• last updated 5 hours ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
reduce verbosity

Modernize logic for protecting against cached passwords from forms,

when users log out and other users use the back button (for Nora).

- switch to more modern caching prevention

- add CSRF protection to login form against forgery requests

- none of the cache-preventing mechanisms helps when the user

stores the password in the browser (no change to the past).

- For admins of existing sites: alter kernel parameter

"LoginPageExpirationTime" to 0 make use of this feature

  1. … 2 more files in changeset.
simplify expression

obtain default authority_id via "auth::authority::get"

  1. … 3 more files in changeset.
fix example in documentation and small code cleanup

  1. … 4 more files in changeset.
Use I18n messages for email and username

delete unneeded .xql files

  1. … 25 more files in changeset.
Use consistently ad_script_abort after ad_return_error.

Break long lines

  1. … 24 more files in changeset.
make sure to call ad_script_abort after ad_returnredirect

  1. … 13 more files in changeset.
Bug fix: avoid confusion between command argument and option, when argument starts with "-"

  1. … 80 more files in changeset.
merged changes from the oacs-5-9 branch and resolved conflicts

  1. … 7820 more files in changeset.
Improve internationalization

  1. … 2 more files in changeset.
Localize group actions (port of work by Monika Andergassen)

  1. … 3 more files in changeset.
Provide more infrastructure support for host-node-maps for more flexible domain handling

- add optional -cookie_domain parameter to the following functions

ad_user_login

ad_user_logout

sec_generate_session_id_cookie

auth::issue_login (wrapper for ad_user_login)

if not specified, the functions are full backward compatible

- add optional parameter -host_node_id to auth::authenticate

which refers to the node_id in the host-node-map

- pass host_node_id from from/to register pages

TODO:

1) probably, sec_generate_session_id_cookie picks up the wrong

session_id via [ad_conn session_id]

2) check interaction with CookieDomain (probably, we need

must not pass host_node_id wheren CookieDomain is non-empty)

  1. … 6 more files in changeset.
- replace "<include ... />" by "<include ... >", since adp parser in

AOLserver and NaviServer passes "/" as argument to the adp-include.

  1. … 4 more files in changeset.
- modernize HTML in .adp files

  1. … 41 more files in changeset.
- validate email

- add simple validator for email addresses

- add simple validator for email addresses

- protect against certain characters in return_url (the real solution is probably a fix in ad_form, which could cause some collateral damage)

  1. … 1 more file in changeset.
- prefer "localurl" over "return_url" of name of page filter

  1. … 82 more files in changeset.
- improve checking of return_urls in page_contracts

  1. … 79 more files in changeset.
- hardening validator

- add missing title property

.xql-file reform of acs-subsite:

- remove obsolete queries

email_image::new_item.new_lob_size

email_image::new_item.new_lob_size

group::member_p.group_id_from_name

subsite::default::create_app_group.group_exists

package_mounted_p

- add missing Oracle queries

acs-subsite/tcl/rel-types-procs-oracle.xql

rel_types::additional_rel_types_group_p.group_rel_type_exists

rel_types::additional_rel_types_group_type_p.group_rel_type_exists

www/admin/group-types/new-oracle.xql

select_group_supertypes

- add missing PostgreSQL queries

acs-subsite/tcl/rel-types-procs-postgresql.xql.xql

rel_types::additional_rel_types_group_p.group_rel_type_exists

- remove obsolete files

www/admin/index-oracle.xql

www/admin/index-postgresql.xql

www/admin/index.xql

www/admin/rel-types/roles/new-oracle.xql

www/admin/rel-types/roles/new-postgresql.xql

www/permissions/one.xql

www/pvt/unsubscribe-2-oracle.xql

www/pvt/unsubscribe-2-postgresql.xql

www/pvt/unsubscribe-oracle.xql

www/pvt/unsubscribe-postgresql.xql

www/pvt/unsubscribe.xql

www/register/user-new.xql

www/shared/portrait-bits-oracle.xql

www/shared/portrait-bits-postgresql.xql

www/shared/portrait-bits.xql

  1. … 26 more files in changeset.
- pass values via reference

  1. … 2 more files in changeset.
- add editor hints to keep spaces/tabs in the furture more consistent

  1. … 743 more files in changeset.
- remove globals for errorInfo and use namespace qualifiers instead

  1. … 5 more files in changeset.
- standardize argument passing to adp-includes, don't perform double i18n and double quoting

  1. … 122 more files in changeset.
- fix and standardize quoting in template properties

  1. … 390 more files in changeset.