• last updated 19 hours ago
Constraints: committers
Constraints: files
Constraints: dates
- use type checking for boolean parameters in page_contracts to improve security

  1. … 15 more files in changeset.
- add tcltrace procs, deactivated by default, can be activated via package parameter "TclTraceLogServerities" and "TclTraceSaveNsReturn" of acs-tcl "Tcl Library". This additions allows to add actions, whenever "ns_log" or "ns_return" are called.

The trace for "ns_log" adds the selected log entries to be reported via the developer support.

The trace for "ns_return" captures the output of the server returned via "ns_return" in files, which are useful for HTML validation (e.g. via the W3C validator)

    • -7
    • +15
    • -0
    • +26
    • -0
    • +71
- fix validity of HTML

- add a <p> tag around paragraph

- fix HTML markup

- remove deprecated HTML markup

- provde "ad_urlencode_query" similar to "ad_urlencode_path"

- map exporting of form-vars to quer-vars more robust (for values starting with dashes)

- fix validation of HTML

- fix quoting of href

- remove xss attack vector via error messages while including templates

- perform minimal safety checks on dates passed to weblog

    • -1
    • +8
- use type checking for boolean parameters in page_contracts to improve security

- make layout more robust

- start autogenerated ids with characters

- provide defaults for Content-Style-Type and Content-Script-Type

- fix HTML attribute quoting

- one more case of HTML attribute quoting

- fix more HTML attribute quoting

- fixed html attribute quoting

Add missing file extension to referenced image 'checkboxchecked.gif'

- remove default bgcolor in flash (swf) links, use styling via surrounding divs etc. instead

- make same changes to acs-subsite/www/site-map.tcl as to acs-subsite/www/admin/site-map.tcl

- adding quotes for HTML attributes

  1. … 6 more files in changeset.
- fix HTML attribute quoting

- quote html attributes properly

- fix html HTML 4.01 validity

- use export_vars instead of manual coded url parameter to increase security

- improve usage of export_vars (no unecessary quotes, use "-base" parameter to make intentions clear)

- fix html HTML 4.01 validity of ds toolbar

merging back to HEAD fixes regarding repeatable formfields.

    • -2
    • +2
All js functions used to load ckeditor need to be prefixed with 'load_'.

Removing formfield css class from delete repeated field links otherwise they are mistaken with html elements used during ckeditor initialization.

    • -2
    • +2