antoniop in OpenACS

About

4,010 commits
  • Committer is not mapped to a user
  • First commit: 20 November 2006
  • Last commit: 25 April 2024
Last Week All Time
Commits: 0 4,010
Files changed: 0 4,276
Change in LOC: 0 29,765

Line History

Line Count Graph
Line Count Graph

Commit Activity

Commits By Day In Week
52 week commits volume
Commits By Day In Week
Commits by day
Commits By Day In Week
Commits by hour
Commits By Hour In Day
Commit calendar
 
Thursday 25 Apr
3:50 pm

antoniop

Make test more robust in setups where we cache permissions

Options
    • -2
    • +39
    /openacs-4/packages/acs-tcl/tcl/test/test-permissions-procs.tcl
3:11 pm

antoniop

Cleanup commented code

Options
    • -5
    • +1
    /openacs-4/packages/acs-subsite/tcl/group-procs.tcl
Wednesday 24 Apr
4:32 pm

antoniop

Only allow valid privileges in the privs parameter

Options
    • -0
    • +17
    /openacs-4/packages/acs-subsite/www/permissions/perm-include.tcl
12:40 pm

antoniop

Implement a package-specific page contract filter to collect current (and future) security fixes

Options
    • -1
    • +39
    /openacs-4/packages/general-comments/tcl/general-comments-procs.tcl
    • -29
    • +2
    /openacs-4/packages/general-comments/www/comment-add-2.tcl
    • -19
    • +2
    /openacs-4/packages/general-comments/www/comment-edit-2.tcl
12:25 pm

antoniop

Reject frames and iframes in the content

Options
    • -2
    • +12
    /openacs-4/packages/general-comments/www/comment-add-2.tcl
Tuesday 23 Apr
6:21 pm

antoniop

Prevent sneaking symlinks in the content repository

Many thanks to Thomas Rennner and Günter Ernst for analyzing the issue

Options
    • -1
    • +11
    /openacs-4/packages/acs-content-repository/tcl/content-procs.tcl
4:43 pm

antoniop

cr_write_content reform

when serving files, do not trust the content information, as the absolute path to the file can be determined programmatically in this case.

This also reduce divergency between Oracle and Postgres

Options
    • -8
    • +0
    /openacs-4/packages/acs-content-repository/tcl/revision-procs-oracle.xql
    • -8
    • +0
    /openacs-4/packages/acs-content-repository/tcl/revision-procs-postgresql.xql
    • -14
    • +9
    /openacs-4/packages/acs-content-repository/tcl/revision-procs.tcl
1:06 pm

antoniop

Implement a new filter for inclass-exam submissions

When displayed by the print-answers method, allow to filter also for not graded.

Options
    • -10
    • +10
    /openacs-4/packages/xowf/xowf.info
    • -0
    • +1
    /openacs-4/packages/xowf/catalog/xowf.de_DE.ISO-8859-1.xml
    • -0
    • +1
    /openacs-4/packages/xowf/catalog/xowf.en_US.ISO-8859-1.xml
    • -0
    • +1
    /openacs-4/packages/xowf/catalog/xowf.it_IT.ISO-8859-1.xml
    • -0
    • +7
    /openacs-4/packages/xowf/tcl/test-item-procs.tcl
    • -11
    • +24
    /openacs-4/packages/xowf/www/resources/inclass-exam.js
Wednesday 27 Mar
12:46 pm

antoniop

Expand permission test suite to include definition of custom privileges in a couple of setups

Options
    • -11
    • +221
    /openacs-4/packages/acs-tcl/tcl/test/test-permissions-procs.tcl
Tuesday 26 Mar
10:10 am

antoniop

Provide an automated test of "advanced" permission features: permission inheritance via group, or via the permission context

Options
    • -1
    • +203
    /openacs-4/packages/acs-tcl/tcl/test/test-permissions-procs.tcl
Friday 22 Mar
4:06 pm

antoniop

Use a simpler approach to achieve the intended result, which does not rely on events

Options
    • -19
    • +8
    /openacs-4/packages/xowiki/tcl/chat-procs.tcl
Wednesday 20 Mar
12:25 pm

antoniop

Keep comments on the server side

Options
    • -7
    • +10
    /openacs-4/packages/xowiki/tcl/chat-procs.tcl
11:24 am

antoniop

Ensure chat javascript is executed only when the chat itself is actually a part of the DOM

This may not be the case at the time of rendering, e.g. because the chat is rendered inside of a <template> tag and appended to the document at a later moment.

Options
    • -2
    • +19
    /openacs-4/packages/xowiki/tcl/chat-procs.tcl
Tuesday 19 Mar
11:47 am

antoniop

Untangle if logics

Options
    • -23
    • +30
    /openacs-4/packages/acs-tcl/tcl/text-html-procs.tcl
11:46 am

antoniop

Reject URLs displaying multiple protocols

Options
    • -1
    • +27
    /openacs-4/packages/acs-tcl/tcl/text-html-procs.tcl
11:44 am

antoniop

Test further improvement of injection attempt by penetration tests

Options
    • -0
    • +10
    /openacs-4/packages/acs-tcl/tcl/test/text-html-procs.tcl
Monday 18 Mar
2:24 pm

antoniop

Harden page contract

Options
    • -2
    • +2
    /openacs-4/packages/acs-subsite/www/permissions/one.tcl
    • -3
    • +3
    /openacs-4/packages/acs-subsite/www/permissions/toggle-inherit.tcl
2:13 pm

antoniop

Strenghten validation against smarter attempts to disguise the javascript: protocol

Options
    • -10
    • +17
    /openacs-4/packages/acs-tcl/tcl/text-html-procs.tcl
2:12 pm

antoniop

Replicate a smarter attempt by a penetration tool to disguise the javascript: protocol

Options
    • -11
    • +24
    /openacs-4/packages/acs-tcl/tcl/test/text-html-procs.tcl
Monday 04 Mar
4:46 pm

antoniop

Harden page contracts

Options
    • -2
    • +16
    /openacs-4/packages/calendar/www/cal-item-new.tcl
    • -2
    • +2
    /openacs-4/packages/calendar/www/cal-item-view.tcl
4:14 pm

antoniop

Prefer more robust colon notation to quote database values

Options
    • -1
    • +1
    /openacs-4/packages/xowf/tcl/xowf-procs.tcl
3:10 pm

antoniop

We replace spaces with "&nbsp" for Safari, but then convert will fail in the test... clean up the entities before trying to convert

Options
    • -1
    • +15
    /openacs-4/packages/captcha/tcl/test/captcha-procs.tcl
12:44 pm

antoniop

Fix variable name

Options
    • -2
    • +2
    /openacs-4/packages/xowiki/tcl/xowiki-www-procs.tcl
Friday 01 Mar
3:54 pm

antoniop

Calculate the width before quoting is applied and refine the heuristic

Options
    • -7
    • +7
    /openacs-4/packages/captcha/tcl/captcha-procs.tcl
3:42 pm

antoniop

Fix capctha rendering on iOS devices, where apparently spaces need to be translated to entities

Options
    • -3
    • +10
    /openacs-4/packages/captcha/tcl/captcha-procs.tcl
2:21 pm

antoniop

Fix captcha responsiveness

Options
    • -4
    • +4
    /openacs-4/packages/captcha/tcl/captcha-procs.tcl
Thursday 29 Feb
2:19 pm

antoniop

Update italian localization

Options
    • -2
    • +2
    /openacs-4/packages/acs-subsite/acs-subsite.info
    • -0
    • +1
    /openacs-4/packages/acs-subsite/catalog/acs-subsite.it_IT.ISO-8859-1.xml
    • -2
    • +2
    /openacs-4/packages/xowf/xowf.info
    • -0
    • +5
    /openacs-4/packages/xowf/catalog/xowf.it_IT.ISO-8859-1.xml
    • -2
    • +2
    /openacs-4/packages/xowiki/xowiki.info
    • -0
    • +3
    /openacs-4/packages/xowiki/catalog/xowiki.it_IT.ISO-8859-1.xml
1:58 pm

antoniop

Introduce server-side validation for HTML5 date and time formfields

A "formats" parameter can be specified on the formfields indicating one or more formats that we want to enforce. The syntax for any of such format is that of the Tcl clock command.

Default values have been set according to the expected behavior of each form field type.

Empty values are always considered valid. If a field is required, this will be enforced in its own validator.

Options
    • -2
    • +2
    /openacs-4/packages/xowiki/xowiki.info
    • -0
    • +3
    /openacs-4/packages/xowiki/catalog/xowiki.de_DE.ISO-8859-1.xml
    • -0
    • +3
    /openacs-4/packages/xowiki/catalog/xowiki.en_US.ISO-8859-1.xml
    • -11
    • +69
    /openacs-4/packages/xowiki/tcl/form-field-procs.tcl
1:53 pm

antoniop

Test behavior of HTML5 date and time formfields when invalid values are submitted

Options
    • -0
    • +186
    /openacs-4/packages/xowiki/tcl/test/xowiki-test-procs.tcl
Wednesday 28 Feb
2:36 pm

antoniop

"An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can remove its sandboxing"

See e.g. https://cloud.google.com/blog/products/data-analytics/iframe-sandbox-tutorial

We set in xooauth/tcl/lti-procs.tcl a restrictive default (all sandboxing restrictions are applied by default). Users should relax it according to their embedded application.

xooauth/www/admin/lti-test.tcl is not really a productive file, so we set the already hardcoded value to no-sandboxing and note that this would be appropriate.

Options
    • -1
    • +1
    /openacs-4/packages/xooauth/tcl/lti-procs.tcl
    • -7
    • +8
    /openacs-4/packages/xooauth/www/admin/lti-test.tcl