• last updated 15 hours ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
added handling of literal object "arraycontainer"

Improved resource information for external libraries

- added vulnerability check for a particular version

- centralized URL generation for cdnjs URLS (will reduce maintenance work, when external URL changes)

- improve behavior when running without an Internet connection

  1. … 9 more files in changeset.
Fix permission::write_permission_p. Before, the check if the user was the creation_user was always made against the currently logged in user, not the party given by the caller.

Fix default https port in security::configured_driver_info

Extended json2dict to cover literal objects named "objectcontainer"

Extended regression test as well

Include available version number and vulnerability check on swa pages

This eases the use of external JavaScript libraries by adding

the available version number and a link for vulnerability checks

on the site-wide admin pages (when this information is available)

- bumped version number to 5.10.1b6

fix broken variable name

Do not allow unusual schemas like base64 and json as local URLs

This case was flagged by a vulnerability scan, but at least at the found instance

it was a false positive...

Extended json2dict to cover arraycontainer

Many thank to Rolf for his feedback!

adjust coverage information

Bump version number to 5.10.1b5 such we can depend on new functionality

new API function: util::json2dict

This function is similar to the tcllib function json::json2dict, but

is based on tDOM and is several times faster.

file json-test-procs.tcl was initially added on branch oacs-5-10.

    • -0
    • +0
    ./tcl/test/json-test-procs.tcl
Mode use of new util::resources::version_dir

Made download helper more modular and added support for a version_API

whitespace cleanup

Added support for specifying -expires and -timeout with a time unit

Previously, the "integer" constrain avoided this. Now, we rely on the

error messages of NaviServer to handle incorrect values.

Flush the package_url cache when we mount a new package, as this may be the first time that we instantiate this particular package

fixed test server_startup_ok

Previously, the test was returning different results depending on the order of

tests.

While it is in general better to avoid error entries in the log file during

regression test, since these testing expected behavior, while error entries

in the log file should indicated unexpected behavior. However, it is still

a long way to let the regression test run cleanly.

  1. … 1 more file in changeset.
Fixed regression test and make more use of "aa_test_start" and "aa_test_end"

This change reduces the errors in the log file a lets run the

regression test (on my site) without reported errors as reported by

acs_kernel__server_startup_ok.

  1. … 2 more files in changeset.
Skip test, when the optional parameter DiskCache is not defined.

Otherwise, the attempt to set the parameter will fail and will output

an error message to the log file.

Spelling changes

Provide an API to check/set/clear the state of the regression test

The new calls are:

- aa_test_running_p

- aa_test_start

- aa_test_end

  1. … 1 more file in changeset.
Claim additional coverage

Extend test suite to check URL protocol validation

Complete the URL earlier, so that protocol-relative URLs can be correctly determined as external or not

Extend test suite to check behavior validating external URLs

Fixes for regression test: util_http_json_encoding

This change corrects 2 bugs, causing the regression test to fail under certain circumstances:

1) use for test location [::acs::test::url] instead of [ad_url]

The call [::acs::test::url] should be used for all tests in the regression tests and avoids

problems with wrong URLs when running e.g. in a container

2) When running on a setup with self-signed certificates, the curl requests require a "-k"

flag to be passed. Otherwise, the regression test fails.

Rework URL validation in ad_dom_sanitize_html

We now prefer higher level api to determine:

- if a URL is external

- what protocol should be assumed for a URL when this is relative or protocol-relative

Fix test case