• last updated 45 mins ago
Constraints: committers
Constraints: files
Constraints: dates
fixed broken indentation and broken nesting

    • -1149
    • +1148
fixed indentation of braces

fix incorrect nesting in switch statements

added "variable" declaration to avoid potential namespace confusion

Introduce util::complete_location

This utility is meant to require the value of the Location header in an HTTP response to be completed vith the host coming from a reference complete URL, which is normally that of the redirected request.

It is intended for use in the context of HTTP client APIs, where we want to handle server responses affected by https://www.rfc-editor.org/rfc/rfc7231#section-7.1.2

avoid redirect

use original provided host-header-field in log statement

escape variable in log statement

Cleanup obsolete queries

Fix another variable name after refactoring

Do not assume lob as storage backend for the email image and rely on the api

Add reference to further context about this feature

Don't reset the upload timeout on audio uploads

Make "standard" the default preset we apply to richtext editors

This is needed to have consistent site-wide default settings coming from the tcl level, such as connection context information and more.

Render richtext as div reform

Some richtext editors, such as TinyMCE in inline mode, do not expect

to enhance a textarea, but a div.

We could already override the rendering in the richtext editor

subclass, but this has the consequence that inheritance would be

interrupted. This prevents from plugging behavior in subclasses of the

richtext formfield.

This reform refactors render_richtext_as_div from the richtext

formfield into render_as_div on the textarea class. It also supports a

flag for subclasses to instruct the superclass that they should render

the field as div AFTER the whole inheritance chain was applied.

Do not assume the repeated field will be attached as a direct child of the observed element

This is not the case in some downstream implementations

Include the attribute to identify a repeated field also when we render richtext as div

Port of downstream modification in place since at least 2012

When parsing XoWiki links, accept links in the form [[link|| -flag1 flagvalue]], where the label is set to empty.

    • -2
    • +2
Port of downstream fix by Markus Moser on live since 2022-09-21

Fix regression after disabled formfield reform

Fix variable name after refactoring

fixed typo

Updated location handling

- make use of "ns_server hosts" when available

- refactored and simplified code

- keep validated locations in an nsv array

- added support for extra white-listed hosts

in case, every other configuration fails

(should not be necessary)

ns_section ns/server/$server/acs {

ns_param whitelistedHosts {...}


- updated inline documentation

The new code is supposed to handle in combination of a recent NaviServer

all complex host header validation scenarios, include running behind a proxy,

in a container or cluster.

Updated icanuse registry

- added "ns_ip", "ns_subnetmatch", and "ns_server hosts"

- sorted commands alphabetically

whitespace changes

    • -19
    • +19
modernize code

moved long time deprecated function "ad_approval_system_inuse_p" to deprecated-procs

    • -18
    • +1
Improved comments and make code more robust in regards of legacy setups

Added support for relative redirects

RFC 2616 requires an absolute URI in the "Location" header field. So

if someone calls "ns_returnredirect /", NaviServer transforms it on

the fly into an absolute URL by prefixing it with the location

(e.g. https://openacs.org/). NaviServer (and OpenACS) has some complex

code to compute the location value, especially when virtual servers

are involved (or for "host-node mapped" subsites in OpenACS). The

situation is further complicated when running behind a reverse proxy

and/or in a containerized environment. In such cases, the location is

computed from the "host" request header field, which must be

validated, otherwise an attacker could hijack a session and redirect

it to a spoofed site.

The situation changed 10 years ago (June 2014) with the introduction

of RFC 7231, which allows relative redirects (see

https://www.rfc-editor.org/rfc/rfc7231#section-7.1.2). Using relative

redirects greatly simplifies configuration and closes the attack

vector using the host header field. RFC 7231 has been superseded by

RFC 9110 (June 2022), which also supports relative redirects via the

"location" response header field (see


Since OpenACS prefixed always the URL with a location, when it

encounters are relative URL in a "ad_returnredirect", this change

makes use of the new feature of NaviServer 5.

Make sure to use a current version of NaviServer, where the support

was added recently.

Document more explicitly that we do not perform filesystem operations when deleting files via the fs:: api, but we rely on the content repository and its trigger+scheduled proc mechanism

Document behavior: the assumption that one can derive the filename from the api is not correct in case of copies