OpenACS / openacs-4 / packages / xowiki / tcl

xowiki-www-procs.tcl

Tools

Line History

Line Count Graph
Line Count Graph

Stats

Commits this week: 0
Total Committers: 8
Last Commit: 19:25
Commits this week: 0
Total Lines of Code (LoC): 3,243
Net change in LoC this week: 0

Commit Activity

Commits By Day In Week
52 week commits volume
Commits By Day In Week
Commits by day
Commits By Day In Week
Commits by hour
Commits By Hour In Day
Commit calendar
 

Most active committers (90 days)

loading
loading
  • last updated 1 hour ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
Tuesday 03 Sep
5:37 pm

gustafn

merge from oacs-5-10

Options
    • -548
    • +1276
    ./xowiki-www-procs.tcl
  2. … 8099 more files in changeset.
Tuesday 27 Aug
3:16 pm

gustafn

use for includelets and web-callable parameters @query_param instead of @param

Options
    • -3
    • +3
    ./xowiki-www-procs.tcl
  2. … 2 more files in changeset.
Monday 19 Aug
3:55 pm

gustafn

reduced verbosity

Options
    • -2
    • +4
    ./xowiki-www-procs.tcl
Sunday 28 Jul
7:08 pm

gustafn

tdom: "dom parse -html" implies the "simple" parser

The flag "-simple" is not needed when parsing with the flag "-html". This meanse

that

dom parse -simple -html ...

is equivalent with

dom parse -html ...

Options
    • -2
    • +2
    ./xowiki-www-procs.tcl
  2. … 3 more files in changeset.
7:00 pm

gustafn

Always use "--" in "dom parse" when document is interpolated

This is a safety measure to make sure that the document parsed is

never confused with an option, when the document starts with a "-". In

the best case, the error message provided by "dom parse" might be

misleading. This might be a problem for user contributed documents

(passed as variables, or return values from functions).

The double dash is supported in tdom since version 0.9.0.

Options
    • -2
    • +2
    ./xowiki-www-procs.tcl
  2. … 18 more files in changeset.
Monday 15 Jul
2:04 pm

gustafn

improved spelling

Options
    • -2
    • +2
    ./xowiki-www-procs.tcl
  2. … 14 more files in changeset.
Friday 31 May
1:34 pm

gustafn

improved spelling

Options
    • -3
    • +3
    ./xowiki-www-procs.tcl
  2. … 1 more file in changeset.
Monday 04 Mar
12:44 pm

antoniop

Fix variable name

Options
    • -2
    • +2
    ./xowiki-www-procs.tcl
Tuesday 30 Jan
6:18 pm

gustafn

Reduced attack vectors for query and form variables while keeping semantics

- improve form_parameter and query variable validation

- revert partly change: it is intentional that in case of validation errors, the

instances variables of the in-memory object contain invalid data in order

to be able to show the use the invalid data in the form.

- prefer "string first" idiom over regular expression

Options
    • -54
    • +49
    ./xowiki-www-procs.tcl
5:35 pm

antoniop

Fix typo

Options
    • -2
    • +1
    ./xowiki-www-procs.tcl
Tuesday 23 Jan
2:20 pm

antoniop

Revert to an approach that will not change the [self] object, which has unexpected consequences

Options
    • -2
    • +9
    ./xowiki-www-procs.tcl
Monday 22 Jan
3:52 pm

antoniop

Use a better idiom to revert changes on the object, that e.g. will handle the same arrays and variables

Options
    • -4
    • +2
    ./xowiki-www-procs.tcl
Wednesday 20 Dec 2023
2:13 pm

antoniop

Port of downstream modification:

do not restrict the format the user can supply. Sanitize the filename later and complain only if this is made exclusively of invalid characters.

Options
    • -2
    • +12
    ./xowiki-www-procs.tcl
12:04 pm

antoniop

get_form_data reform:

when validation fails, revert all changes performed on the object while filling up the form fields.

Rationale: when validation fails, we do not persist the data. The same we should not let unvalidated data sneak into the object, as this may be e.g. displayed on the page or be otherwise used by the system.

Options
    • -1
    • +15
    ./xowiki-www-procs.tcl
Thursday 14 Dec 2023
10:57 am

antoniop

Do not retrieve extra_css from query_parameters, as this is vulnerable to injections

Many thanks to Markus Moser

Options
    • -2
    • +4
    ./xowiki-www-procs.tcl
Friday 24 Nov 2023
1:56 pm

antoniop

Fix syntax of new oneof value checker

Options
    • -3
    • +3
    ./xowiki-www-procs.tcl
  2. … 1 more file in changeset.
Thursday 23 Nov 2023
12:14 pm

antoniop

Validate nls_language so that the only values allowed are existing enabled locales

Options
    • -3
    • +15
    ./xowiki-www-procs.tcl
  2. … 1 more file in changeset.
Thursday 14 Sep 2023
12:26 am

gustafn

move "-destroy_on_cleanup" towards the end of the parameter list

This change improves protection about ambiguous user input

Options
    • -4
    • +5
    ./xowiki-www-procs.tcl
  2. … 8 more files in changeset.
Thursday 25 May 2023
2:27 pm

trenner

use wordchar instead of word

Options
    • -4
    • +4
    ./xowiki-www-procs.tcl
Friday 12 May 2023
8:16 pm

gustafn

intensify validation of form variables

Options
    • -7
    • +7
    ./xowiki-www-procs.tcl
  2. … 1 more file in changeset.
Wednesday 29 Mar 2023
4:12 pm

antoniop

Update api

Options
    • -7
    • +5
    ./xowiki-www-procs.tcl
Monday 27 Feb 2023
7:48 pm

gustafn

Use signed value for form_parameter "__object_name"

Bumped version number to 5.10.1d40

Options
    • -7
    • +7
    ./xowiki-www-procs.tcl
  2. … 3 more files in changeset.
Wednesday 22 Feb 2023
1:57 pm

gustafn

increased value checking for paramter that might be influenced by user input

Options
    • -2
    • +2
    ./xowiki-www-procs.tcl
  2. … 8 more files in changeset.
Thursday 15 Dec 2022
8:30 pm

gustafn

improved checking of parameter values, which might be influenced via query parameters

Options
    • -7
    • +7
    ./xowiki-www-procs.tcl
  2. … 6 more files in changeset.
Wednesday 30 Nov 2022
9:36 am

gustafn

reduce verbosity

Options
    • -2
    • +2
    ./xowiki-www-procs.tcl
Tuesday 08 Nov 2022
2:24 pm

gustafn

Added support for passing parameter_name:value_constraint to xowiki::Package->get_parameter

- The get_parameter method can get values from query-parameters, therefore

we have to validate these.

- Use the new feature at several places (especially for boolean values)

- Still, more places should be checked

- bumped xowiki to 5.10.1d37

- bumped xotcl-core to 5.10.1d14

Options
    • -10
    • +10
    ./xowiki-www-procs.tcl
  2. … 10 more files in changeset.
Monday 17 Oct 2022
4:24 pm

trenner

query_parameter_return_url is defined on the package

Options
    • -2
    • +2
    ./xowiki-www-procs.tcl
Tuesday 11 Oct 2022
3:20 pm

gustafn

improve spelling

Options
    • -3
    • +5
    ./xowiki-www-procs.tcl
  2. … 7 more files in changeset.
Tuesday 04 Oct 2022
5:00 pm

antoniop

Validate field names when these might come directly from the POST request and therefore contain arbitrary text

Options
    • -3
    • +20
    ./xowiki-www-procs.tcl
Tuesday 13 Sep 2022
11:56 am

antoniop

Fix typo in comment

Options
    • -2
    • +2
    ./xowiki-www-procs.tcl