OpenACS / openacs-4 / packages

acs-tcl

Tools

Line History

Line Count Graph
Line Count Graph

Stats

Commits this week: 0
Total Committers: 73
Last Commit: 18:21
Commits this week: 0
Total Lines of Code (LoC): 68,337
Net change in LoC this week: 0

Commit Activity

Commits By Day In Week
52 week commits volume
Commits By Day In Week
Commits by day
Commits By Day In Week
Commits by hour
Commits By Hour In Day
Commit calendar
 

Most active committers (90 days)

loading
loading
  • last updated 52 mins ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
Tuesday 08 Nov 2022
7:04 pm

gustafn

Deescalation: the usage of the pairs in export_vars is not so dangerous as it looked at first sight.

The problem case was originating from the call

lappend __vars [lindex $_var 0] [uplevel subst [lindex $_var 1]]

which calls Tcl's "uplevel" with two arguments. In this case, the arguments

are concatenated and the evaluated in the caller's frame. There is a substitution

before the evaluation. When just one argument is passed in, this problem there

is only one evaluation:

lappend __vars [lindex $_var 0] [uplevel [list subst [lindex $_var 1]]]

Options
    • -5
    • +5
    ./tcl/utilities-procs.tcl
  2. … 1 more file in changeset.
2:59 pm

gustafn

added warning to export_vars

Options
    • -1
    • +8
    ./tcl/utilities-procs.tcl
1:45 pm

gustafn

added optional parameter "-timeout" to "CACHE eval ..." method

Options
    • -8
    • +12
    ./tcl/acs-cache-procs.tcl
10:55 am

trenner

make ad_sanitize_filename more robust to filenames with parentheses + extend automated tests

Options
    • -4
    • +7
    ./tcl/utilities-procs.tcl
    • -0
    • +4
    ./tcl/test/utilities-procs.tcl
Monday 07 Nov 2022
2:34 pm

gustafn

new API call util::potentially_unsafe_eval_p

Check content of the string to identify potentially unsafe content

in the provided string. The content is unsafe, when it contains

externally provided content, which might be provided e.g. via

query variables, or via user values stored in the database. When

such content contains square braces, a "subst" command on

theses can evaluate arbitrary commands, which is dangerous.

The new API call is used in "::xo::Package->return_page", where the

"subst" command stripped from its command substitution capabilities.

In case, command subsitution is needed, perform this prior this call.

bumped acs-tcl to 5.10.1d23

bumped xotcl-core to 5.10.1d13

Options
    • -2
    • +2
    ./acs-tcl.info
    • -1
    • +40
    ./tcl/utilities-procs.tcl
  3. … 2 more files in changeset.
Thursday 27 Oct 2022
12:57 pm

gustafn

Deactivate api-doc access for all registered users by default

Over many years, all "Registered Users" got per default access

to /api-doc. This is probably OK, when one assumes that the

registered users are developers. However, providing source code

access to all registered users can pose a security thread,

especially on large sites.

For new installs, api-doc is now just accessible for site-wide admins.

Providing more liberal rights for users can be achieved via

setting the permissions via the sitemap.

Options
    • -8
    • +21
    ./tcl/apm-install-procs.tcl
Sunday 23 Oct 2022
8:20 pm

gustafn

improve wording

Options
    • -2
    • +2
    ./lib/check-installed.adp
8:19 pm

gustafn

don't create version directory in a checking function

Options
    • -1
    • +6
    ./tcl/utilities-procs.tcl
Friday 21 Oct 2022
1:30 pm

trenner

fix typo

Options
    • -2
    • +2
    ./tcl/text-html-procs.tcl
Tuesday 18 Oct 2022
8:58 am

gustafn

quote error message per default.

This should at least be the safe default assumption.

If in some cases it is necessary to relax this, one should

provide a swith for the non-default case.

Options
    • -1
    • +1
    ./lib/ad-return-complaint.adp
8:57 am

gustafn

align spelling to LDP recommendations

Options
    • -4
    • +4
    ./tcl/test/defs-procs.tcl
Saturday 15 Oct 2022
7:02 pm

gustafn

improve Oracle compatibility (many thanks to Raul Rodriguez)

Options
    • -2
    • +11
    ./tcl/site-nodes-procs.tcl
  2. … 2 more files in changeset.
Wednesday 12 Oct 2022
7:37 pm

gustafn

make spelling more consistent

Options
    • -1
    • +1
    ./tcl/test/acs-kernel-procs.tcl
7:36 pm

gustafn

improve source code comments

Options
    • -3
    • +11
    ./tcl/acs-cache-procs.tcl
7:05 pm

gustafn

new feature for caching infrastructure: flag "-per_request"

When this feature is used, the cache is locked max 1 time per request,

the results are stable for this request. This feature is useful for caches

having a potentially high number of locks per request.

The new feature is used currently for checking, if a package is enabled.

Options
    • -3
    • +11
    ./tcl/acs-cache-procs.tcl
    • -2
    • +2
    ./tcl/apm-procs.tcl
Tuesday 11 Oct 2022
11:12 am

antoniop

Util user messages reform: do not store the messages persistently in the database, as they are volatile in nature

Options
    • -3
    • +3
    ./tcl/utilities-procs.tcl
11:04 am

antoniop

Util user message reform: when a message is repeated, do not create a new entry, but just increase a counter, which will be displayed when the message is retrieved

Increase test coverage

Options
    • -3
    • +6
    ./tcl/utilities-procs.tcl
    • -0
    • +82
    ./tcl/test/utilities-procs.tcl
Thursday 29 Sep 2022
6:10 pm

gustafn

revert escaped version

Options
    • -14
    • +12
    ./tcl/parameter-procs.tcl
6:04 pm

gustafn

reduce verbosity

Options
    • -3
    • +7
    ./tcl/acs-db-00-procs.tcl
    • -12
    • +14
    ./tcl/parameter-procs.tcl
    • -6
    • +6
    ./tcl/text-html-procs.tcl
Wednesday 28 Sep 2022
10:20 am

gustafn

Give people the chance to use OpenACS with WithDeprecatedCode set to 0

When OpenACS is configured to omit loading of long deprecated code

(WithDeprecatedCode set to 0) files like deprecated-procs.tcl are not

loaded. Therefore, these files should only contain code, which was

deprecated at LEAST ONE RELEASE EARLIER, such that site admins have

one release time to fix calls to deprecated code. This is especially

important for public procs.

Options
    • -102
    • +2
    ./tcl/deprecated-procs.tcl
    • -2
    • +107
    ./tcl/utilities-procs.tcl
Wednesday 14 Sep 2022
2:33 pm

antoniop

Prefer acs::try_cache where the cache existance cannot be taken for granted (e.g. at upgrade)

Options
    • -6
    • +5
    ./tcl/apm-install-procs.tcl
2:29 pm

antoniop

Make acs::try_cache more robust to transitional situations during instance upgrade, where the object might exist, but not the method

Options
    • -1
    • +4
    ./tcl/acs-cache-procs.tcl
12:45 pm

antoniop

Ignore also class definitions in the ignored namespaces

Options
    • -1
    • +1
    ./tcl/test/doc-check-procs.tcl
Tuesday 13 Sep 2022
6:55 pm

gernst

ns_quotehtml user submitted value inside error message to prevent potential XSS attack

Options
    • -3
    • +3
    ./tcl/tcl-documentation-procs.tcl
4:40 pm

antoniop

Ignore the ::nsshell namespace: this is a NaviServer module, hence outside the OpenACS source tree

Options
    • -0
    • +1
    ./tcl/test/doc-check-procs.tcl
11:33 am

antoniop

Document public api

Options
    • -2
    • +3
    ./tcl/utilities-procs.tcl
  2. … 1 more file in changeset.
11:27 am

antoniop

Add doc to public api, fix obvious bug

Options
    • -3
    • +11
    ./tcl/utilities-procs.tcl
Monday 12 Sep 2022
6:23 pm

antoniop

Document public api

Options
    • -1
    • +11
    ./tcl/utilities-procs.tcl
  2. … 1 more file in changeset.
6:04 pm

antoniop

Document public api

Options
    • -2
    • +4
    ./tcl/security-procs.tcl
5:43 pm

antoniop

Document public api

Options
    • -1
    • +3
    ./tcl/install-procs.tcl
  2. … 1 more file in changeset.