OpenACS

Tools

Line History

Line Count Graph
Line Count Graph

Stats

Commits this week: 1
Total Committers: 146
Last Commit: 14 May
Commits this week: 1
Total Lines of Code (LoC): 7,561,726
Net change in LoC this week: 0

Commit Activity

Commits By Day In Week
52 week commits volume
Commits By Day In Week
Commits by day
Commits By Day In Week
Commits by hour
Commits By Hour In Day
Commit calendar
 

Most active committers (90 days)

loading
loading
  • last updated 15 hours ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
Wednesday 14 May
11:21 am

gustafn

replaced hard-coded postgres version numbers, that were introduced for testing

Options
    • -2
    • +2
    /openacs-4/packages/acs-admin/www/posture-overview.tcl
Monday 05 May
6:36 pm

gustafn

fix for "security::get_secure_qualified_url" when no an old-style servername is used

Options
    • -6
    • +27
    /openacs-4/packages/acs-tcl/tcl/security-procs.tcl
Sunday 04 May
6:53 pm

mischa

Fix variable name

Options
    • -2
    • +2
    /openacs-4/packages/acs-subsite/tcl/rel-types-procs.tcl
Tuesday 29 Apr
4:15 pm

gustafn

bumped highcharts version to 12.2.0

Options
    • -2
    • +2
    /openacs-4/packages/highcharts/highcharts.info
    • -2
    • +2
    /openacs-4/packages/highcharts/tcl/resource-procs.tcl
3:11 pm

gustafn

don't raise an exception, when invalid host header field is provided

Since this happens often with introsion attempts, provide a security warning.

Options
    • -2
    • +9
    /openacs-4/packages/acs-tcl/tcl/security-procs.tcl
3:09 pm

gustafn

use "ns_log security" when available

Options
    • -3
    • +3
    /openacs-4/packages/acs-tcl/tcl/security-init.tcl
3:08 pm

gustafn

cleared editor buffer

Options
    • -1
    • +1
    /openacs-4/packages/acs-tcl/tcl/00-icanuse-procs.tcl
2:59 pm

gustafn

added: icanuse "ns_log security"

Options
    • -0
    • +1
    /openacs-4/packages/acs-tcl/tcl/00-icanuse-procs.tcl
Thursday 24 Apr
5:56 pm

gustafn

new feature: added database vulnerability checks to posture overview

Extended the /acs-admin/posture-overview page to include known CVEs

for both the database client library and the database server in

use. Previously, the overview displayed privacy and privilege analyses

and flagged vulnerable JavaScript libraries; it now also surfaces

database‐related vulnerabilities.

* Leverage the NaviServer–nsdbpg API to fetch and display client‐ and

server‐side version numbers

* Drive this feature via a database‐agnostic interface—only the nsdbpg

driver currently returns versions, but support for other databases

can be added by updating their drivers (no NaviServer core changes

required)

To use this new feature, use the latest NaviServer and nsdbpg releases.

Otherwise, the section "Database Vulnerability Check" won't appear.

Options
    • -0
    • +52
    /openacs-4/packages/acs-admin/www/posture-overview.adp
    • -3
    • +63
    /openacs-4/packages/acs-admin/www/posture-overview.tcl
    • -7
    • +76
    /openacs-4/packages/acs-tcl/tcl/utilities-procs.tcl
Friday 11 Apr
2:13 pm

gustafn

Adjusted results for file updates

Many thanks to Khy H.

For details, see https://openacs.org/forums/message-view?message_id=7412487

Options
    • -5
    • +11
    /openacs-4/packages/richtext-ckeditor4/tcl/ckfinder-init.tcl
Thursday 03 Apr
7:11 pm

gustafn

Fixed snyk vulnerability check

Snyk page has changed, we have to switch the pattern we are looking for.

Options
    • -2
    • +2
    /openacs-4/packages/acs-tcl/tcl/utilities-procs.tcl
7:06 pm

gustafn

bump version numbers

- update upstream version to 7.6.1

- bump package number to 2.1.8

Options
    • -2
    • +2
    /openacs-4/packages/richtext-tinymce/richtext-tinymce.info
    • -2
    • +2
    /openacs-4/packages/richtext-tinymce/tcl/richtext-procs.tcl
Wednesday 02 Apr
10:58 am

gernst

Do not modify posted form data when logging the request. In addition mask log output for all fields having password in their name

Options
    • -6
    • +9
    /openacs-4/packages/acs-tcl/tcl/utilities-procs.tcl
Wednesday 12 Mar
3:34 pm

gustafn

set focus via HTML "autofocus" attribute

Options
    • -3
    • +4
    /openacs-4/packages/acs-subsite/www/shared/parameters.tcl
10:57 am

gustafn

improved comments

Options
    • -12
    • +13
    /openacs-4/packages/acs-subsite/lib/login.tcl
10:52 am

gustafn

added a log message, when login page expires (happens seldomly)

Options
    • -0
    • +1
    /openacs-4/packages/acs-subsite/lib/login.tcl
10:45 am

gustafn

Enhanced security logging and debugging in security-procs.tcl

- Updated the internal log procedure to accept multiple arguments (using join) for more flexible logging.

- Replace several ns_log calls with ::security::log to standardize logging of session_id, login_cookie, timeout, and other events.

- Add additional log statements in critical functions (e.g. sec_handler, sec_setup_session, __ad_verify_signature, and CSRF token handling)

to provide better traceability of session allocation, cookie generation, session invalidation, and signature verification.

- Improve debug output for CSRF token generation and verification, including logging differences in computed hash values.

Options
    • -14
    • +32
    /openacs-4/packages/acs-tcl/tcl/security-procs.tcl
10:13 am

gustafn

added debugging hook for tracing CSRF livecyle

Options
    • -0
    • +1
    /openacs-4/packages/acs-tcl/tcl/form-processing-procs.tcl
10:11 am

gustafn

improved log messages to pinpoint location and reason

Options
    • -2
    • +2
    /openacs-4/packages/acs-tcl/tcl/01-database-procs.tcl
    • -2
    • +2
    /openacs-4/packages/xotcl-core/tcl/05-db-procs.tcl
Tuesday 11 Mar
7:44 pm

gustafn

removed manual default entries from the info texts.

The actual default value is displayed by the parameter page, there is no need

to duplicate this information.

Options
    • -3
    • +3
    /openacs-4/packages/acs-kernel/acs-kernel.info
    • -7
    • +7
    /openacs-4/packages/xotcl-request-monitor/xotcl-request-monitor.info
7:30 pm

gustafn

New feature: Display defaults together with actual values in parameter page.

This features makes it easier to see, what paramters were changed locally from

the defaults, without relying on the info messages.

Options
    • -3
    • +6
    /openacs-4/packages/acs-subsite/www/shared/parameters.tcl
    • -5
    • +5
    /openacs-4/packages/acs-subsite/www/shared/parameters.xql
Monday 03 Mar
9:26 am

gustafn

fixed variable name

Options
    • -3
    • +3
    /openacs-4/packages/acs-tcl/tcl/utilities-procs.tcl
Friday 28 Feb
2:41 pm

gustafn

provent passwords from form being logged via ad_log

Options
    • -18
    • +11
    /openacs-4/packages/acs-tcl/tcl/utilities-procs.tcl
Monday 17 Feb
3:36 pm

hectorr

Replace deprecated proc call

Options
    • -2
    • +2
    /openacs-4/packages/notifications/www/request-new.tcl
3:34 pm

hectorr

Fix proc doc

Options
    • -2
    • +2
    /openacs-4/packages/notifications/tcl/notification-procs.tcl
Friday 14 Feb
2:12 pm

hectorr

Whitespace changes

Options
    • -1
    • +1
    /openacs-4/packages/xooauth/tcl/ms-procs.tcl
2:11 pm

hectorr

New method 'group renew' for the MS Graph API support.

Options
    • -0
    • +16
    /openacs-4/packages/xooauth/tcl/ms-procs.tcl
Friday 07 Feb
3:46 pm

antoniop

Introduce SSE notifications on the page, but bind their availability and usage to a package parameter set to false by default

Options
    • -10
    • +13
    /openacs-4/packages/notifications/notifications.info
    • -1
    • +12
    /openacs-4/packages/notifications/www/request-new.tcl
    • -1
    • +3
    /openacs-4/www/blank-master.adp
    • -1
    • +7
    /openacs-4/www/blank-master.tcl
11:29 am

antoniop

Improve documentation

See https://openacs.org/forums/message-view?message_id=7395335

Options
    • -4
    • +9
    /openacs-4/packages/acs-templating/tcl/widget-procs.tcl
Thursday 06 Feb
4:55 pm

antoniop

Provide a Notification API implementation for rendering notifications obtained via the SSE backend

This include should be used e.g. on the website master so that SSE notifications are displayed whenever occurring. We do not do it by default for now.

Options
    • -0
    • +50
    /openacs-4/packages/notifications/lib/notification-sse.adp