• last updated a few minutes ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
Reimplement ad_page_contract_filter_proc_tmpfile using security::safe_tmpfile_p

Some of the features implemented by this filter have been ported into the api, namely the possibility to fetch the valid temp folders from the subsite TmpDir parameter and the possibility to relax the check and allow also files deeper in the tmpfolder hierachy.

Notably, the hardcoded tmpfolders "/var/tmp" and "/tmp" have NOT been ported. One should configure these values via the many available options. security::safe_tmpfile_p is also more restrictive when a file exists, because it checks for ownership and read and write permissions on the file.

Comment WIP

Declare proc coverage

  1. … 1 more file in changeset.
Factor the payload building behavior in util::http::post into its own proc, so that it can be reused elsewhere

Add must_exist flag to enforce a safe tmpfile to already exist

Fixed bug in util_convert_line_breaks_to_html

The code deleted spaces around certain tags, while - according to the

documentation, only line breaks should be removed from there.

Extended regression test.

    • -5
    • +14
    ./tcl/test/html-conversion-procs.tcl
Introduce security::safe_tmpfile_p checking whether a file belongs to the configured tmpfolder and respects other constraints

The plan is to use it to improve input validations

Deactivated script-dynamic again

activating "script-dynamic" for script-src prevents resources as the following from loading

<script type="text/javascript" src="/resources/xowiki/bootstrap-treeview/1.2.0/bootstrap-treeview.min.js" nonce="F8843D5CD542FB1CDB4C94C5D13C4E5ECC2E1DCA">

improve test coverage of apm_* API

added test for checking documentation in regard of valid HTML markup

Properly escape "<" and ">" in api-doc documentation.

Since all documentation is rendered via HTML, the characters

"<" and ">" have to be HTML-quoted, otherwise strange things

(omission, unintended renderings) might occur.

E.g. the sentence

Define an interface between a page and an

ADP <include> similar to the page_contract.

was rendered as

Define an interface between a page and an

ADP similar to the page_contract.

which is incorrect.

    • -17
    • +22
    ./tcl/tcl-documentation-procs.tcl
  1. … 10 more files in changeset.
Changed "db_multirow" to use "db_list_of_lists" instead of "db_list_of_ns_sets"

Thanks to the recent improvements in NaviServer for

"db_list_of_lists", it is more efficient to use this in "db_multirow"

(actually in "db_multirow_helper"). The implementation revealed a bug

in "db_list_of_lists", when both options "-columns_var" and

"-with_headers" were set.

Extended regression test to cover the former bug.

Relax tdom tolerance for non-standard markup

Test apm_get_repository_channels proc

file apm-install-procs.tcl was initially added on branch oacs-5-10.

    • -0
    • +0
    ./tcl/test/apm-install-procs.tcl
Fix typo

Generalized "version_dir" handling a little for download specs

The problem was that bootstrap5 uses a version directory, which

consists of the version plus an extra string element. The previous

version assumed that the version is always used as a directory name.

Whe track now the versionDir information in the resource_info dict and

use this, when available (otherwise the version number is used as before).

The resource_info dict contains now the following path components:

# Provide paths for loading either via /resources/ or CDN

#

# "resourceDir" is the absolute path in the filesystem

# "resourceUrl" is the URL path provided to the request processor

# "versionDir" is the version-specific element both in the

# URL and in the filesystem.

#

bumped acs-tcl to 5.10.1d19

fix several bugs in "acs_object_type::supertype" and improve code sanity

    • -8
    • +8
    ./tcl/object-type-procs-postgresql.xql
    • -1
    • +10
    ./tcl/test/object-test-case-procs.tcl
Replace not portable sql idiom with existing api, improve caching, extend regression test

    • -1
    • +19
    ./tcl/test/object-test-case-procs.tcl
whitespace fixes

Quick fix for problems with recursive query for type hierarchy on openacs.org

On OpenACS.org, the types for object_type in acs_objects and acs_object_types differs,

leading to a hard error in PostgreSQL. This is just a quick fix, the proper

fix is to investigate, why the types differ (other sites might be as well

affected by this) and to provide a proper update script.

Furthermore, the query is not Oracle compliant.

fix testcase as indicated by hector, extend regression test

Extend 'db__db_foreach' test case, exposing a regression in 'db_foreach' with an uneven number of columns

added memory units to default values

deactivate useless warning

Improved db-functions db_list_of_nssets, db_list_of_lists, and db_foreach

These versions were developed in the conjunction with the NaviServer

ns_set reform. Especially ns_list_of_lists is improved, since it

avoids duplication of the data. This is especially important, when

queries return huge amount of data.

Update italian localization

    • -0
    • +1
    ./catalog/acs-tcl.it_IT.ISO-8859-1.xml
Improve api robustness and test it

    • -1
    • +52
    ./tcl/test/object-test-case-procs.tcl
Cache api per request

Don't append an extra empty string to the form command when we are dealing with flags (that have therefore no value)

Fixes regression from https://cvs.openacs.org/changelog/OpenACS?cs=oacs-5-10%3Aantoniop%3A20220331163354, because now we treat flags properly