Comment: | Added conversion to s:session-var-get. WARNING: Need to use 'raw in many cases |
---|---|
Downloads: | Tarball | ZIP archive | SQL archive |
Timelines: | family | ancestors | descendants | both | trunk |
Files: | files | file ages | folders |
SHA1: |
445ea184aebf8989ce80fa16e16e89a6 |
User & Date: | matt on 2016-09-25 17:10:36 |
Other Links: | manifest | tags |
2016-11-08
| ||
06:20 | Merged crypt branch check-in: 0e2bee049a user: matt tags: trunk | |
2016-10-20
| ||
17:53 |
Replace external openssl call with "crypt" egg.
The OpenSSL call was using the old UNIX crypt DES password hashing, which is very weak. Crypt will default to a more sensible mechanism (Blowfish, but in the future could transparently switch). Old passwords will continue to work, because the crypt egg detects DES salts and happily hashes them. When creating new passwords, they will be hashed using the modern algorithm. The OpenSSL call passed the password to the shell, so an onlooker on the server could see it in plaintext. It also neglected to escape the password for the shell, resulting in a command injection vulnerability. check-in: 1b5a5d3a6e user: sjamaan tags: crypt | |
17:50 | Create new branch named "crypt" Closed-Leaf check-in: 1241e8996c user: sjamaan tags: crypt | |
2016-09-25
| ||
17:10 | Added conversion to s:session-var-get. WARNING: Need to use 'raw in many cases check-in: 445ea184ae user: matt tags: trunk | |
2016-09-24
| ||
07:07 | Added recovery from bad form. but it is broken and I don't know why. Still seems rare ... check-in: 44c407806c user: matt tags: trunk | |
Modified doc/howto.txt from [56cd7b3d4f] to [a12cd32804].
︙ | |||
14 15 16 17 18 19 20 21 22 23 24 25 26 27 | 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 | + | The URL: http://the.domain.com/pagename/p1/p2/p3?param1=value1 (s:get-page-params) => '("p1" "p2") (s:get-param 'param1) => "value1" (s:get-param 'param1 'number) => number or #f Create a link. ~~~~~~~~~~~~~~ (s:null "[" (s:a name 'href (s:link-to (string-append "location/" (string-intersperse p "/") ""))) "] "))) |
︙ | |||
66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 | 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 | + - + - + + + | ;; use (s:get-param to get the 'id, or 'reply_to values Get and set a session var ~~~~~~~~~~~~~~~~~~~~~~~~~ (s:session-var-get "keyname") (s:session-var-get "keyname" 'number) (s:session-var-set! "keyname" "value") 5.1 Page local vars (s:set! key val) (s:get key) make a selection drop down ~~~~~~~~~~~~~~~~~~~~~~~~~~ In view.scm: |
︙ |
Modified session.scm from [d1e5e81543] to [feaf3112af].
︙ | |||
433 434 435 436 437 438 439 | 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 | - - - + + + + | ;; get session vars for the current page ;; (define (session:page-get self key) (hash-table-ref/default (sdat-get-pagevars self) key #f)) ;; get session vars for a specified page ;; |
︙ |
Modified setup.scm from [77c57eae95] to [90e6633a2e].
︙ | |||
64 65 66 67 68 69 70 | 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 | - - + + | (define (s:get-n-del! key) (let ((val (session:page-get s:session key))) (session:del! s:session key) val)) ;; these are session wide |
︙ |