• last updated 33 mins ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
use tag <i> for technical terms as on other places

fix over-eager renaming

spell "site-wide" consistently with a dash

  1. … 33 more files in changeset.
improved the site-wide admin pages for external ja libraries

- add a sample for pinning the version number via the NaviServer configuration file

- privide a link to the requirements and background page explaining the implemented policies

factored out vulerability check to make it reusable

- New proc ::util::resources::check_vulnerability

- bumped verison number to 5.10.1b7

added titles for the action URLs to guide the user

Let site-wide admin pages of external js pages modify, create and delete package parameters

The real change escaped with the previous commit.

improved spelling

  1. … 1 more file in changeset.
added comment

Use ns_parseurl to validate the URL and to determine the hostname

Latest released NaviServer still requires for servers using SNI that the -hostname flag is specified with ns_http, while it seems that in latest code we can omit it

The wrapper utility already takes care of this

Ease management of external js packages to automate admin tasks

- provide explicit information about optional package paramters

- make these accessible from site-wide admin pages

- provide information, how the configuration of the version number happend

- improve design of site-wide admin pages with action items

- further streamlined handling of external js packages

  1. … 16 more files in changeset.
renamed misnomer "ad_parameter_from_file"

- removed hints on "*.ini" files

- provided a name that points to the configuration file ("ad_parameter_from_configuration_file")

- deprecated old name

- updated documentation with examples

    • -1
    • +1
    ./tcl/test/apm-parameter-test-procs.tcl
js-libraries: improved naming of variables

Changed name "installedVersion" to "configuredVersion", since

the former might lead to the impression, that it refers only

to the locally installed version. Instead, this refers as well

to a CDN version (when available)

  1. … 18 more files in changeset.
reduced verbosity

js-libraries: removed variable "resourceUrl"

The variable "resourceUrl" was always used in a single branch but set

for all branches before. To ease maintenance and simplify

comprehension, it was removed.

  1. … 10 more files in changeset.
tdom: "dom parse -html" implies the "simple" parser

The flag "-simple" is not needed when parsing with the flag "-html". This meanse

that

dom parse -simple -html ...

is equivalent with

dom parse -html ...

  1. … 3 more files in changeset.
Always use "--" in "dom parse" when document is interpolated

This is a safety measure to make sure that the document parsed is

never confused with an option, when the document starts with a "-". In

the best case, the error message provided by "dom parse" might be

misleading. This might be a problem for user contributed documents

(passed as variables, or return values from functions).

The double dash is supported in tdom since version 0.9.0.

  1. … 14 more files in changeset.
In essence, this change renames "version_dir" to "version_segment" as

well as "versionDir" to "versionSegment" to reflect the fact, that

this variable does not denote a directory, but a part of the path

appended to path "resourceDir".

  1. … 3 more files in changeset.
various small fixes for js libraries

- fixed page contract in case a non-default version is downloaded

- provide always an argument "-version" to resource_info procs

- obtain current version number always via resource_info.installedVersion

(it refers to CDN and locally installed version)

- pass always versionDir via resource_info to ::util::resources::download

- always obtain version_dir from resource_info

  1. … 24 more files in changeset.
add "--" to separate argument list from potentially confusing (and externaly provided) content

added handling of literal object "arraycontainer"

Improved resource information for external libraries

- added vulnerability check for a particular version

- centralized URL generation for cdnjs URLS (will reduce maintenance work, when external URL changes)

- improve behavior when running without an Internet connection

  1. … 9 more files in changeset.
Fix permission::write_permission_p. Before, the check if the user was the creation_user was always made against the currently logged in user, not the party given by the caller.

Fix default https port in security::configured_driver_info

Extended json2dict to cover literal objects named "objectcontainer"

Extended regression test as well

Include available version number and vulnerability check on swa pages

This eases the use of external JavaScript libraries by adding

the available version number and a link for vulnerability checks

on the site-wide admin pages (when this information is available)

- bumped version number to 5.10.1b6

fix broken variable name

Do not allow unusual schemas like base64 and json as local URLs

This case was flagged by a vulnerability scan, but at least at the found instance

it was a false positive...

Extended json2dict to cover arraycontainer

Many thank to Rolf for his feedback!