• last updated 27 mins ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
Make localurl filter more robust to invalid URLs: fail validation in this case, intead of crashing

fixed resource leaks

dom trees were not deleted

ad_dom_sanitize_html: fixed 2 resource leaks

in case of parsing errors in the input string the following structures leaked:

- dom tree

- stuct::tree

make sure to delete tdom document

Delete nodes explicitly, otherwise it survives the end of the proc.

fixed icanuse-test for deleting samesite cookies

More resource-info updates:

- fixed wrong and inconsistent naming of dict members (many thanks to Sebastian Scheder for figuring this out)

- removed duplicated slashes in resource paths

- fixed incorrect paths when CDN is used

- simplified handling of cspMaps

- added test checking consistency of resource-info dicts

  1. … 9 more files in changeset.
file resource-info-procs.tcl was initially added on branch oacs-5-10.

    • -0
    • +0
    ./tcl/test/resource-info-procs.tcl
fix for regression test case ad_context_bar_multirow

originally, site-node entries survived the test

after the first fix, the regression test was failing (sometimes?) the complaint was about a missing package.

now, the test seems to work always correctyl, and the site-nodes entries are gone as well

Fix regression in db_multirow_group_last_row_p

Row is last when the next value changes

Many thanks to Miachel Aram for reporting the issue

fix typo

::util::resources::resource_info_procs: function to improve roustness of fetching of resource info procs

bumped version number to 5.10.1b10

improved souce code documentation

added link to snyk advisor (bumped version to 5.10.1b9)

Further simplify handling of resource_info specs

- Added convenience function "::util::resources::register_urns" to

register all URNs with CSP handling provided by a package (denoted

by its top level namespace)

- made parameter "version" in "check-installed" include optional

- bumped version number to 5.10.1b8

reduced verbosity in the system log, provide hint to message

Fixed issue in cluster mode, denoted by Khy H in the OpenACS forum

A new command "ad_parameter_cache_flush_dict" was introduced to handle

the case, where a cluster node modifies a parameter value without

having it read before. This case could lead to a coherency problem for

parameter values.

Background:

This proc is necessary in cases, where a node writes a new

parameter value before it has read the old one.

Since a plain "nsv_dict unset ad_param $key $parameter_name"

raises an exception, when the pair does not exist, and we do

not want to allow in cluster requests arbitrary "catch"

commands, we allow "ad_parameter_cache_flush_dict" instead.

Probably, the best solution is to add support for

nsv_dict unset -nocomplain -- ad_param $key $parameter_nam

The existing nsv_dict was built after Tcl's "dict unset",

which does not have the "-nocomplain" option either. However,

an atomic operation would certainly be preferable over an exists/unset

pair, which is no acceptable solution.

For details, see https://openacs.org/forums/message-view?message_id=5822470

perform proper cleanup after regressin test

Prettify subsite admin page

- Made explicit that "Administration" means "Subsite Administration"

(use the term consistently)

- Changed message key of acs-subsite.administration to "Subsite Administration"

- added icons to subsite admin index page (full set only for bootstrap icons)

  1. … 8 more files in changeset.
use tag <i> for technical terms as on other places

fix over-eager renaming

spell "site-wide" consistently with a dash

  1. … 33 more files in changeset.
improved the site-wide admin pages for external ja libraries

- add a sample for pinning the version number via the NaviServer configuration file

- privide a link to the requirements and background page explaining the implemented policies

factored out vulerability check to make it reusable

- New proc ::util::resources::check_vulnerability

- bumped verison number to 5.10.1b7

added titles for the action URLs to guide the user

Let site-wide admin pages of external js pages modify, create and delete package parameters

The real change escaped with the previous commit.

improved spelling

  1. … 1 more file in changeset.
added comment

Use ns_parseurl to validate the URL and to determine the hostname

Latest released NaviServer still requires for servers using SNI that the -hostname flag is specified with ns_http, while it seems that in latest code we can omit it

The wrapper utility already takes care of this

Ease management of external js packages to automate admin tasks

- provide explicit information about optional package paramters

- make these accessible from site-wide admin pages

- provide information, how the configuration of the version number happend

- improve design of site-wide admin pages with action items

- further streamlined handling of external js packages

  1. … 16 more files in changeset.