• last updated 5 hours ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
make sure to call ad_script_abort after ad_returnredirect

  1. … 15 more files in changeset.
merged changes from the oacs-5-9 branch and resolved conflicts

  1. … 7834 more files in changeset.
- prefer "localurl" over "return_url" of name of page filter

  1. … 90 more files in changeset.
- improve checking of return_urls in page_contracts

  1. … 87 more files in changeset.
- add editor hints to keep spaces/tabs in the furture more consistent

  1. … 754 more files in changeset.
Normalizing string comparison operations into tcl 8.4 operations, enabling byte-code compilation for expressions and many conditionals

  1. … 367 more files in changeset.
cleanup javadoc tags (eg @cvs_id @cvs @cvs-id: instead if @cvs-id)

  1. … 692 more files in changeset.

1. Added session-update.tcl, a small utility which somewhat safely allows

you to put up a link that changes a session_property, for instance to

change the number of items displayed or that sort of thing. The caller

must sign their values and URL, which are verified by the callee via

ad_page_contract. If the referrer doesn't match the signed expected

referrer, you get bounced. I think this is reasonably secure (though

permissions should always be rigorously checked on all pages, of course)

2. acs_events had an html_p flag in the datamodel but no way to set it.

Fixed. It should really be a mime-type but since it's not using the

CR, and since I'm extremely busy with other stuff, I didn't fix it.

3. While doing #1 above I learned that signing and verifying arrays didn't

quite work. Fixed.

4. Found and fixed a small problem with my earlier work on the currency widget.

    • -0
    • +35
    ./session-update.tcl
  1. … 13 more files in changeset.