• last updated 22 hours ago
Constraints: committers
Constraints: files
Constraints: dates
Factor out Package->process_init_parameter into package-custom-procs

This change makes it easier to provide instance specific customization.

In general, these package-custom-procs could also be kept in other


  1. … 4 more files in changeset.
improve spelling

  1. … 8 more files in changeset.
Deescalation: the usage of the pairs in export_vars is not so dangerous as it looked at first sight.

The problem case was originating from the call

lappend __vars [lindex $_var 0] [uplevel subst [lindex $_var 1]]

which calls Tcl's "uplevel" with two arguments. In this case, the arguments

are concatenated and the evaluated in the caller's frame. There is a substitution

before the evaluation. When just one argument is passed in, this problem there

is only one evaluation:

lappend __vars [lindex $_var 0] [uplevel [list subst [lindex $_var 1]]]

  1. … 1 more file in changeset.
Added support for passing parameter_name:value_constraint to xowiki::Package->get_parameter

- The get_parameter method can get values from query-parameters, therefore

we have to validate these.

- Use the new feature at several places (especially for boolean values)

- Still, more places should be checked

- bumped xowiki to 5.10.1d37

- bumped xotcl-core to 5.10.1d14

  1. … 10 more files in changeset.
add missing brackets

new API call util::potentially_unsafe_eval_p

Check content of the string to identify potentially unsafe content

in the provided string. The content is unsafe, when it contains

externally provided content, which might be provided e.g. via

query variables, or via user values stored in the database. When

such content contains square braces, a "subst" command on

theses can evaluate arbitrary commands, which is dangerous.

The new API call is used in "::xo::Package->return_page", where the

"subst" command stripped from its command substitution capabilities.

In case, command subsitution is needed, perform this prior this call.

bumped acs-tcl to 5.10.1d23

bumped xotcl-core to 5.10.1d13

  1. … 3 more files in changeset.
new proc "ad_log_deprecated": unified interface for logging deprecated usages

The existing code used a larger variety of different messages to

denote invocations of deprecated procs and other

artifacts. "ad_log_deprecated" provides a unified interface, and

provides a usage hint what to use instead based on the API-doc

definitions in the log-file.

  1. … 11 more files in changeset.
prefer global variable over proc

  1. … 6 more files in changeset.
Prefer "::acs::dc call ..." over "::xo::db::sql::..."

Use the common new acs interface rather than the xotcl-core variant.

Goal should be on the medium time range to replace all of the

"::xo::db::sql::*" interface.

  1. … 2 more files in changeset.
Fixes for Oracle 19c: boolean and timestamp handling, *lobs

- fix boolean permission query

- function "now()" does not exist, use "CURRENT_TIMESTAMP" instead

- revived blob and clob handling in "xo::dc dml" since this is needed

for updating

- modernize Oracle offset/limit handling

- added missing "-dbn" attributes for Oracle xo::dc calls

  1. … 2 more files in changeset.
improve wording in comments

make use of "from_cache_indicator" for the per_request_cache in instantiate_forms

  1. … 1 more file in changeset.
Add the root folder id to the cache key so that when one does not specify any parent_id, the method still reacts to a package being uninstantiated or the root folder messed around with

Fixes xowiki automated tests when run all together in the same request

use per-request cache for relatively expensive operation, which is called potentially often per request

We might consider in the future a longer lasting cache for "global" form pages.

improve comment

base refetch on "publish_date" rather than on "last_modified" of a CR item object

Interestingly, the last_modified field of an item is not updated, when an revision is added,

but the publish_date is

on CVS: ----------------------------------------------------------------------

part 2 of parameter reform

unify xo::parameter handling with classical parameter handling (parameter::get).

This change implements calls for "::xo::parameter get" by parameter::get

and outputs deprecated log entries. In addition, the initialization

of all parameters is deactivated, such that startup time is slightly faster.

so far, the full code is kept but deactivated to allow to change

quickly back, in case early adaptors run into troubles.

At least in cases, where new naviserver versions are used, the implementaton

of parameter::get became sufficiently fast to beat the xo::parameter

implementation, which was at time of its introduction ~30x faster.

  1. … 1 more file in changeset.
For Postgres, take advantage of exclusive database api to check for permissions more efficiently, improve doc

tighten checking on input parameters

  1. … 1 more file in changeset.
improve spelling

  1. … 1 more file in changeset.
reduce verbosity

provide warning about deprecated location

  1. … 1 more file in changeset.
Add missing parameter in doc

  1. … 1 more file in changeset.
improve comments and rise warning, when best-effort url is generated

refactor code and use caching to reduce (maybe overly cautious) flushes on site_nodes_id_cache-*

support folder instances as prototype pages

make "instantiate_forms" a method of packages

this reads better than the previous variant based on the Weblog class.

  1. … 14 more files in changeset.
form_usages: add revisions and full path to output

form_unify: use switch instead of boolean flag; iterate over single forms

use the same defaults for the "-forms" switch in form_usages and form_unify