OpenACS / openacs-4 / packages

acs-tcl

Tools

Line History

Line Count Graph
Line Count Graph

Stats

Commits this week: 0
Total Committers: 73
Last Commit: 25 Sep
Commits this week: 0
Total Lines of Code (LoC): 75,077
Net change in LoC this week: 0

Commit Activity

Commits By Day In Week
52 week commits volume
Commits By Day In Week
Commits by day
Commits By Day In Week
Commits by hour
Commits By Hour In Day
Commit calendar
 

Most active committers (90 days)

loading
loading
  • last updated 14 hours ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
Thursday 25 Sep
7:03 pm

gustafn

improved robstness when raw IP-V6 addresses are configured (rather than domain names)

backport from head

Options
    • -2
    • +5
    ./tcl/security-procs.tcl
1:28 pm

gustafn

improved robstness when raw IP-V6 addresses are configured (rather than domain names)

Options
    • -3
    • +6
    ./tcl/security-procs.tcl
Wednesday 24 Sep
5:39 pm

gustafn

bugfix(util_driver_info): reduce dependency on hardcoded driver names

- Avoid reliance on specific driver names (nsssl, nsudp, nsunix,

nsopenssl, nssocket) by falling back to generic "ns_driver info"

when available.

- Added explicit error message when "hostname" is missing on a network

driver module to prevent silent misconfiguration. This fixes a

potential infinite loop when OpenACS attempts to resolve the

"hostname" value.

This is a backport from the HEAD branch

Options
    • -3
    • +38
    ./tcl/utilities-procs.tcl
5:37 pm

gustafn

bugfix(util_driver_info): reduce dependency on hardcoded driver names

- Avoid reliance on specific driver names (nsssl, nsudp, nsunix,

nsopenssl, nssocket) by falling back to generic "ns_driver info"

when available.

- Added explicit error message when "hostname" is missing on a network

driver module to prevent silent misconfiguration. This fixes a

potential infinite loop when OpenACS attempts to resolve the

"hostname" value.

Options
    • -6
    • +41
    ./tcl/utilities-procs.tcl
5:23 pm

gustafn

added debugging hooks

Options
    • -1
    • +9
    ./tcl/security-procs.tcl
Thursday 12 Jun
7:05 pm

gustafn

improved clarity of the code and simplified structure

Options
    • -16
    • +16
    ./tcl/security-procs.tcl
Wednesday 11 Jun
11:36 am

gustafn

fix for using fallback interface and wrong results for non TLS installation

Many thanks to Antonio for flagging this and provide insights

Options
    • -3
    • +8
    ./tcl/security-procs.tcl
Sunday 08 Jun
12:58 pm

gustafn

bumped version number to allow packages to use mutiple tags from jsdelivr

Options
    • -2
    • +2
    ./acs-tcl.info
11:57 am

gustafn

::util::resources::cdnjs_get_newest_version: support cases, where multiple tags are returned

Options
    • -2
    • +3
    ./tcl/utilities-procs.tcl
Thursday 05 Jun
3:48 pm

gustafn

bumped version number to 6.0.0d4

Options
    • -2
    • +2
    ./acs-tcl.info
3:42 pm

gustafn

added support for jsdelivr, since cdnjs misses many new releases

Options
    • -1
    • +1
    ./lib/check-installed.adp
    • -3
    • +3
    ./lib/check-installed.tcl
    • -18
    • +52
    ./tcl/utilities-procs.tcl
Monday 05 May
6:37 pm

gustafn

backport from HEAD

Options
    • -2
    • +23
    ./tcl/security-procs.tcl
6:36 pm

gustafn

fix for "security::get_secure_qualified_url" when no an old-style servername is used

Options
    • -6
    • +27
    ./tcl/security-procs.tcl
Tuesday 29 Apr
3:11 pm

gustafn

don't raise an exception, when invalid host header field is provided

Since this happens often with introsion attempts, provide a security warning.

Options
    • -2
    • +9
    ./tcl/security-procs.tcl
3:09 pm

gustafn

use "ns_log security" when available

Options
    • -3
    • +3
    ./tcl/security-init.tcl
3:08 pm

gustafn

cleared editor buffer

Options
    • -1
    • +1
    ./tcl/00-icanuse-procs.tcl
2:59 pm

gustafn

added: icanuse "ns_log security"

Options
    • -0
    • +1
    ./tcl/00-icanuse-procs.tcl
Thursday 24 Apr
5:56 pm

gustafn

new feature: added database vulnerability checks to posture overview

Extended the /acs-admin/posture-overview page to include known CVEs

for both the database client library and the database server in

use. Previously, the overview displayed privacy and privilege analyses

and flagged vulnerable JavaScript libraries; it now also surfaces

database‐related vulnerabilities.

* Leverage the NaviServer–nsdbpg API to fetch and display client‐ and

server‐side version numbers

* Drive this feature via a database‐agnostic interface—only the nsdbpg

driver currently returns versions, but support for other databases

can be added by updating their drivers (no NaviServer core changes

required)

To use this new feature, use the latest NaviServer and nsdbpg releases.

Otherwise, the section "Database Vulnerability Check" won't appear.

Options
    • -7
    • +76
    ./tcl/utilities-procs.tcl
  2. … 2 more files in changeset.
Thursday 03 Apr
7:16 pm

gustafn

Fixed snyk vulnerability check (backport from HEAD)

Snyk page has changed, we have to switch the pattern we are looking for.

Bumped version number to flage the change to "upgrade from repository"

Options
    • -2
    • +2
    ./acs-tcl.info
    • -2
    • +2
    ./tcl/utilities-procs.tcl
7:11 pm

gustafn

Fixed snyk vulnerability check

Snyk page has changed, we have to switch the pattern we are looking for.

Options
    • -2
    • +2
    ./tcl/utilities-procs.tcl
Wednesday 02 Apr
10:58 am

gernst

Do not modify posted form data when logging the request. In addition mask log output for all fields having password in their name

Options
    • -6
    • +9
    ./tcl/utilities-procs.tcl
Wednesday 12 Mar
10:45 am

gustafn

Enhanced security logging and debugging in security-procs.tcl

- Updated the internal log procedure to accept multiple arguments (using join) for more flexible logging.

- Replace several ns_log calls with ::security::log to standardize logging of session_id, login_cookie, timeout, and other events.

- Add additional log statements in critical functions (e.g. sec_handler, sec_setup_session, __ad_verify_signature, and CSRF token handling)

to provide better traceability of session allocation, cookie generation, session invalidation, and signature verification.

- Improve debug output for CSRF token generation and verification, including logging differences in computed hash values.

Options
    • -14
    • +32
    ./tcl/security-procs.tcl
10:13 am

gustafn

added debugging hook for tracing CSRF livecyle

Options
    • -0
    • +1
    ./tcl/form-processing-procs.tcl
10:11 am

gustafn

improved log messages to pinpoint location and reason

Options
    • -2
    • +2
    ./tcl/01-database-procs.tcl
  2. … 1 more file in changeset.
Monday 03 Mar
9:26 am

gustafn

fixed variable name

Options
    • -3
    • +3
    ./tcl/utilities-procs.tcl
Friday 28 Feb
2:41 pm

gustafn

provent passwords from form being logged via ad_log

Options
    • -18
    • +11
    ./tcl/utilities-procs.tcl
Tuesday 04 Feb
7:15 pm

gustafn

ad_return_url: provide a positive list and a negative list for selecting included query variables

The new parameters follow the terminology of the "export_vars" command.

Options
    • -3
    • +11
    ./tcl/defs-procs.tcl
Friday 31 Jan
2:10 pm

gustafn

ad_return_url: new parameter "-exclude"

This change allows to exclude certain variables (which are e.g. considered as

confidential) from the form, which computes the return_url.

The change is based on a feature request in the OpenACS forums by Josue Cardona.

Options
    • -3
    • +5
    ./tcl/defs-procs.tcl
Sunday 19 Jan
10:01 am

gustafn

reapplied post 5-10 release fix

Many thanks to Claudio Pasolini for reporting and identifying the problem!

Options
    • -2
    • +2
    ./tcl/security-procs.tcl
9:54 am

gustafn

fixed bug security::validated_host_header

Many thanks to Claudio Pasolini for reporting and identifying the problem!

Options
    • -2
    • +2
    ./tcl/security-procs.tcl