[Nitro] [PATCH] Fix an exploitable bug in CGI multipart parsing

Michael Fellinger manveru at weez-int.com
Wed Oct 25 04:41:44 EDT 2006


patch attached, it's still warm :)
please apply ASAP (also you guys who use 0.31, please patch)

This fully closes a previously-reported but partially-fixed vulnerability:
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0983
  http://www.securityfocus.com/bid/11618/info

thanks to zedas who informed us :)

^ manveru
-------------- next part --------------

New patches:

[Fix an exploitable bug in CGI multipart parsing which affects Ruby <= 1.8.5
manveru at weez-int.com**20061025083802
 when the input stream returns "" (empty string) instead of nil on EOF.
 Certain malformed multipart requests leave the parser in a non-terminating
 state, leaving the program vulnerable to denial of service attack. The fix
 more carefully checks for input stream EOF.
   affected: standalone CGI, Mongrel
   unaffected: FastCGI, mod_ruby, WEBrick
 
 found and fixed by zedas
] {
hunk ./nitro/lib/nitro/cgi.rb 264
-        if c.nil?
+        if c.nil? || c.empty?
}

Context:

[Updated why_wiki.
George Moschovitis <george.moschovitis at gmail.com>**20061024154145] 
[Updated CHANGELOG.
George Moschovitis <george.moschovitis at gmail.com>**20061024124642] 
[You guessed it, more changes to examples ;-)
George Moschovitis <george.moschovitis at gmail.com>**20061024082500] 
[More changes to examples, even more to come.
George Moschovitis <george.moschovitis at gmail.com>**20061024082419] 
[Many changes to examples, flare, spark to convert to latest code, more to come.
George Moschovitis <george.moschovitis at gmail.com>**20061024082333] 
[Moved system view dirs to template dirs.
George Moschovitis <george.moschovitis at gmail.com>**20061024062032] 
[Adde set_attributes, instace_attribute_set methods in entity, for easy (and fast) update+save of attributes. Custom Mysql quote.
George Moschovitis <george.moschovitis at gmail.com>**20061023115253] 
[Some work on dispatcher for tc_params.
George Moschovitis <george.moschovitis at gmail.com>**20061023115213] 
[Updates in TODO.
George Moschovitis <george.moschovitis at gmail.com>**20061023115147] 
[Multiple fixes to make Nitro tests pass. All pass except tc_session with Og cachse and tc_controller_params. Can anyone help with these  two?
George Moschovitis <george.moschovitis at gmail.com>**20061019152957] 
[More flexible controller_map setting. Allows presetting of controller maps in parts. Have a look at the system part for an example.
George Moschovitis <george.moschovitis at gmail.com>**20061019092453] 
[Minor.
George Moschovitis <george.moschovitis at gmail.com>**20061018074820] 
[More effective $cache.cleanup
George Moschovitis <george.moschovitis at gmail.com>**20061018074708] 
[Many changes to make all Og tests pass with MySQL, yeah! Anyone can try prostgres/sqlite?
George Moschovitis <george.moschovitis at gmail.com>**20061017191259] 
[All Glue tests pass cleanly.
George Moschovitis <george.moschovitis at gmail.com>**20061016082957] 
[Added doc/TODO to offer a glimpse to the future of Nitro.
George Moschovitis <george.moschovitis at gmail.com>**20061016071926] 
[Skip  redirects on ajax/rpc requests. Allows to write more reusable code.
George Moschovitis <george.moschovitis at gmail.com>**20061016071453] 
[Removed all Admin/Scaffolding stuff. Lets clear the directory structure a bit ;-)
George Moschovitis <george.moschovitis at gmail.com>**20061014170714] 
[Added new System part that will replace old Admin part. The implementation is much simpler, it supports plugins and more. In general it is a better place for improvment. Ooh, and should startup faster too ;-)
George Moschovitis <george.moschovitis at gmail.com>**20061014165130] 
[Mark instances started by the bin/nitro command with the application name for easy identification when running ps.
George Moschovitis <george.moschovitis at gmail.com>**20061013132756] 
[Improved handling of index params in dispatcher, fixes bug when only template exists and no action (tiny example runs now ;-))
George Moschovitis <george.moschovitis at gmail.com>**20061013074907] 
[Fix in Global.
George Moschovitis <george.moschovitis at gmail.com>**20061013064758] 
[Converted blog example.
George Moschovitis <george.moschovitis at gmail.com>**20061013063711] 
[Fix: Made sweeper compatible with new cache scheme.
George Moschovitis <george.moschovitis at gmail.com>**20061013060625] 
[Fix in feed link calculation (no '//')
George Moschovitis <george.moschovitis at gmail.com>**20061011081124] 
[Fix in mailer outgoing.
George Moschovitis <george.moschovitis at gmail.com>**20061011081100] 
[Fix Glue testcases, many failing though
Jonathan Buch <john at oxyliquit.de>**20060930150921] 
[Revamp tc params to also allow POST requests, add POST multipart test
Jonathan Buch <john at oxyliquit.de>**20060929134324] 
[Add test to tc params for action_methods / module including
Jonathan Buch <john at oxyliquit.de>**20060928142918] 
[repair Controller.action_methods
Jonathan Buch <john at oxyliquit.de>**20060928142621] 
[Insert testcase for params, bugreport ray
Jonathan Buch <john at oxyliquit.de>**20060928133450] 
[Change the way /index with parameters handled
Jonathan Buch <john at oxyliquit.de>**20060927223815
 This behaviour is documented in tc_controller_params.rb in the two tcs
 test_index_handling and test_index_handling_bad.
] 
[Replace refs to the old 9999 port with the new 9000 port.
George Moschovitis <george.moschovitis at gmail.com>**20061010111635] 
[Removed some obsolete files.
George Moschovitis <george.moschovitis at gmail.com>**20061010111154] 
[More flexible elements namespace selection, you can easier have multiple skins in your web app, per controller, per controller group etc. Read the source for more details. A low level example: ann :self, :elements => CustomSkin. I will add some DSL macro for this though.
George Moschovitis <george.moschovitis at gmail.com>**20061010084527] 
[this allows you to use the sqlite-memory-store (sqlite3) by setting the :name to ':memory:'
manveru at weez-int.com**20060929075743] 
[Fix sti bug, used subclass name for foreign_key
Jonathan Buch <john at oxyliquit.de>**20061003103231
 Foo has_many Bar; User has_many Foo; Admin < User; Admin.foos #=> SQL
 ERROR: DB error no such column: admin_oid, [SELECT * FROM ogcustomer WHERE admin_oid = 1]
 
 Thx to Rayman for catching that bug, added testcase as well
] 
[Small tc reverse fix, also works on psql now!
Jonathan Buch <john at oxyliquit.de>**20060929174147] 
[Fixed emit labels in relation controls.
George Moschovitis <george.moschovitis at gmail.com>**20061009193439] 
[Another cool flash helper, concat. Useful for error handling in cooperation with the new form builder features.
George Moschovitis <george.moschovitis at gmail.com>**20061009192031] 
[Nitro unescapes request params (even for nice urls), more cases handled.
George Moschovitis <george.moschovitis at gmail.com>**20061009161125] 
[Improved form builder error handling, more intuitive implementation of flash.push.
George Moschovitis <george.moschovitis at gmail.com>**20061009160120] 
[Fix in text_key/key annotation, it is handles correctly now.
George Moschovitis <george.moschovitis at gmail.com>**20061009072919] 
[Form helper should ignore polymorphic_marker relations.
George Moschovitis <george.moschovitis at gmail.com>**20061008085628] 
[When deleting an Og entity load the object, so og_delete aspects can access instance variables. Useful for sophisticated cache sweepers.
George Moschovitis <george.moschovitis at gmail.com>**20061008080957] 
[Updated scaffold model to use the new OgSystem stuff.
George Moschovitis <george.moschovitis at gmail.com>**20061008080926] 
[WebFile.override_files = true by default.
George Moschovitis <george.moschovitis at gmail.com>**20061008072452] 
[Made strange router urls more compatible with Apache.
George Moschovitis <george.moschovitis at gmail.com>**20061008072113] 
[At last, output caching generates files, not directories. Improved apache/webrick/mongrel rewrite rules.
George Moschovitis <george.moschovitis at gmail.com>**20061008071447] 
[Added a nasty hack that fixes a truly nasty bug. For details read in the webrick/mongrel adapters. We must find a better solution though.
George Moschovitis <george.moschovitis at gmail.com>**20061007173056] 
[Reverted some changes in compiler/dispatcher, cleaned up the mess. Sorry Fabian, your changes where invalid, but I will make your updated testcases pass. Gimme some more time ;-)
George Moschovitis <george.moschovitis at gmail.com>**20061007153307] 
[More correct calculation of managed_classes.
George Moschovitis <george.moschovitis at gmail.com>**20061007070202] 
[Added some comments.
George Moschovitis <george.moschovitis at gmail.com>**20061005182903] 
[Added useful handle_static_files setting in Server. When running in production mode set to false (the frontend webserver should handle static files). Allows an ingenious rewrite rule to handle admin servers ;-)
George Moschovitis <george.moschovitis at gmail.com>**20061005182522] 
[added nitro/tc_template for coming move of Glue::Template -> Nitro::Template
manveru at weez-int.com**20060925203752] 
[added nitro/tc_markup (this will become important after the Glue::Markup -> Nitro::Markup move
manveru at weez-int.com**20060925203051] 
[Make OgCache faster by adding primary_key index
Jonathan Buch <john at oxyliquit.de>**20060929164816] 
[ The huge Template|Markup move from Glue to Nitro
manveru at weez-int.com**20060928092324] 
[Fix tc_validation_loop
Jonathan Buch <john at oxyliquit.de>**20060928112058] 
[Fix tc_reverse
Jonathan Buch <john at oxyliquit.de>**20060928111438] 
[Add psql rollback/savepoints for transactions
Jonathan Buch <john at oxyliquit.de>**20060928111226] 
[Try fix sti, ogtype resolution for mysql < 5, -pr psql
Jonathan Buch <john at oxyliquit.de>**20060928105756] 
[add fatal failed testcases to the failed testcases :)
manveru at weez-int.com**20060927223059] 
[Fix bug, used String for primary_key for psql auto generated values.
Jonathan Buch <john at oxyliquit.de>**20060927224042] 
[Fix tc has_many
Jonathan Buch <john at oxyliquit.de>**20060927212206] 
[Fix param handling and param testcases
Jonathan Buch <john at oxyliquit.de>**20060927212044] 
[Fix tc controller, remove unnessessary action_methods
Jonathan Buch <john at oxyliquit.de>**20060927210246] 
[Fix tc multi_validation and tc kirby.
Jonathan Buch <john at oxyliquit.de>**20060927160905] 
[Fix tc primary key for psql, change sequence handling
Jonathan Buch <john at oxyliquit.de>**20060927160518
 Moves sequence description to a annotation for the primary key instead of
 using a constant in the class.  Only uses sequences if the sql for the
 pk includes the keyword SERIAL.  This does not account for manually
 created sequences, TODO.
] 
[Fix reverse tc, makes it pass for mysql
Jonathan Buch <john at oxyliquit.de>**20060927133118] 
[Fix inheritance tc
Jonathan Buch <john at oxyliquit.de>**20060927132223] 
[Fix sti for psql
Jonathan Buch <john at oxyliquit.de>**20060927132149] 
[retry when sqlite database locked
Alex Pooley <alex at msgpad.com>**20060908140800] 
[Make inline C in tc_cgi more robust
Jonathan Buch <john at oxyliquit.de>**20060927122119] 
[Add more tests to tc param
Jonathan Buch <john at oxyliquit.de>**20060926205950] 
[More and better testcases for params
Jonathan Buch <john at oxyliquit.de>**20060926124647] 
[More testcases for tc_controller_params, refactor
Jonathan Buch <john at oxyliquit.de>**20060926114453] 
[support for request.local_net? to check if a request comes from a local network [3]
Fabian Buch <fabian at fabian-buch.de>**20060925210146
 (RFC1918 + localhost) including testcase
 idea by Manveru, algorithm by Jonathan and implementation by Fabian
] 
[update to nitro/tc_dispatcher
manveru at weez-int.com**20060925210647] 
[just a typo in nitro/tc_session
manveru at weez-int.com**20060925203734] 
[updated to nitro/tc_render to reflect lots of changes in nitro-source
manveru at weez-int.com**20060925203647] 
[updated nitro/tc_controller - will reflect the current ways of nitro a lot better
manveru at weez-int.com**20060925202935] 
[updated nitro/tc_cgi (kashia added ruby-inline to make it faster) and some other fixes for it
manveru at weez-int.com**20060925202725] 
[updated nitro/helper/tc_table
manveru at weez-int.com**20060925202300] 
[add testcase for nitros parameter-handling (finally) [2]
Fabian Buch <fabian at fabian-buch.de>**20060925195011
 original by Manveru
] 
[gen part uses lib/ directory now
Fabian Buch <fabian at fabian-buch.de>**20060913094740
 so parts reside in lib/part/partname
 public stuff of parts are still in public/part/partname/
] 
[Removed scgi adapter. This is not maintained anymore by the original author. You are advised to use the mongrel adapter instead.
George Moschovitis <george.moschovitis at gmail.com>**20061003203706] 
[Added nitro restart command.
George Moschovitis <george.moschovitis at gmail.com>**20060925135127] 
[Nitro cluster command spawns correct number of app servders and implies daemon mode.
George Moschovitis <george.moschovitis at gmail.com>**20060925131813] 
[Fixed response cookies problem od the Mongrel  adapter.
George Moschovitis <george.moschovitis at gmail.com>**20060924202240] 
[Added part callbacks for more structures and flexible part initialization.
George Moschovitis <george.moschovitis at gmail.com>**20060923024859] 
[Improved Global initialization, more flexible, in sync with session.
George Moschovitis <george.moschovitis at gmail.com>**20060923024711] 
[Improved handling of Session.cache_type for flexible initialization.
George Moschovitis <george.moschovitis at gmail.com>**20060923022541] 
[Updated configuration system to make more flexible, imporved drb sessions and Nitro initialization in general. Still some related work to do though (especially update the examples). Warning this patch will break your apps. Some text that will explain the small changes needed is forthcoming.
George Moschovitis <george.moschovitis at gmail.com>**20060922184512] 
[Improved nitro command to handle state server, added kill option.
George Moschovitis <george.moschovitis at gmail.com>**20060921204412] 
[Added some initial cache management (from the console) features.
George Moschovitis <george.moschovitis at gmail.com>**20060921185724] 
[Make YAML-properties with postgresql work again
manveru at weez-int.com**20060914091150] 
[notice about new script/test :)
manveru at weez-int.com**20060912105803] 
[Huge refactoring of script/test.rb, to use the new capability just 'gem install popen4'
manveru at weez-int.com**20060912070838] 
[added tc_primary_key (which fails right now, like every good tc should ;)
manveru at weez-int.com**20060908022410] 
[fix little bug with parse_timestamp (utils.rb)
manveru at weez-int.com**20060906093558] 
[Og close_store fix
nusgnaf at gmail.com**20060826205335
 We use @store to maintain database connection when Og.thread_safe is false and @pool when Og.thread_safe is 
 true. Right now in close_store, we fall back to @store.close when @pool.empty? is true, that not correct, the 
 following patch fixes this.
] 
[fixed bug in tc_store.rb
Fabian Buch <fabian at fabian-buch.de>**20060828075201] 
[making some other testcases pass again (issue with result of psql)
manveru at weez-int.com**20060825172828] 
[making tc_build.rb pass again
manveru at weez-int.com**20060825142113] 
[make aggregations work again (tc_aggregations_calculations)
manveru at weez-int.com**20060824235925] 
[fixing STI
manveru at weez-int.com**20060824142441] 
[adding some raise "Not implemented" in og/store.rb for empty methods
manveru at weez-int.com**20060824114541] 
[minor change in tc_scope, still doesn't pass though
manveru at weez-int.com**20060822122540] 
[changed script/test.rb so it runs the tests seperate (useful for og, if one test fails, not all others blow up)
manveru at weez-int.com**20060822090716] 
[Fix scope bug in collection.rb, use count for finding number of joins_many relations
Jonathan Buch <jonathan.buch at gmail.com>**20060912124344] 
[Fix for deleting has_many belongs/refers_to relations
Jonathan Buch <jonathan.buch at gmail.com>**20060911144233] 
[fix for deleting belongs_to relationships
Jonathan Buch <jonathan.buch at gmail.com>**20060911122205] 
[add testcase for deleting relations
Jonathan Buch <jonathan.buch at gmail.com>**20060911112315] 
[More small og test fixes
Jonathan Buch <jonathan.buch at gmail.com>**20060906214008] 
[Fix more og testcases
Jonathan Buch <jonathan.buch at gmail.com>**20060906211602] 
[.save returns affected rows again, fix subclass creation in relation.rb
Jonathan Buch <jonathan.buch at gmail.com>**20060906210953] 
[Enable object annotating for custom styles in form attributes.
Jonathan Buch <jonathan.buch at gmail.com>**20060903154923
 
 Can be used like following:
 
 <?r
  flash[:VERROR].errors.each do |sym,msg|
  	@obj.annotation sym => {:control_style => 'border:1px solid red;'}
  end if flash[:VERROR]
 ?>
 
 This traverses over validation errors and sets a red border around those
 attributes with errors.
 
] 
[Replace pk.inspects by quote(pk)
Jonathan Buch <jonathan.buch at gmail.com>**20060903112405
 
 Fixes problems with text/integer keys.
] 
[One line fix for 'Various Changes' patch
Jonathan Buch <jonathan.buch at gmail.com>**20060903111201] 
[Various changes
Jonathan Buch <jonathan.buch at gmail.com>**20060902224949
 
 * Revise resolve_polymorphic_relations, remove FIXME, change the
   eval to const_set.
 * Change symbol_to_class to return nil when no matching class was 
   found.
 * Fix aggregation code, only use order_by when group_by is given.
] 
[minor fix for manage_classes
Jonathan Buch <jonathan.buch at gmail.com>**20060902164458] 
[remove ObjectSpace search in manage_classes when classes are specified
Jonathan Buch <jonathan.buch at gmail.com>**20060902163817] 
[OgKlass.create_with is now able to accept arrays for collections
Jonathan Buch <jonathan.buch at gmail.com>**20060830180923] 
[Fix bug with Pager and aggregations
Jonathan Buch <jonathan.buch at gmail.com>**20060828221005
 
 The option array got changed by the new aggregation code and in `paginate` the array got reused.  Testcase also attached.
 
 This patch also makes an alias named :limit for :per_page.  Makes paginate more compatible to other sql based functions.
] 
[minor testcase bugfixes
Jonathan Buch <jonathan.buch at gmail.com>**20060827232013] 
[only use transactions in og_delete when cascading is activated
Jonathan Buch <jonathan.buch at gmail.com>**20060827231901] 
[Automatic deletion of many2many relationships when one side gets removed
Jonathan Buch <jonathan.buch at gmail.com>**20060827231733] 
[add testcase for many to many relationships and deleting one side of the relationship
Jonathan Buch <jonathan.buch at gmail.com>**20060827231057] 
[prop_accessor -> attr_accessor
Jonathan Buch <jonathan.buch at gmail.com>**20060827230931] 
[fix taggable, reload needed when deleting tag
Jonathan Buch <jonathan.buch at gmail.com>**20060827223558] 
[change all prop_accessor to attr_accessor
Jonathan Buch <jonathan.buch at gmail.com>**20060825230930] 
[patch for many postgresql store errors, makes more tests pass
Jonathan Buch <jonathan.buch at gmail.com>**20060825224327
 
 Most importantly this changes the lookup rule for symbol_to_class in relation.rb, changes annotating of primary keys when invoked by `set_primary_key :name, String`.
 
 Minor enhanced test files, updated to new syntax etc.
] 
[Add transaction, commit, rollback to psql adapter
Jonathan Buch <jonathan.buch at gmail.com>**20060825172522] 
[Let `def aggregation` use `resolve_options`
Jonathan Buch <jonathan.buch at gmail.com>**20060825155121
 
 It duplicated functionality already available in `resolve_options` and didn't know about join tables etc.
] 
[Add Fabian Buch as contributor, rename nick Kashia to Jonathan
Jonathan Buch <jonathan.buch at gmail.com>**20060831181201] 
[Minor fixes.
George Moschovitis <george.moschovitis at gmail.com>**20060912152127] 
[removed unmatched require in server.rb
Fabian Buch <fabian at fabian-buch.de>**20060911155626] 
[fixed call/answer (render.rb) to work correctly [2]
Fabian Buch <fabian at fabian-buch.de>**20060911155557] 
[FeedHelper fix that lets its unit test pass again [2]
Fabian Buch <fabian at fabian-buch.de>**20060911155026] 
[removing "nil"-Strings from has_many and refers_to controls [2]
Fabian Buch <fabian at fabian-buch.de>**20060911154851
 since you don't want "nil" for NULL in your database
] 
[webfile bugfix and to-be-improved tc_webfile.rb added [2]
Fabian Buch <fabian at fabian-buch.de>**20060911154544
 also: don't override files by default
 and more logical file permissions
] 
[adding generator for parts (gen part) [2]
Fabian Buch <fabian at fabian-buch.de>**20060911153811
 
 gen part partname
 copies the given part to the current folder (so you should be
 in your applications main folder) and moves the part's 
 public files to public/part/partname
] 
[let mongrels request_uri and query_string behave like the ones of webrick and fcgi
Fabian Buch <fabian at fabian-buch.de>**20060911205524] 
[Cleaned up many files.
George Moschovitis <george.moschovitis at gmail.com>**20060910192003] 
[Test for :serializable_attributes in Manager#manageable?
Pangloss <darrick at innatesoftware.com>**20060909212814] 
[Update Og::Cacheable to use facets 1.4.5
Pangloss <darrick at innatesoftware.com>**20060909212038] 
[Small fix in exclude patch to get rid fo the warning.
George Moschovitis <george.moschovitis at gmail.com>**20060910084803] 
[adding option[:exclude] to all_attributes in form helper
Fabian Buch <fabian at fabian-buch.de>**20060908182429
 now you can exclude single attribute
 for example:
 f.attributes(:exclude => :password) or
 f.attributes(:exclude => [:password, :name])
] 
[Allow label override in form helper.
George Moschovitis <george.moschovitis at gmail.com>**20060909070515] 
[Minor stuff.
George Moschovitis <george.moschovitis at gmail.com>**20060909065751] 
[Some improvements in caching and scaffolding.
George Moschovitis <george.moschovitis at gmail.com>**20060907195840] 
[Access server from context (req/res)
George Moschovitis <george.moschovitis at gmail.com>**20060905200321] 
[New cluster friendly nitro script.
George Moschovitis <george.moschovitis at gmail.com>**20060905200208] 
[fix latest Runner bugs
Fabian Buch <fabian at fabian-buch.de>**20060831134122
 ruby run.rb -m for example didn't work, it always used webrick unless Nitro.adapter was set
] 
[Some more fixes in the the new param parser, it works better with the router now.
George Moschovitis <george.moschovitis at gmail.com>**20060831173030] 
[FileControl and PasswordControl added
Fabian Buch <fabian at fabian-buch.de>**20060830191849] 
[Added support for mongrel, execution modes and more in the nitro startup script (bin/nitro).
George Moschovitis <george.moschovitis at gmail.com>**20060828212153] 
[Minor stuff.
George Moschovitis <george.moschovitis at gmail.com>**20060828171549] 
[Alexander Lazic's Mongrel Adapter changes + mine
Fabian Buch <fabian at fabian-buch.de>**20060826102734
 it uses Mongrel::Configurator to setup mongrel
 Logger for a more unified look
 fixes trap to use stop()
] 
[Fixed 'true' bug in sub-elements.
George Moschovitis <george.moschovitis at gmail.com>**20060826074839] 
[Small improvements in taggable.
George Moschovitis <george.moschovitis at gmail.com>**20060826074740] 
[Improved sub-element functionality, add some comments to explain the usage.
George Moschovitis <george.moschovitis at gmail.com>**20060825195559] 
[Removed src dir, moved path into lib. Cleaner layout and trnsparently supports my new webapp deployment script. nice ;-)
George Moschovitis <george.moschovitis at gmail.com>**20060824175446] 
[tell evolution to accept the properties of its relatives
manveru at weez-int.com**20060824143623] 
[Added more FIXMEs for rescue Object and removed a few
Jonathan Buch <jonathan.buch at gmail.com>**20060822123730] 
[removing spurious "p"
rff.rff at gmail.com**20060819140258] 
[better error handling for helper.rb
ùrff.rff at gmail.com**20060819134639] 
[Some improvements in the new scaffolding code, auto detection of per model controllers.
George Moschovitis <george.moschovitis at gmail.com>**20060822150735] 
[Misc small changes for improved robustness.
George Moschovitis <george.moschovitis at gmail.com>**20060820093250] 
[Various validation related fixes and small improvements.
George Moschovitis <george.moschovitis at gmail.com>**20060817071240] 
[Default error page sets 501 status
George Moschovitis <george.moschovitis at gmail.com>**20060817060455] 
[This patch contains the following changes:
rff.rff at gmail.com**20060729141757
 
 M ./nitro/lib/nitro/helper/form.rb +8
] 
[This patch refactors the code used in the scaffolded view to be usable as a single helper. 
rff.rff at gmail.com**20060729141306
 It basically creates a div containing a list of li tags, each of one contains a message for each error in flash[:ERRORS]
 
 This patch contains the following changes:
 
 M ./nitro/lib/nitro/helper/form.rb +12
] 
[Intuitive handling of text keys, allows code like u = User['gmosx'] and u = User[1] at the same time.
George Moschovitis <george.moschovitis at gmail.com>**20060801203732] 
[encode_url better handles index actions.
George Moschovitis <george.moschovitis at gmail.com>**20060801203714] 
[Some small fixes.
George Moschovitis <george.moschovitis at gmail.com>**20060730132126] 
[bugfix-glue-validate_value
bryan.a.soto at gmail.com**20060717205050
 Ticket #44: http://devlab.oree.ch/trac/glycerin/ticket/44
 Credit to matt DOT moriarity AT gmail DOT com.
] 
[fix conflict mongrel adapter
rff.rff at gmail.com**20060729105408] 
[bugfix-nitro-mongrel-adapter
bryan.a.soto at gmail.com**20060717060648
 Fixes multi-part form processing, which was broken by my previous patch. Basically, image uploads work now for mongrel.
] 
[fix conflict on "undescore" typo
rff.rff at gmail.com**20060729104933] 
[bugfix-nitro-ticket-43
bryan.a.soto at gmail.com**20060711010702
 Fixed a bug/type as suggested by rff_rff AT yahoo DOT it
 http://devlab.oree.ch/trac/glycerin/ticket/43
] 
[bugfix-nitro-ticket-34
bryan.a.soto at gmail.com**20060711010350
 Fixed as per billk AT cts DOT com suggestion on Ticket #34.
 http://devlab.oree.ch/trac/glycerin/ticket/34
] 
[navigation menu helper
rff_rff at yahoo.it**20060705193224
 This helper allows easy creation of xhtml/css based navigation menus, producing an xhtml that is suitable to be used with examples found at listamatic, and with automatic handling of "current page" highliting, setting proper xhtml for it.
 
 The helper adds two methods, one allows to create a menu like 
  menu_for(HomeController, Pages, Feed)
 and the other gives more fine grained control through:
  menu_from_hash('/home'=>'Home Page', '/pages'=>'Wiki', '/feed/rss'=>'RSS2.0')
 
] 
[hack-enh-fcgi-rewind
bryan.a.soto at gmail.com**20060609220620
 A small hack to ensure that you can access the raw_body of a request, by converting the incoming stream to a StringIO if it doesn't respond to :rewind.
] 
[test-fix-og-tc_ez
bryan.a.soto at gmail.com**20060518001436
 Fixes up the ez testcase Manveru submitted to make it run and pass.
] 
[ez-fix for trueclass and testcase for it
m.fellinger at gmail.com**20060513111040] 
[error-page-fix for source-preview
m.fellinger at gmail.com**20060513110945] 
[test-fix-nitro-tc_render
bryan.a.soto at gmail.com**20060517223259
 Makes the TestController subclass Nitro::Controller so it get's the #encode_url method.
] 
[adds-some-blank-lines-to-og-tc_setup
bryan.a.soto at gmail.com**20060517222452] 
[gabrielle-renzis-linefeeds
bryan.a.soto at gmail.com**20060517221725
 Switches line endings from Dos to Unix.
] 
[solves the conflict between repo and devlab (Og.setup now handles arguments in 
rff.rff at gmail.com**20060729102534
 a saner way and crashes ASAP when there is no chance to recover
 
] 
[crash-early Og.setup
surrender_it at yahoo.it**20060505123051
 This patch removed the Exception handling routine from Og.setup.
 With the current code if an exception is raised during the execution of 
 the method there is no crash, but the crash will happen every time someone references Og.manager, cause that variable won't be initialized .
 This patch makes Og.setup crash as soon as possible, thus allowing faster diagnostics.
 
 The patch also adds a simple test case for Og.setup, which seem not tested anywhere, but the test case may need some love  for proper setup (it relies on glycerin as of now, cause loading CONFIG.rb seem to raise a strange exception related to mixed use of facets 1.3 and 1.0 on my box)
 
] 
[better test logging
surrender_it at yahoo.it**20060505010206
 As of now tests for Og swallow every error ingormation while not in $DBG mode,
 this one-line patch allows visualization of logged informations at WARN level and more, which has little impact on the visualization of the tests and still allows quick diagnostics while staying out of $DBG
] 
[add-ostruct-require
bryan.a.soto at gmail.com**20060512060511
 Adds missing ostruct require to testcase.rb.
] 
[nitro-proto-page
bryan.a.soto at gmail.com**20060510060546
 Updates the intro page with a link to the rubyforge page for examples to be downloaded as suggested by James Britt.
] 
[Made redirect_on_empty (buffer) true by default.
George Moschovitis <george.moschovitis at gmail.com>**20060729083954] 
[More fault tolerant populate_attributes.
George Moschovitis <george.moschovitis at gmail.com>**20060727192802] 
[Added objects_to_options helper.
George Moschovitis <george.moschovitis at gmail.com>**20060726115346] 
[Hack fixed fcgi/console Og polymorphic bug, will investigate later.
George Moschovitis <george.moschovitis at gmail.com>**20060726115238] 
[Minor fixes and cleanup.
George Moschovitis <george.moschovitis at gmail.com>**20060723141916] 
[fragments_fix
nusgnaf at gmail.com**20060720211817
 kill the usage of @@cache in nitro/lib/nitro/caching/framents.rb,
 use self.cache instead.
] 
[Minor.
George Moschovitis <george.moschovitis at gmail.com>**20060720182002] 
[Improved postgreslq adapter.
George Moschovitis <george.moschovitis at gmail.com>**20060720180657] 
[form.fix
nusgnaf at gmail.com**20060721015451
 ensure we render all_attributes before we yield to block.
] 
[MysqlAdapter database creation
Jonas Pfenniger <zimba.tm at gmail.com>**20060720133458] 
[More cleanup in Og files.
George Moschovitis <george.moschovitis at gmail.com>**20060719214222] 
[Small updates in source files, removed some obsolete files.
George Moschovitis <george.moschovitis at gmail.com>**20060719203755] 
[Better refactoring of last_insert_id/insert_sql.
George Moschovitis <george.moschovitis at gmail.com>**20060719170347] 
[Further Og adapter refactoring.
George Moschovitis <george.moschovitis at gmail.com>**20060719163823] 
[Mongrel large file fix. [fang sun]
George Moschovitis <george.moschovitis at gmail.com>**20060719153444] 
[Updated source.
George Moschovitis <george.moschovitis at gmail.com>**20060718202542] 
[Added postgresql.rb main adapter file.
George Moschovitis <george.moschovitis at gmail.com>**20060718174745] 
[Updated RELEASES.
George Moschovitis <george.moschovitis at gmail.com>**20060718174725] 
[More source/doc updates.
George Moschovitis <george.moschovitis at gmail.com>**20060718155406] 
[Misc doc/source updates.
George Moschovitis <george.moschovitis at gmail.com>**20060718154516] 
[Reimplemented postgresql adapter (not fully working yet).
George Moschovitis <gm at navel.gr>**20060717220903] 
[Further refactoring/cleanup of the Og adapter code.
George Moschovitis <gm at navel.gr>**20060717220831] 
[Small fixes in examples to make work with latest code.
George Moschovitis <gm at navel.gr>**20060717220750] 
[Added special resolve_polymorphic behaviour to many_to_many/joins_many relations.
George Moschovitis <gm at navel.gr>**20060716164436] 
[Even more intelligent dispatches, handles some more useful nice url cases. It rocks!
George Moschovitis <gm at navel.gr>**20060716160628] 
[More flexible resolve_polymorphic_relations.
George Moschovitis <gm at navel.gr>**20060716154721] 
[Check for join tables even if main table exists to be make Og more self-healing (and adaptive to changin schemas).
George Moschovitis <gm at navel.gr>**20060716145000] 
[Polymorphic relations use again Owner::Class subclasses, but they are more flexible, there is no more the need for foreign_name declarations, plus cleaned up some Og code.
George Moschovitis <gm at navel.gr>**20060716130632] 
[Virtualized table_already_exists? for mysql and sqlite3 to allow a single create table method for both adapters (!!!).
George Moschovitis <gm at navel.gr>**20060713172658] 
[Reimplemented the sqlite adapter under the new model.
George Moschovitis <gm at navel.gr>**20060713171143] 
[Remarkable refactoring/simplification of the Og adapter model. Cleaned up Mysql Adapter, more robust code.
George Moschovitis <gm at navel.gr>**20060713171040] 
[Options control now takes reverse dictonary as a parameter, more useful.
George Moschovitis <gm at navel.gr>**20060712164255] 
[MAJOR, BACKWARDS UNCOMPATIBLE CHANGE: Polymorphic classes are not nested. Ie now ArticleComment is created instead of Article::Comment.
George Moschovitis <gm at navel.gr>**20060710210736] 
[Added rename_schema method in Og evolution.
George Moschovitis <gm at navel.gr>**20060710190814] 
[Removed og evolution from og main dir to avoid confusion with store/evolution (renamed to dump.rb)
George Moschovitis <gm at navel.gr>**20060710155539] 
[Misc form helper and controls improvements.
George Moschovitis <gm at navel.gr>**20060709164509] 
[Improved StaticInclude compiler to handle recursive static includes (extremely useful).
George Moschovitis <gm at navel.gr>**20060709164423] 
[Minor
George Moschovitis <gm at navel.gr>**20060709083138] 
[Some fixes in the admin templates.
George Moschovitis <gm at navel.gr>**20060709082357] 
[Removed old form helper code, added float control, some cleanup.
George Moschovitis <gm at navel.gr>**20060709080905] 
[Added OptionsControl for attributes that take discreet options.
George Moschovitis <gm at navel.gr>**20060708082406] 
[Updated contributors.
George Moschovitis <gm at navel.gr>**20060708082323] 
[Extacted publishable.rb from controller.rb, added mount_path helper to publishable. [renzi]
George Moschovitis <gm at navel.gr>**20060708073814] 
[Minor.
George Moschovitis <gm at navel.gr>**20060706204217] 
[Small render fix.
George Moschovitis <gm at navel.gr>**20060706204140] 
[Added support for nested controllers, cleaned up render (no base), updated admin part to work with changes.
George Moschovitis <gm at navel.gr>**20060706203550] 
[Added initial versions of scaffold/controller, scaffold/model.
George Moschovitis <gm at navel.gr>**20060706155447] 
[Changed render_template (for the moment uses a 'hack' implementation, but it works!) [james_b]
George Moschovitis <gm at navel.gr>**20060705193130] 
[Og load/reload handle nil primary keys (by returning nil).
George Moschovitis <gm at navel.gr>**20060705181328] 
[Simplified hidden method in xhtml helper.
George Moschovitis <gm at navel.gr>**20060701072425] 
[Applied james britt's mongrel patch.
George Moschovitis <gm at navel.gr>**20060630190711] 
[author backwards compatibility (atom)
Kashia Buch <john at oxyliquit.de>**20060622175214
 
 Request by Fabian
] 
[Added handle_sql_exception for MysqlAdapter#create_table
Jonas Pfenniger <jonas at stvs.ch>**20060627135225] 
[Added String to Car's property in tc_inheritance.rb
Jonas Pfenniger <jonas at stvs.ch>**20060627132219] 
[Removed Glue::Flexob testcase since it does't exist anymore
Jonas Pfenniger <jonas at stvs.ch>**20060627132017] 
[Fixed add_rule in dispatcher [james_b]
George Moschovitis <gm at navel.gr>**20060629151558] 
[Removed paramix-fix, not needed in facets 1.4.3
George Moschovitis <gm at navel.gr>**20060629151520] 
[Argh and again argh, extend OpenStruct instead of OpenObject in FileTemplate to fix weird and NASTY eval bug.
George Moschovitis <gm at navel.gr>**20060626191414] 
[consoleapp -> command.
George Moschovitis <gm at navel.gr>**20060626172152] 
[Changes to make compatible with 1.4.2
George Moschovitis <gm at navel.gr>**20060626163705] 
[Added some new files.
George Moschovitis <gm at navel.gr>**20060620065144] 
[Applied patches by neokolor at gmx.de, plus some minor stuff. [neokolor at gmx.de]
George Moschovitis <gm at navel.gr>**20060620064746] 
[Deprecated RSS helper (use the new feed helper instead).
George Moschovitis <gm at navel.gr>**20060618102546] 
[Updated spark and flare examples to use the feed helper.
George Moschovitis <gm at navel.gr>**20060618102431] 
[Updated blog example to work with latest, slightly improved feed parser in the process.
George Moschovitis <gm at navel.gr>**20060618101830] 
[Allow override of style in controls (+ minor fixes).
George Moschovitis <gm at navel.gr>**20060618090054] 
[bugfix-mongrel-adapter-request-uri
bryan.a.soto at gmail.com**20060605211152
 Removes REQUEST_URI header manipulation and accomodates an upcoming change in Mongrel 0.3.13. An ugly class check... Lovely.
] 
[more-mongrel-adapter-fixes
bryan.a.soto at gmail.com**20060510222051
 Fixes up static file serving.
] 
[mongrel-fixes
bryan.a.soto at gmail.com**20060510060439
 Gives the Mongrel adapter some need updating.
] 
[Fixed Orderable to work with latest Og.
George Moschovitis <gm at navel.gr>**20060616082740] 
[Allow for relative/absolute expiration of affected cached pages for extra flexibity.
George Moschovitis <gm at navel.gr>**20060614071336] 
[Fixes in output caching (root setting).
George Moschovitis <gm at navel.gr>**20060614070409] 
[Renamed evolution.rb to dump.rb to avoid confusion with the dynamic schema evolution feature.
George Moschovitis <gm at navel.gr>**20060614061620] 
[Refactored og cloning to a separate file to keep entity.rb cleaner.
George Moschovitis <gm at navel.gr>**20060614061451] 
[Added sendfile support to render. [jlambert]
George Moschovitis <gm at navel.gr>**20060613175624] 
[Taggable tagstring_linked.
George Moschovitis <gm at navel.gr>**20060613175606] 
[Small changes in FeedHelper.
George Moschovitis <gm at navel.gr>**20060613060649] 
[Removed deprecated and buggy static include code from Template, the StaticInclude compiler is used instead.
George Moschovitis <gm at navel.gr>**20060612083733] 
[Added {{..}} and #<..> aliases to #{R ..}.
George Moschovitis <gm at navel.gr>**20060609083834] 
[Refactored webrick vcr functionality to a separate file.
George Moschovitis <gm at navel.gr>**20060609081950] 
[Added again examples, flare, spark
George Moschovitis <gm at navel.gr>**20060607152438] 
[Using the new building code, fixed the admin hasmany/joinsmany control.
George Moschovitis <gm at navel.gr>**20060607011350] 
[Implemented collection build mode for efficient object relation initialization w/o excessive saves.
George Moschovitis <gm at navel.gr>**20060607005902] 
[Small fix in template_for_action to avoid unhelpful error message on missing action (and symbol passed).
George Moschovitis <gm at navel.gr>**20060606075731] 
[Added many new files.
George Moschovitis <gm at navel.gr>**20060605182624] 
[Many many changes (New control system, Emit labels in the controls, Relation controls (hack fix), Show form errors in admin screens, Removed credit lines, Updated docs, Og.destroy_schema, and more...) under heavy construction.
George Moschovitis <gm at navel.gr>**20060605182411] 
[Honour port in Mysql create/destroy [james_b]
George Moschovitis <gm at navel.gr>**20060528072603] 
[Updated docs.
George Moschovitis <gm at navel.gr>**20060526094620] 
[Minor.
George Moschovitis <gm at navel.gr>**20060522103204] 
[Refactored and rationalized evolution support for sql stores.
George Moschovitis <gm at navel.gr>**20060522102946] 
[Introduced new control system. Still under construction.
George Moschovitis <gm at navel.gr>**20060522064146] 
[Fixes in validation and scaffolding.
George Moschovitis <gm at navel.gr>**20060521090718] 
[After some more fixes tc_store.rb passes ;-)
George Moschovitis <gm at navel.gr>**20060520093243] 
[Fixes in mysql insert.
George Moschovitis <gm at navel.gr>**20060520092051] 
[Fixed finders.
George Moschovitis <gm at navel.gr>**20060520085837] 
[Fixed some more problems.
George Moschovitis <gm at navel.gr>**20060520084729] 
[Added join support, rationalized primary key setup.
George Moschovitis <gm at navel.gr>**20060520081153] 
[Better support for non integer primary keys.
George Moschovitis <gm at navel.gr>**20060519074722] 
[More fixes to support update.
George Moschovitis <gm at navel.gr>**20060519074304] 
[Rationalized og_delete.
George Moschovitis <gm at navel.gr>**20060519072950] 
[More fixes to support reading.
George Moschovitis <gm at navel.gr>**20060519072248] 
[After some more changes, a small example works ;-)
George Moschovitis <gm at navel.gr>**20060519063007] 
[Rationalized sql index definition: attr_accessor :age, Fixnum, :index => true, :pre_index => ..., :post_index => ...
George Moschovitis <gm at navel.gr>**20060519061721] 
[Major Og rewrite, updating to the new attribute system, cleaning the code and migrating to the new adapter model. Many many more changes. In progress.
George Moschovitis <gm at navel.gr>**20060519060701] 
[Removed alpha og stores.
George Moschovitis <gm at navel.gr>**20060518070101] 
[Many changes to support the switch to attributes instead of properties.
George Moschovitis <gm at navel.gr>**20060518065907] 
[Minor.
George Moschovitis <gm at navel.gr>**20060516150705] 
[Moved examples, spark, flare to a separate repository.
George Moschovitis <gm at navel.gr>**20060516073246] 
[Removed wee helper and example. Not really useful in Nitro, better use wee standalone + Og if you like Wee components (or wait for a Nitro solution).
George Moschovitis <gm at navel.gr>**20060516072823] 
[Removed controller_name from Render, user controller.mount_path instead.
George Moschovitis <gm at navel.gr>**20060516072350] 
[Fixed: dont overwrite already defined methods in the new scaffold code.
George Moschovitis <gm at navel.gr>**20060516071615] 
[Improved R (encode_url) handles strings and entities. Redirect implicitly uses R. Form builder implicitly uses R for form actions.
George Moschovitis <gm at navel.gr>**20060516071508] 
[Fixed name_to_jsfile (absolute url).
George Moschovitis <gm at navel.gr>**20060515065439] 
[Reenabled format in Logger.
George Moschovitis <gm at navel.gr>**20060513042251] 
[Added some :nodoc: all to cleanup generated RDocs.
George Moschovitis <gm at navel.gr>**20060513034929] 
[Bumbed version number in many files.
George Moschovitis <gm at navel.gr>**20060512154849] 
[Wrote a detailed parts howto in RDoc form in parts.rb as requested by Jonas. To be improved after community feedback.
George Moschovitis <gm at navel.gr>**20060512153754] 
[Initial code for the new scaffolding system, *very* under construction, ignore for the moment.
George Moschovitis <gm at navel.gr>**20060511101456] 
[Added a model macro to controllers that links related classes. At the moment it is used in the sweeper do delete cached pages from the linked controller base directory.
George Moschovitis <gm at navel.gr>**20060510102836] 
[Fixed Session.current and Controller.current
George Moschovitis <gm at navel.gr>**20060508075645] 
[Store current context in a thread local variable, accesible through Context.current
George Moschovitis <gm at navel.gr>**20060507160715] 
[Removed glue/attribute, use Facet's cattr instead. Updated nitro/og source to make compatible.
George Moschovitis <gm at navel.gr>**20060507085703] 
[Added script adapter file.
George Moschovitis <gm at navel.gr>**20060507062034] 
[Removed flexob and references to it, use Facet's OpenObject instead.
George Moschovitis <gm at navel.gr>**20060507061555] 
[Renamed to ScriptAdapter, keep ConsoleAdapter alias.
George Moschovitis <gm at navel.gr>**20060506103921] 
[Yeah, the ConsoleAdapter kinda works now ;-)
George Moschovitis <gm at navel.gr>**20060506102010] 
[Introduced new nitro command/runner that will replace the current spaghetti code. Based on facetes Console::Command. Also introduced the ConsoleAdapter.
George Moschovitis <gm at navel.gr>**20060506095503] 
[Removed accumulate (in facets).
George Moschovitis <gm at navel.gr>**20060506080052] 
[Some small updates.
George Moschovitis <gm at navel.gr>**20060506075526] 
[TAG 0.30.0
George Moschovitis <gm at navel.gr>**20060506075053] 
Patch bundle hash:
c1be9ee361094d91911f481f13e59c102c9d1bed


More information about the Nitro-general mailing list