OpenACS / openacs-4 / packages

acs-tcl

Tools

Line History

Line Count Graph
Line Count Graph

Stats

Commits this week: 17
Total Committers: 73
Last Commit: 28 Dec
Commits this week: 17
Total Lines of Code (LoC): 74,868
Net change in LoC this week: 25

Commit Activity

Commits By Day In Week
52 week commits volume
Commits By Day In Week
Commits by day
Commits By Day In Week
Commits by hour
Commits By Hour In Day
Commit calendar
 

Most active committers (90 days)

loading
loading
  • last updated 8 hours ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
Wednesday 10 Jul
3:57 pm

antoniop

In the end we do phase out the util_expand_entities* procs for being too lame

Good riddance

Options
    • -7
    • +10
    ./tcl/text-html-procs.tcl
    • -77
    • +0
    ./tcl/test/text-html-procs.tcl
3:12 pm

gustafn

a protocol relative URL is not complete, but it can be understood as external

Options
    • -8
    • +21
    ./tcl/utilities-procs.tcl
    • -1
    • +23
    ./tcl/test/acs-tcl-test-procs.tcl
2:42 pm

antoniop

Make util_complete_url_p recognize protocl-relative URLs

Options
    • -9
    • +5
    ./tcl/utilities-procs.tcl
2:41 pm

antoniop

Extend the test cases for util_complete_url_p with a case of protocol-relative URL

Options
    • -0
    • +1
    ./tcl/test/acs-tcl-test-procs.tcl
Monday 08 Jul
5:17 pm

antoniop

Reimplement util_expand_entities_ie_style

This proc turned out to be long broken. We could consider phasing it out, but as it is a public interface used in a few places we prefer to keep it around and try to fix it.

The intended behavior has been reconstructed from the documentation. The new approach uses a single regexp to extract entities, which does not risk to loop indefinitely as before.

Options
    • -44
    • +29
    ./tcl/text-html-procs.tcl
5:10 pm

antoniop

Test util_expand_entities and util_expand_entities_ie_style

This test will show that since the long broken parenthesys in util_expand_entities_ie_style were fixed in a recent commit, this proc will just not work.

Options
    • -0
    • +77
    ./tcl/test/text-html-procs.tcl
4:10 pm

antoniop

After further consideration, ns_absoluteurl is actually sufficient to preform location header completion on its own and does not need a wrapper utility

Options
    • -3
    • +1
    ./tcl/http-client-procs.tcl
    • -46
    • +1
    ./tcl/utilities-procs.tcl
    • -104
    • +0
    ./tcl/test/utilities-procs.tcl
  4. … 1 more file in changeset.
3:20 pm

gustafn

Streamline terminology with other occurrences in OpenACS and NaviServer/AOLserver

- the term "location" is usually used in OpenACS/NaviServer/AOLserver for the

part of a URL before the path (i.e. SCHEME+HOST+PORT)

- the new function util::absolute_url is a value-added version of NaviServer's "ns_absoluteurl".

This is now documented with its differences, and aligned with its terminology

Options
    • -3
    • +3
    ./tcl/http-client-procs.tcl
    • -29
    • +29
    ./tcl/utilities-procs.tcl
    • -62
    • +66
    ./tcl/test/utilities-procs.tcl
4:07 am

gustafn

fixed broken indentation and broken nesting

Options
    • -1149
    • +1148
    ./tcl/text-html-procs.tcl
Sunday 07 Jul
12:18 pm

gustafn

fixed indentation of braces

Options
    • -2
    • +2
    ./tcl/application-data-link-procs.tcl
    • -2
    • +2
    ./tcl/json-procs.tcl
    • -2
    • +2
    ./tcl/request-processor-procs.tcl
12:16 pm

gustafn

fix incorrect nesting in switch statements

Options
    • -36
    • +36
    ./tcl/text-html-procs.tcl
12:14 pm

gustafn

added "variable" declaration to avoid potential namespace confusion

Options
    • -1
    • +2
    ./tcl/site-nodes-procs.tcl
Friday 05 Jul
3:43 pm

antoniop

Introduce util::complete_location

This utility is meant to require the value of the Location header in an HTTP response to be completed vith the host coming from a reference complete URL, which is normally that of the redirected request.

It is intended for use in the context of HTTP client APIs, where we want to handle server responses affected by https://www.rfc-editor.org/rfc/rfc7231#section-7.1.2

Options
    • -1
    • +9
    ./tcl/http-client-procs.tcl
    • -1
    • +46
    ./tcl/utilities-procs.tcl
    • -0
    • +100
    ./tcl/test/utilities-procs.tcl
  4. … 1 more file in changeset.
Tuesday 02 Jul
5:00 pm

trenner

use original provided host-header-field in log statement

Options
    • -2
    • +2
    ./tcl/security-procs.tcl
1:09 pm

trenner

escape variable in log statement

Options
    • -2
    • +2
    ./tcl/security-procs.tcl
8:45 am

trenner

Fix another variable name after refactoring

Options
    • -2
    • +2
    ./tcl/security-procs.tcl
Thursday 13 Jun
4:26 pm

antoniop

Fix variable name after refactoring

Options
    • -2
    • +2
    ./tcl/security-procs.tcl
Tuesday 11 Jun
7:04 pm

gustafn

fixed typo

Options
    • -2
    • +2
    ./tcl/security-procs.tcl
11:26 am

gustafn

Updated location handling

- make use of "ns_server hosts" when available

- refactored and simplified code

- keep validated locations in an nsv array

- added support for extra white-listed hosts

in case, every other configuration fails

(should not be necessary)

ns_section ns/server/$server/acs {

ns_param whitelistedHosts {...}

}

- updated inline documentation

The new code is supposed to handle in combination of a recent NaviServer

all complex host header validation scenarios, include running behind a proxy,

in a container or cluster.

Options
    • -79
    • +183
    ./tcl/security-procs.tcl
11:15 am

gustafn

Updated icanuse registry

- added "ns_ip", "ns_subnetmatch", and "ns_server hosts"

- sorted commands alphabetically

Options
    • -7
    • +10
    ./tcl/00-icanuse-procs.tcl
Tuesday 04 Jun
3:18 pm

gustafn

whitespace changes

Options
    • -19
    • +19
    ./tcl/html-procs.tcl
3:18 pm

gustafn

modernize code

Options
    • -4
    • +2
    ./tcl/html-procs.tcl
2:20 pm

gustafn

moved long time deprecated function "ad_approval_system_inuse_p" to deprecated-procs

Options
    • -18
    • +1
    ./tcl/admin-procs.tcl
    • -2
    • +19
    ./tcl/deprecated-procs.tcl
2:14 pm

gustafn

Improved comments and make code more robust in regards of legacy setups

Options
    • -12
    • +20
    ./tcl/request-processor-procs.tcl
Monday 03 Jun
7:47 pm

gustafn

Added support for relative redirects

RFC 2616 requires an absolute URI in the "Location" header field. So

if someone calls "ns_returnredirect /", NaviServer transforms it on

the fly into an absolute URL by prefixing it with the location

(e.g. https://openacs.org/). NaviServer (and OpenACS) has some complex

code to compute the location value, especially when virtual servers

are involved (or for "host-node mapped" subsites in OpenACS). The

situation is further complicated when running behind a reverse proxy

and/or in a containerized environment. In such cases, the location is

computed from the "host" request header field, which must be

validated, otherwise an attacker could hijack a session and redirect

it to a spoofed site.

The situation changed 10 years ago (June 2014) with the introduction

of RFC 7231, which allows relative redirects (see

https://www.rfc-editor.org/rfc/rfc7231#section-7.1.2). Using relative

redirects greatly simplifies configuration and closes the attack

vector using the host header field. RFC 7231 has been superseded by

RFC 9110 (June 2022), which also supports relative redirects via the

"location" response header field (see

https://www.rfc-editor.org/rfc/rfc9110#field.location).

Since OpenACS prefixed always the URL with a location, when it

encounters are relative URL in a "ad_returnredirect", this change

makes use of the new feature of NaviServer 5.

Make sure to use a current version of NaviServer, where the support

was added recently.

Options
    • -0
    • +14
    ./tcl/00-icanuse-procs.tcl
    • -4
    • +10
    ./tcl/utilities-procs.tcl
Friday 31 May
2:01 pm

gustafn

improved robustness during bootstrap

Options
    • -7
    • +20
    ./tcl/parameter-procs.tcl
2:00 pm

gustafn

improved speling

Options
    • -2
    • +2
    ./tcl/xml-0-sgml-procs.tcl
2:00 pm

gustafn

improved spelling

Options
    • -1
    • +1
    ./tcl/acs-db-00-procs.tcl
    • -2
    • +2
    ./tcl/acs-permissions-procs.tcl
    • -2
    • +2
    ./tcl/request-processor-procs.tcl
    • -2
    • +2
    ./tcl/text-html-procs.tcl
    • -4
    • +4
    ./tcl/utilities-procs.tcl
  6. … 1 more file in changeset.
Wednesday 29 May
11:24 am

gustafn

Extended "ad_conn behind_secure_proxy_p"

This test will be now true, when either the recieved request

contains one of those request header fields.

- "X-SSL-Request: 1"

- "X-Forwarded-Proto: https"

Before, only the first variant was accepted.

The AWS load balancer uses the second variant.

Options
    • -2
    • +5
    ./tcl/request-processor-procs.tcl
Wednesday 22 May
10:34 am

trenner

fix typo

Options
    • -2
    • +2
    ./tcl/request-processor-procs.tcl