Merge branch 'release/2.3.1'

revig · Nov 18, 2021 · 21d679d · 21d679d
2 parents edf22f0 + eac2fb0
commit 21d679d
Show file tree

Hide file tree

Showing 208 changed files with 428 additions and 224 deletions.
diff --git a/README.md b/README.md
@@ -32,7 +32,7 @@ To join the discussion relating to using revIgniter subscribe and review archive
 
 ### Meta
 
-- Version: 2.3.0
+- Version: 2.3.1
 - Web Site: <https://revigniter.com/>
 - User Guide: <https://revigniter.com/userGuide/index.html>
 - Author: [Ralf Bitter](mailto:rabit@revigniter.com)
diff --git a/system/helpers/htmlHelper.livecodescript b/system/helpers/htmlHelper.livecodescript
@@ -610,9 +610,9 @@ end rigHtmlDocType
 --| FUNCTION rigHtmlLinkTag
 --|
 --| Author: rabit
---| Version: 1.3
+--| Version: 1.4
 --| Created: 2009-10-09
---| Last Mod: 2020-11-28
+--| Last Mod: 2021-11-17
 --| Requires: rigSiteURL(), rigSlashItem()
 --|
 --| Summary: Generates HTML <link /> tags.
@@ -693,7 +693,13 @@ function rigHtmlLinkTag pHref pRel pType pTitle pMedia pIndexPage pCors
  end if
 
  if tType <> "" then
- put "rel=" & quote & tRel & quote && "type=" & quote & tType & quote & " " after tLink
+ if (tRel is "preload") and (char 1 to 4 of tType is "font") then
+ put "rel=" & quote & tRel & quote && "as=" & quote & "font" & quote && "type=" & quote & tType & quote & " " after tLink
+
+ else
+ put "rel=" & quote & tRel & quote && "type=" & quote & tType & quote & " " after tLink
+ end if -- if (tRel is "preload") and (cahr 1 to 4 of tType is "font")
+
  else
  put "rel=" & quote & tRel & quote & " " after tLink
  end if

diff --git a/system/libraries/Contentsecuritypolicy.livecodescript b/system/libraries/Contentsecuritypolicy.livecodescript
@@ -85,9 +85,9 @@ end libraryStack
 --| COMMAND _rigSetDefaultValues
 --|
 --| Author: rabit
---| Version: 1.0
+--| Version: 1.1
 --| Created: 2021-11-02
---| Last Mod: 2021-11-02
+--| Last Mod: 2021-11-17
 --| Requires: --
 --|
 --| Summary: Set default values for library variables.
@@ -100,6 +100,8 @@ end libraryStack
 ----------------------------------------------------------------------*/
 
 private command _rigSetDefaultValues
+ put FALSE into sCspA["omit-script-nonce"] -- omit automatic creation of script source nonce values for the CSP header
+ put FALSE into sCspA["omit-style-nonce"] -- omit automatic creation of style source nonce values for the CSP header
  put FALSE into sCspA["report-only"] -- flag for report only policy
  put "" into sCspA["allow"]["report-uri"] -- the URL where a browser will send reports when a content security policy is violated
  put FALSE into sCspA["allow"]["upgrade-insecure-requests"] -- rewrite URL schemes, changes HTTP to HTTPS
@@ -134,7 +136,7 @@ end _rigSetDefaultValues
 --| Author: rabit
 --| Version: 1.0
 --| Created: 2021-11-02
---| Last Mod: 2021-11-02
+--| Last Mod: 2021-11-17
 --| Requires: _rigInitializeCSP
 --|
 --| Summary: Run initial configuration procedures. Don't remove, even if it does nothing.
@@ -245,13 +247,13 @@ end _rigSetInitialCSPvalue
 --| FUNCTION _rigCSPheader
 --|
 --| Author: rabit
---| Version: 1.0
+--| Version: 1.1
 --| Created: 2021-10-30
---| Last Mod: 2021-10-30
+--| Last Mod: 2021-11-17
 --| Requires: --
 --|
 --| Summary: Generate the content security policy headers according to the options set
---|  in sCspA["allow"] and sCspA["report"]
+--| in sCspA["allow"] and sCspA["report"]
 --|
 --| Format: _rigCSPheader(param1[, param2])
 --|
@@ -272,10 +274,10 @@ function _rigCSPheader pMode pOutput
 
  # CHECK IF WE NEED CSP NONCES
  if tAddNonce is TRUE then
- if sStyleNonce <> TRUE then
+ if (sStyleNonce <> TRUE) and (sCspA["omit-style-nonce"] is FALSE) then
  put matchText(pOutput,"{{g_StyleNonce_}}") into sStyleNonce
  end if
- if sScriptNonce <> TRUE then
+ if (sScriptNonce <> TRUE) and (sCspA["omit-script-nonce"] is FALSE) then
  put matchText(pOutput,"{{g_ScriptNonce_}}") into sScriptNonce
  end if
 
@@ -365,9 +367,9 @@ end rigCspGet
 --| COMMAND rigCspSet
 --|
 --| Author: rabit
---| Version: 1.0
+--| Version: 1.1
 --| Created: 2021-11-01
---| Last Mod: 2021-11-01
+--| Last Mod: 2021-11-18
 --| Requires: --
 --|
 --| Summary: Setter for content security policy directives.
@@ -399,14 +401,20 @@ command rigCspSet pDirective pValue pMode
  if tKey is among the items of sCspDirectives then
  put pDirective[tKey] into tVal
  put tVal into sCspA[tMode][tKey]
- end if
+
+ else
+ if tKey is among the items of "omit-script-nonce,omit-style-nonce" then
+ put pDirective[tKey] into tVal
+ put tVal into sCspA[tKey]
+ end if
+ end if -- if tKey is among the items of sCspDirectives
  end repeat
 
  else -- if pDirective is an array
  if pDirective is among the items of sCspDirectives then
  put pValue into sCspA[tMode][pDirective]
 
- else if pDirective is "report-only" then
+ else if pDirective is among the items of "report-only,omit-script-nonce,omit-style-nonce" then
  put pValue into sCspA[pDirective]
  end if
  end if -- if pDirective is an array

diff --git a/system/libraries/Input.livecodescript b/system/libraries/Input.livecodescript
@@ -670,10 +670,10 @@ end _rigHoneypotConfig
 --| COMMAND _rigHoneypotBotDetection
 --|
 --| Author: rabit
---| Version: 1.0
+--| Version: 1.1
 --| Created: 2021-11-07
---| Last Mod: 2021-11-07
---| Requires: --
+--| Last Mod: 2021-11-16
+--| Requires: rigVarPost(), rigLogMessage, _rigHoneypotShowError
 --|
 --| Summary: Determine if the request comes from a bot.
 --|
@@ -687,7 +687,7 @@ end _rigHoneypotConfig
 private command _rigHoneypotBotDetection
  local tHoneypotValue
 
- if $_POST is an array then
+ if ($_POST is an array) and (sInputA["honeypotName"] is among the keys of $_POST) then
 
  put rigVarPost(sInputA["honeypotName"]) into tHoneypotValue
 

diff --git a/system/revigniter/RevIgniter.lc b/system/revigniter/RevIgniter.lc
@@ -43,7 +43,7 @@ end if
 
 
 # RI VERSION
- constant RIVERSION = "2.3.0"
+ constant RIVERSION = "2.3.1"
  constant RISTATE = "final"
 
 # VERSION GETTER

diff --git a/userGuide/changelog.html b/userGuide/changelog.html
@@ -38,7 +38,7 @@
  <span class="icon-bar"></span>
  <span class="icon-bar"></span>
  </button>
- <a class="navbar-brand" href="#">revIgniter User Guide Version 2.3.0</a>
+ <a class="navbar-brand" href="#">revIgniter User Guide Version 2.3.1</a>
  </div>
 
  <div class="collapse navbar-collapse">
@@ -99,6 +99,7 @@ <h1>Change Log</h1>
 
 
 <ul>
+<li><a href="#version231">Version 2.3.1</a></li>
 <li><a href="#version230">Version 2.3.0</a></li>
 <li><a href="#version221">Version 2.2.1</a></li>
 <li><a href="#version220">Version 2.2.0</a></li>
@@ -232,6 +233,17 @@ <h1>Change Log</h1>
 
 
 
+<h2><a id="version231">&nbsp;</a>Version 2.3.1</h2>
+<p>Release Date: 2021-11-18</p>
+
+<ul>
+ <li><strong>Changed:</strong> Added flag to prevent automatic creation of nonce values in <kbd>system/libraries/Contentsecuritypolicy.livecodescript</kbd>. This is useful because<br>'unsafe-inline' is ignored if a nonce value is present in the source list. Check out the extended list of CSP settings in chapter Content Security Policy of the User Guide.</li>
+ <li><strong>Fixed:</strong> There was an issue with bot detection in cases where the $_POST array did not contain a honeypot key, see <kbd>system/libraries/Input.livecodescript</kbd> -> <dfn>_rigHoneypotBotDetection</dfn>.</li>
+ <li><strong>Fixed:</strong> issue with font preloading in <kbd>system/helpers/htmlHelper.livecodescript</kbd> -> <dfn>rigHtmlLinkTag()</dfn>.</li>
+</ul>
+
+
+
 <h2><a id="version230">&nbsp;</a>Version 2.3.0</h2>
 <p>Release Date: 2021-11-13</p>
 

diff --git a/userGuide/database/active_record.html b/userGuide/database/active_record.html
@@ -38,7 +38,7 @@
  <span class="icon-bar"></span>
  <span class="icon-bar"></span>
  </button>
- <a class="navbar-brand" href="#">revIgniter User Guide Version 2.3.0</a>
+ <a class="navbar-brand" href="#">revIgniter User Guide Version 2.3.1</a>
  </div>
 
  <div class="collapse navbar-collapse">

diff --git a/userGuide/database/caching.html b/userGuide/database/caching.html
@@ -38,7 +38,7 @@
  <span class="icon-bar"></span>
  <span class="icon-bar"></span>
  </button>
- <a class="navbar-brand" href="#">revIgniter User Guide Version 2.3.0</a>
+ <a class="navbar-brand" href="#">revIgniter User Guide Version 2.3.1</a>
  </div>
 
  <div class="collapse navbar-collapse">

diff --git a/userGuide/database/configuration.html b/userGuide/database/configuration.html
@@ -38,7 +38,7 @@
  <span class="icon-bar"></span>
  <span class="icon-bar"></span>
  </button>
- <a class="navbar-brand" href="#">revIgniter User Guide Version 2.3.0</a>
+ <a class="navbar-brand" href="#">revIgniter User Guide Version 2.3.1</a>
  </div>
 
  <div class="collapse navbar-collapse">

diff --git a/userGuide/database/connecting.html b/userGuide/database/connecting.html
@@ -38,7 +38,7 @@
  <span class="icon-bar"></span>
  <span class="icon-bar"></span>
  </button>
- <a class="navbar-brand" href="#">revIgniter User Guide Version 2.3.0</a>
+ <a class="navbar-brand" href="#">revIgniter User Guide Version 2.3.1</a>
  </div>
 
  <div class="collapse navbar-collapse">

diff --git a/userGuide/database/examples.html b/userGuide/database/examples.html
@@ -38,7 +38,7 @@
  <span class="icon-bar"></span>
  <span class="icon-bar"></span>
  </button>
- <a class="navbar-brand" href="#">revIgniter User Guide Version 2.3.0</a>
+ <a class="navbar-brand" href="#">revIgniter User Guide Version 2.3.1</a>
  </div>
 
  <div class="collapse navbar-collapse">

diff --git a/userGuide/database/fields.html b/userGuide/database/fields.html
@@ -38,7 +38,7 @@
  <span class="icon-bar"></span>
  <span class="icon-bar"></span>
  </button>
- <a class="navbar-brand" href="#">revIgniter User Guide Version 2.3.0</a>
+ <a class="navbar-brand" href="#">revIgniter User Guide Version 2.3.1</a>
  </div>
 
  <div class="collapse navbar-collapse">

diff --git a/userGuide/database/helpers.html b/userGuide/database/helpers.html
@@ -38,7 +38,7 @@
  <span class="icon-bar"></span>
  <span class="icon-bar"></span>
  </button>
- <a class="navbar-brand" href="#">revIgniter User Guide Version 2.3.0</a>
+ <a class="navbar-brand" href="#">revIgniter User Guide Version 2.3.1</a>
  </div>
 
  <div class="collapse navbar-collapse">

diff --git a/userGuide/database/index.html b/userGuide/database/index.html
@@ -38,7 +38,7 @@
  <span class="icon-bar"></span>
  <span class="icon-bar"></span>
  </button>
- <a class="navbar-brand" href="#">revIgniter User Guide Version 2.3.0</a>
+ <a class="navbar-brand" href="#">revIgniter User Guide Version 2.3.1</a>
  </div>
 
  <div class="collapse navbar-collapse">

diff --git a/userGuide/database/queries.html b/userGuide/database/queries.html
@@ -38,7 +38,7 @@
  <span class="icon-bar"></span>
  <span class="icon-bar"></span>
  </button>
- <a class="navbar-brand" href="#">revIgniter User Guide Version 2.3.0</a>
+ <a class="navbar-brand" href="#">revIgniter User Guide Version 2.3.1</a>
  </div>
 
  <div class="collapse navbar-collapse">

diff --git a/userGuide/database/results.html b/userGuide/database/results.html
@@ -38,7 +38,7 @@
  <span class="icon-bar"></span>
  <span class="icon-bar"></span>
  </button>
- <a class="navbar-brand" href="#">revIgniter User Guide Version 2.3.0</a>
+ <a class="navbar-brand" href="#">revIgniter User Guide Version 2.3.1</a>
  </div>
 
  <div class="collapse navbar-collapse">

diff --git a/userGuide/database/table_data.html b/userGuide/database/table_data.html
@@ -38,7 +38,7 @@
  <span class="icon-bar"></span>
  <span class="icon-bar"></span>
  </button>
- <a class="navbar-brand" href="#">revIgniter User Guide Version 2.3.0</a>
+ <a class="navbar-brand" href="#">revIgniter User Guide Version 2.3.1</a>
  </div>
 
  <div class="collapse navbar-collapse">

diff --git a/userGuide/database/transactions.html b/userGuide/database/transactions.html
@@ -38,7 +38,7 @@
  <span class="icon-bar"></span>
  <span class="icon-bar"></span>
  </button>
- <a class="navbar-brand" href="#">revIgniter User Guide Version 2.3.0</a>
+ <a class="navbar-brand" href="#">revIgniter User Guide Version 2.3.1</a>
  </div>
 
  <div class="collapse navbar-collapse">

diff --git a/userGuide/docStyle/index.html b/userGuide/docStyle/index.html
@@ -38,7 +38,7 @@
  <span class="icon-bar"></span>
  <span class="icon-bar"></span>
  </button>
- <a class="navbar-brand" href="#">revIgniter User Guide Version 2.3.0</a>
+ <a class="navbar-brand" href="#">revIgniter User Guide Version 2.3.1</a>
  </div>
 
  <div class="collapse navbar-collapse">

diff --git a/userGuide/general/autoloader.html b/userGuide/general/autoloader.html
@@ -38,7 +38,7 @@
  <span class="icon-bar"></span>
  <span class="icon-bar"></span>
  </button>
- <a class="navbar-brand" href="#">revIgniter User Guide Version 2.3.0</a>
+ <a class="navbar-brand" href="#">revIgniter User Guide Version 2.3.1</a>
  </div>
 
  <div class="collapse navbar-collapse">

diff --git a/userGuide/general/caching.html b/userGuide/general/caching.html
@@ -38,7 +38,7 @@
  <span class="icon-bar"></span>
  <span class="icon-bar"></span>
  </button>
- <a class="navbar-brand" href="#">revIgniter User Guide Version 2.3.0</a>
+ <a class="navbar-brand" href="#">revIgniter User Guide Version 2.3.1</a>
  </div>
 
  <div class="collapse navbar-collapse">

diff --git a/userGuide/general/cli.html b/userGuide/general/cli.html
@@ -38,7 +38,7 @@
  <span class="icon-bar"></span>
  <span class="icon-bar"></span>
  </button>
- <a class="navbar-brand" href="#">revIgniter User Guide Version 2.3.0</a>
+ <a class="navbar-brand" href="#">revIgniter User Guide Version 2.3.1</a>
  </div>
 
  <div class="collapse navbar-collapse">

diff --git a/userGuide/general/common_handlers.html b/userGuide/general/common_handlers.html
@@ -38,7 +38,7 @@
  <span class="icon-bar"></span>
  <span class="icon-bar"></span>
  </button>
- <a class="navbar-brand" href="#">revIgniter User Guide Version 2.3.0</a>
+ <a class="navbar-brand" href="#">revIgniter User Guide Version 2.3.1</a>
  </div>
 
  <div class="collapse navbar-collapse">

diff --git a/userGuide/general/controllers.html b/userGuide/general/controllers.html
@@ -38,7 +38,7 @@
  <span class="icon-bar"></span>
  <span class="icon-bar"></span>
  </button>
- <a class="navbar-brand" href="#">revIgniter User Guide Version 2.3.0</a>
+ <a class="navbar-brand" href="#">revIgniter User Guide Version 2.3.1</a>
  </div>
 
  <div class="collapse navbar-collapse">

diff --git a/userGuide/general/core_libraries.html b/userGuide/general/core_libraries.html
@@ -38,7 +38,7 @@
  <span class="icon-bar"></span>
  <span class="icon-bar"></span>
  </button>
- <a class="navbar-brand" href="#">revIgniter User Guide Version 2.3.0</a>
+ <a class="navbar-brand" href="#">revIgniter User Guide Version 2.3.1</a>
  </div>
 
  <div class="collapse navbar-collapse">

diff --git a/userGuide/general/creating_libraries.html b/userGuide/general/creating_libraries.html
@@ -38,7 +38,7 @@
  <span class="icon-bar"></span>
  <span class="icon-bar"></span>
  </button>
- <a class="navbar-brand" href="#">revIgniter User Guide Version 2.3.0</a>
+ <a class="navbar-brand" href="#">revIgniter User Guide Version 2.3.1</a>
  </div>
 
  <div class="collapse navbar-collapse">

diff --git a/userGuide/general/credits.html b/userGuide/general/credits.html
@@ -38,7 +38,7 @@
  <span class="icon-bar"></span>
  <span class="icon-bar"></span>
  </button>
- <a class="navbar-brand" href="#">revIgniter User Guide Version 2.3.0</a>
+ <a class="navbar-brand" href="#">revIgniter User Guide Version 2.3.1</a>
  </div>
 
  <div class="collapse navbar-collapse">

diff --git a/userGuide/general/errors.html b/userGuide/general/errors.html
@@ -38,7 +38,7 @@
  <span class="icon-bar"></span>
  <span class="icon-bar"></span>
  </button>
- <a class="navbar-brand" href="#">revIgniter User Guide Version 2.3.0</a>
+ <a class="navbar-brand" href="#">revIgniter User Guide Version 2.3.1</a>
  </div>
 
  <div class="collapse navbar-collapse">