OpenACS / openacs-4 / packages / xotcl-core

tcl

Tools

Line History

Line Count Graph
Line Count Graph

Stats

Commits this week: 0
Total Committers: 14
Last Commit: 11:15
Commits this week: 0
Total Lines of Code (LoC): 17,730
Net change in LoC this week: 0

Commit Activity

Commits By Day In Week
52 week commits volume
Commits By Day In Week
Commits by day
Commits By Day In Week
Commits by hour
Commits By Hour In Day
Commit calendar
 

Most active committers (90 days)

loading
loading
  • last updated a few minutes ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
Tuesday 22 Oct
11:03 am

gustafn

Improvded API browser documentation for NX methods

- Include NX content from acs* packages in online documentation

- determining source files where classes are defined

- extending type information for postional an non-positional arguments in API browser

Options
    • -28
    • +30
    ./03-doc-procs.tcl
  2. … 3 more files in changeset.
10:46 am

gustafn

make sure, the provided user_id is an integer

Options
    • -2
    • +2
    ./policy-procs.tcl
Wednesday 16 Oct
11:21 am

gustafn

Added code to skip suspicious looking query variables

On openacs.org, we are experiencing numerous requests with

multiply very long and strange query variables like in the example

below. So far, it is not clear, whether these requests are the

consequence of a double encoding or a deliberate attack. Many (most)

of the requests contain the query variable names containing the

(decoded) pattern "*amp;*".

This is a relatively new phenomenon. I cannot exclude that this is a

bug introduced lately in OpenACS, or a bug in an external bot, or

whatever. The problem with these query variables is that OpenACS

propagates these further, e.g., when updating query variables in

ad_dimensional, via export_vars, or return_urls.

Since OpenACS never uses these query-variables, these can be safely

skipped, without loosing functionality in OpenACS. It is possible to

construct examples, where skipping such variables can change the

semantics. Therefore, the change introduces a single function

util::suspicious_query_variable where in case of problems, the

skipping feature can be deactivated.

GET /api-doc/proc-browse?amp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3btype=All&amp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3borderby=name&type=All&amp%3btype=All&amp%3bamp%3btype=All&amp%3bamp%3bamp%3btype=All&amp%3bamp%3bamp%3bamp%3btype=All&amp%3bamp%3bamp%3bamp%3bamp%3btype=All&amp%3bamp%3bamp%3bamp%3bamp%3bamp%3btype=All&amp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3btype=All&amp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3btype=All&amp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3borderby=name&amp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3btype=Private&amp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3btype=All&amp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3btype=All&amp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3btype=All&amp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3borderby=name&amp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3btype=All HTTP/1.1" 200 62378 "" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/605.1.15 (KHTML, like Gecko; compatible; FriendlyCrawler/1.0) Chrome/120.0.6099.216 Safari/605.1.15" "1729029614.331581 0.109805 0.000434 0.004026 0.215927

Options
    • -6
    • +12
    ./context-procs.tcl
  2. … 6 more files in changeset.
Tuesday 08 Oct
5:04 pm

antoniop

Prefer unset to array unset when the whole array should be deleted

See https://wiki.tcl-lang.org/page/Dict+VS+Array+Speed

Options
    • -1
    • +1
    ./01-debug-procs.tcl
    • -2
    • +2
    ./context-procs.tcl
    • -3
    • +3
    ./cr-procs.tcl
  4. … 5 more files in changeset.
Tuesday 01 Oct
2:40 pm

gustafn

tcl9 change: "... -encoding binary ..." not valid in tcl9

Options
    • -2
    • +2
    ./utilities-procs.tcl
Wednesday 11 Sep
8:11 am

gustafn

merge with missing files

Options
    • -0
    • +0
    ./03-doc-procs.tcl
    • -0
    • +0
    ./04-library-procs.tcl
    • -0
    • +0
    ./05-db-procs.tcl
    • -0
    • +0
    ./06-package-procs.tcl
    • -0
    • +0
    ./10-recreation-procs.tcl
    • -0
    • +0
    ./20-Ordered-Composite-procs.tcl
    • -0
    • +0
    ./30-widget-procs.tcl
    • -0
    • +0
    ./40-thread-mod-procs.tcl
    • -0
    • +0
    ./bgdelivery-procs.tcl
    • -0
    • +0
    ./cluster-procs.tcl
    • -0
    • +0
    ./context-procs.tcl
    • -0
    • +0
    ./cr-procs.tcl
    • -0
    • +0
    ./doc-procs.tcl
    • -0
    • +0
    ./generic-procs.tcl
    • -0
    • +0
    ./http-client-procs.tcl
  16. … 1450 more files in changeset.
Tuesday 03 Sep
5:37 pm

gustafn

merge from oacs-5-10

Options
    • -125
    • +302
    ./01-debug-procs.tcl
    • -62
    • +92
    ./03-doc-procs.tcl
    • -12
    • +14
    ./04-library-procs.tcl
    • -312
    • +701
    ./05-db-procs.tcl
    • -114
    • +694
    ./06-package-procs.tcl
    • -119
    • +243
    ./06-param-procs.tcl
    • -36
    • +36
    ./10-recreation-procs.tcl
    • -29
    • +90
    ./20-Ordered-Composite-procs.tcl
    • -199
    • +331
    ./30-widget-procs.tcl
    • -17
    • +30
    ./40-thread-mod-procs.tcl
    • -37
    • +60
    ./50-protocol-handler-procs.tcl
    • -79
    • +113
    ./bgdelivery-procs.tcl
    • -44
    • +0
    ./cluster-init.tcl
    • -129
    • +24
    ./cluster-procs.tcl
    • -178
    • +403
    ./context-procs.tcl
  16. … 8085 more files in changeset.
Friday 30 Aug
9:47 am

gustafn

improved spelling

Options
    • -2
    • +2
    ./06-package-procs.tcl
  2. … 15 more files in changeset.
Tuesday 27 Aug
12:06 pm

gustafn

whitespace changes

Options
    • -3
    • +3
    ./03-doc-procs.tcl
    • -4
    • +4
    ./06-package-procs.tcl
    • -3
    • +3
    ./06-param-procs.tcl
    • -3
    • +3
    ./bgdelivery-procs.tcl
    • -2
    • +2
    ./cluster-procs.tcl
    • -2
    • +2
    ./context-procs.tcl
    • -4
    • +4
    ./generic-procs.tcl
    • -2
    • +2
    ./test/context-test-procs.tcl
    • -1
    • +1
    ./test/xotcl-core-db-tutorial-procs.tcl
  10. … 7 more files in changeset.
Monday 26 Aug
4:24 pm

gustafn

Removed dependency on file-storage

- there was a "silent" dependency of xotcl core to the file-storage, since it

used many message keys from there. User-experience of xo* was bad when

no file-storage was installed.

- The message keys went to acs-content-repository and acs-kernel

- bumped version to 5.10.1b6

Options
    • -6
    • +6
    ./cr-procs.tcl
  2. … 2 more files in changeset.
Sunday 25 Aug
7:05 pm

gustafn

never cache package_id, when acs_admin::require_site_wide_package returns empty.

Options
    • -7
    • +14
    ./06-package-procs.tcl
Tuesday 20 Aug
7:50 pm

gustafn

reduce verbosity

Options
    • -2
    • +2
    ./cr-procs.tcl
11:28 am

gustafn

moved functionality to automated testing

Options
    • -28
    • +0
    ./test/xotcl-test-procs.tcl
    • -23
    • +0
    ./test/zz-final-procs.tcl
Monday 19 Aug
7:07 pm

gustafn

Removed memory leaks in the regression test

- new function ::xo::aa_check_leftovers to detect leaks a soon as possible

- made ::xo::stats better reusable by returning a dict

- extended regression test

- bumped xotcl-core to 5.10.1b5

Options
    • -6
    • +7
    ./01-debug-procs.tcl
    • -23
    • +39
    ./test/xotcl-test-procs.tcl
    • -0
    • +23
    ./test/zz-final-procs.tcl
  4. … 1 more file in changeset.
7:07 pm

gustafn

file zz-final-procs.tcl was initially added on branch oacs-5-10.

Options
    • -0
    • +0
    ./test/zz-final-procs.tcl
4:40 pm

gustafn

Removed warning during startup

Removed reason for protentially confusing warning during startup

Warning: nsf: method <::nx::Class> <-per-object> <init> does not exist

Options
    • -3
    • +3
    ./03-doc-procs.tcl
Friday 16 Aug
3:55 pm

gustafn

prefer recommended path over deprecated path

Options
    • -2
    • +2
    ./06-package-procs.tcl
Monday 15 Jul
1:41 pm

gustafn

improved spelling

Options
    • -2
    • +2
    ./05-db-procs.tcl
    • -2
    • +2
    ./bgdelivery-procs.tcl
Friday 05 Apr
10:39 am

gustafn

improved spelling

Options
    • -3
    • +3
    ./03-doc-procs.tcl
    • -3
    • +3
    ./http-client-procs.tcl
  3. … 2 more files in changeset.
10:28 am

gustafn

Improved readability of configuration parameter "parameterSecret"

- Switched to camelCase for better readabilty and uniformity

- NaviServer configuration parameters are case insensitive, so no danger for backward compatibility

Options
    • -1
    • +1
    ./01-debug-procs.tcl
  2. … 5 more files in changeset.
Wednesday 06 Mar
7:02 pm

gustafn

reduce verbosity

Options
    • -4
    • +4
    ./05-db-procs.tcl
Thursday 29 Feb
1:04 pm

gernst

Quote error message to better protect against XSS attacks

Options
    • -2
    • +2
    ./context-procs.tcl
12:04 pm

gustafn

Added parameter to define a default dbn to a database connection

By this change, one can now define a default dbn at the creation time

of a database connection object. Before, it was necessary to pass

the "-dbn" value to every single command. The parameter can still be

used for particular queries as before to overrule the default.

Example for defining a connection context to a pool named "legacy"

using the PostgreSQL database interface

::xo::db::DB-postgresql create ::xo::dc1 -dialect postgresql -dbn legacy

lappend _ [::xo::dc1 get_value . {select count(*) from acs_objects}]

lappend _ [::xo::dc get_value . {select count(*) from acs_objects}]

#> 660 51606

Options
    • -10
    • +15
    ./05-db-procs.tcl
Friday 23 Feb
1:58 pm

antoniop

Fix method signature

Options
    • -1
    • +1
    ./01-debug-procs.tcl
Thursday 15 Feb
6:36 pm

gustafn

Fixed implementation of value checker dbtext

The old version was not persistent in the blueprints.

Furthermore, the new version is more than 2x faster by

avoiding regular expressions.

Options
    • -8
    • +9
    ./01-debug-procs.tcl
1:27 pm

antoniop

Provide facilities to validate against invalid SQL strings

We introduce a new page contract filter and nsf validator called "dbtext". They implement enforcing of a value to be useable in an SQL query. Currently, this means that the value should not contain the NUL character, but the definition may change in the future or become database-specific.

The html contract filter has also be extended to reject the NUL character.

The test suite has been updated/extended to reflect the changes.

Options
    • -0
    • +18
    ./01-debug-procs.tcl
  2. … 2 more files in changeset.
Saturday 03 Feb
9:29 am

gustafn

reduced verbosity

Options
    • -2
    • +2
    ./cr-procs.tcl
Friday 26 Jan
5:37 pm

antoniop

Chat reform

The goal of these changes is to reduce the "mode" specific javascript code in the chat implementation and reduce server-side guessing of browser capabilities.

- In the MessageRelay class from xotcl-core, we rework the javascript code sent to the connection when doing scripted streaming to make less assumptions about the functions defined in the parent scope

- In the chat code from xowiki, we move most of the logics to guess the mode into javascript, where we can test the actual capabilities of the browser without relying on the user agent

- The previously 4 javascript files dependant on the chat mode have been made into one

Options
    • -2
    • +1
    ./message-relay-procs.tcl
  2. … 7 more files in changeset.
2:14 pm

antoniop

When the mode is "streaming", use Server Sent Events instead of a "plain" endless request

This has the advantage of a clearer, less hacky api, which, for instance, does not require manual parsing of the partial response.

Options
    • -7
    • +16
    ./message-relay-procs.tcl
  2. … 4 more files in changeset.
Thursday 30 Nov 2023
7:07 pm

gustafn

avoid double quoting

Options
    • -2
    • +2
    ./context-procs.tcl