7 more files in changeset.
Adapt 'ad_urlencode_url' to the new 'ns_parseurl' stricter behavior

Make so that also party::update enforces emails to be lowercase, add/extend automated tests to make sure emails are lowercase everywhere

  1. … 2 more files in changeset.
Refine regex and extend tests

  1. … 1 more file in changeset.