• last updated 1 hour ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
- revert escaped change

- backport of fix for issue #3250

- fix for issue #3250

- improve validity and security of HTML of admin pages

- fix validity of HTML

- improve validity and security of HTML of admin pages

- improve page_contracts

  1. … 24 more files in changeset.
- improve validity of HTML

- improve validity and security of HTML of admin pages

- use type checking for boolean parameters in page_contracts to improve security

- use type checking for boolean parameters in page_contracts to improve security

    • -2
    • +2
    /openacs-4/packages/news/www/item-create-3.tcl
    • -2
    • +2
    /openacs-4/packages/news/www/item-create.tcl
- use type checking for boolean parameters in page_contracts to improve security

  1. … 6 more files in changeset.
- use type checking for boolean parameters in page_contracts to improve security

- use type checking for boolean parameters in page_contracts to improve security

  1. … 15 more files in changeset.
- add tcltrace procs, deactivated by default, can be activated via package parameter "TclTraceLogServerities" and "TclTraceSaveNsReturn" of acs-tcl "Tcl Library". This additions allows to add actions, whenever "ns_log" or "ns_return" are called.

The trace for "ns_log" adds the selected log entries to be reported via the developer support.

The trace for "ns_return" captures the output of the server returned via "ns_return" in files, which are useful for HTML validation (e.g. via the W3C validator)

    • -7
    • +15
    /openacs-4/packages/acs-tcl/acs-tcl.info
    • -0
    • +26
    /openacs-4/packages/acs-tcl/tcl/tcltrace-init.tcl
    • -0
    • +71
    /openacs-4/packages/acs-tcl/tcl/tcltrace-procs.tcl
- fix validity of HTML

- add a <p> tag around paragraph

- fix HTML markup

- remove deprecated HTML markup

- provde "ad_urlencode_query" similar to "ad_urlencode_path"

- map exporting of form-vars to quer-vars more robust (for values starting with dashes)

- fix validation of HTML

- fix quoting of href

- remove xss attack vector via error messages while including templates

- perform minimal safety checks on dates passed to weblog

    • -1
    • +8
    /openacs-4/packages/xowiki/tcl/weblog-procs.tcl
- use type checking for boolean parameters in page_contracts to improve security

- make layout more robust

- start autogenerated ids with characters

- provide defaults for Content-Style-Type and Content-Script-Type

- fix HTML attribute quoting

- one more case of HTML attribute quoting

- fix more HTML attribute quoting