• last updated 3 hours ago
Constraints: committers
Constraints: files
Constraints: dates
fix broken util::word_diff and add regression test

The function was already broken before the change of today,

removing the needed for a pipe open.

  1. … 1 more file in changeset.
reduce cases of tcl pipe open in acs-core

AFIKT, the semantics are the same.

For background, see: https://openacs.org/forums/message-view?message_id=5539060

  1. … 1 more file in changeset.
mitigate attacks, where the referer header field is changed to a malicious value

The problem does not exist, when CSP is defined properly.

Many thanks to Frank Bergmann for sharing the pen-test protocol

  1. … 2 more files in changeset.
improve spelling

provide a fork-free implementation of dot rendering

Improved spelling

  1. … 1 more file in changeset.
improve documentation

break overlong lines and improve comments

improve spelling

Reduce usage of ns_mktemp in OpenACS

ns_mktemp uses the deprecated old POSIX call mktemp(), which should

not be used anymore for security reasons (race between the name

creation and opening the file). This change removes several usages of

"ns_mktemp" from OpenACS and replaces it with calls to the

safe Tcl call "file tempfile ..." (introduced by Tcl 8.6).

  1. … 7 more files in changeset.
Adapt 'ad_urlencode_url' to the new 'ns_parseurl' stricter behavior

Make so that also party::update enforces emails to be lowercase, add/extend automated tests to make sure emails are lowercase everywhere

  1. … 2 more files in changeset.
Refine regex and extend tests

  1. … 1 more file in changeset.
Make the check for relative URLs less strict to cover some valid cases (see RFC 1808) and extend test cases.

  1. … 1 more file in changeset.
Add the 'relative' flag to 'util_url_valid_p', to check also relative URLs. Extend 'acs_tcl__util_url_valid_p' test case and bump package version.

  1. … 2 more files in changeset.
Refine URL validation regexp and extend 'acs_tcl__util_url_valid_p' test case.

  1. … 1 more file in changeset.
Replace regexp for mail validation by the version proposed by mozilla for the email input type validation, and increment the test cases for valid/invalid emails. Thanks to Günter Ernst for the pointers.

  1. … 1 more file in changeset.
Remove message keys sanitizing, which does not belong here

improved spelling

  1. … 5 more files in changeset.
new variant of zip_file_contains_valid_filenames independent of "unuip -l"

unfortunately the behavior of "unzip -l" differs not only between

macOS and Linux, but even between different linux families, although

showing the same version.

fix typo

improve handling of zip files that contain filenames, which are not valid UTF-8

added minor debugging aids, make disk-cache more similar to ns_cache

  1. … 2 more files in changeset.
Remove extra url decoding, ns_parsequery embeds it already

Use naviserver api to parse URL variables

  1. … 3 more files in changeset.
Use built-in "ns_parsequery" instead of manual parsing of query parameters

fix util::external_url_p when security::locations returns empty element

Make api public, complies with acs-api-browser.graph__bad_calls automated test

  1. … 4 more files in changeset.
mark unused functions as deprecated

  1. … 1 more file in changeset.
support multiple argument messages for ad_log to improve compatibility with ns_log