Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
I
intranet-rest
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
project-open
intranet-rest
Commits
7fc9b506
Commit
7fc9b506
authored
Jun 11, 2020
by
Frank Bergmann
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
- Improved security: Removed most [ns_conn form] calls in the system.
parent
8f7c9ea6
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
4 additions
and
6 deletions
+4
-6
intranet-rest-util-procs.tcl
tcl/intranet-rest-util-procs.tcl
+4
-6
No files found.
tcl/intranet-rest-util-procs.tcl
View file @
7fc9b506
...
...
@@ -24,9 +24,7 @@ ad_proc -public im_rest_doc_return {args} {
ad_http_cache_control
# find out if we should compress or not
set query_set
[
ns_conn form
]
set gzip_p
[
ns_set get
$query
_set gzip_p
]
ns_log Notice
"im_rest_doc_return: gzip_p=
$gzip
_p"
set gzip_p
[
im_opt_val -limit_to alnum gzip_p
]
# Return the data
if
{
"1"
==
$gzip
_p
}
{
...
...
@@ -93,13 +91,13 @@ ad_proc -private im_rest_debug_headers {
set header_vars
[
ns_conn headers
]
foreach var
[
ad_ns_set_keys
$header
_vars
]
{
set value
[
ns_set get
$header
_vars
$var
]
set value
[
im_opt_val -limit_to nohtml
$var
]
append debug
"header:
$var
=
$value
\n
"
}
set form_vars
[
ns_conn form
]
foreach var
[
ad_ns_set_keys
$form
_vars
]
{
set value
[
ns_set get
$form
_vars
$var
]
set value
[
im_opt_val -limit_to nohtml
$var
]
append debug
"form:
$var
=
$value
\n
"
}
...
...
@@ -636,7 +634,7 @@ ad_proc -public im_rest_error {
ad_proc -public im_rest_get_content
{}
{
Th
ere's no
[
ns_conn content
]
so th
is is a hack to get the content of the REST request.
This is a hack to get the content of the REST request.
@return string - the request
@author Dave Bauer
}
{
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment