• last updated 7 hours ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
Rework URL validation in ad_dom_sanitize_html

We now prefer higher level api to determine:

- if a URL is external

- what protocol should be assumed for a URL when this is relative or protocol-relative

Fix test case

Extend test suite

provide a better domain name for temporal accounts in regression test

    • -2
    • +2
    ./tcl/test/community-core-test-procs.tcl
made test for valid protocols case invariant

Reflect api changes in the test suite

improved spelling

  1. … 14 more files in changeset.
Cluster updates: better support when running in containers

- generalized servers running with an INADDR_ANY address

- handling of running server with ephemeral ports

- streamline function and variable names

- added ./tcl/acs-container-procs.tcl

* make container definitions independent of cluster handling

* create container mapping based on a JSON file, which

can be obtained from docker to get information about

external addresses

* The final interface is a mapping file in Tcl providing at least

the Tcl dict ::docker::containerMapping containing the docker

mapping. A dict key like "8080/tcp" (internal port) will return a

dict containing the keys "host", "port" and "proto" (e.g. proto

https host 192.168.1.192 port 58115).

file acs-container-procs.tcl was initially added on branch oacs-5-10.

    • -0
    • +0
    ./tcl/acs-container-procs.tcl
In the end we do phase out the util_expand_entities* procs for being too lame

Good riddance

a protocol relative URL is not complete, but it can be understood as external

Make util_complete_url_p recognize protocl-relative URLs

Extend the test cases for util_complete_url_p with a case of protocol-relative URL

Reimplement util_expand_entities_ie_style

This proc turned out to be long broken. We could consider phasing it out, but as it is a public interface used in a few places we prefer to keep it around and try to fix it.

The intended behavior has been reconstructed from the documentation. The new approach uses a single regexp to extract entities, which does not risk to loop indefinitely as before.

Test util_expand_entities and util_expand_entities_ie_style

This test will show that since the long broken parenthesys in util_expand_entities_ie_style were fixed in a recent commit, this proc will just not work.

After further consideration, ns_absoluteurl is actually sufficient to preform location header completion on its own and does not need a wrapper utility

  1. … 1 more file in changeset.
Streamline terminology with other occurrences in OpenACS and NaviServer/AOLserver

- the term "location" is usually used in OpenACS/NaviServer/AOLserver for the

part of a URL before the path (i.e. SCHEME+HOST+PORT)

- the new function util::absolute_url is a value-added version of NaviServer's "ns_absoluteurl".

This is now documented with its differences, and aligned with its terminology

fixed broken indentation and broken nesting

    • -1149
    • +1148
    ./tcl/text-html-procs.tcl
fixed indentation of braces

fix incorrect nesting in switch statements

added "variable" declaration to avoid potential namespace confusion

Introduce util::complete_location

This utility is meant to require the value of the Location header in an HTTP response to be completed vith the host coming from a reference complete URL, which is normally that of the redirected request.

It is intended for use in the context of HTTP client APIs, where we want to handle server responses affected by https://www.rfc-editor.org/rfc/rfc7231#section-7.1.2

  1. … 1 more file in changeset.
use original provided host-header-field in log statement

escape variable in log statement

Fix another variable name after refactoring

Fix variable name after refactoring

fixed typo

Updated location handling

- make use of "ns_server hosts" when available

- refactored and simplified code

- keep validated locations in an nsv array

- added support for extra white-listed hosts

in case, every other configuration fails

(should not be necessary)

ns_section ns/server/$server/acs {

ns_param whitelistedHosts {...}

}

- updated inline documentation

The new code is supposed to handle in combination of a recent NaviServer

all complex host header validation scenarios, include running behind a proxy,

in a container or cluster.

Updated icanuse registry

- added "ns_ip", "ns_subnetmatch", and "ns_server hosts"

- sorted commands alphabetically

whitespace changes