Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
branch: master
Commits on May 13, 2015
  1. @Shadowfiend

    Merge pull request #1702 from lift/dcb_issue_1677

    Shadowfiend authored
    Dcb issue 1677, send pre-creation CometActor messages in the order received
    
    Fixes an issue where CometActor messages sent with session.sendCometActorMessage
    to actors that are not yet initialized would be sent to it in the wrong order once the actor
    *was* eventually initialized. Specifically, they were sent backwards. They are now sent in
    the correct order.
Commits on Apr 28, 2015
  1. @Shadowfiend

    Merge pull request #1703 from lift/working_pwd_reset

    Shadowfiend authored
    Fixed the new bind-less password change in ProtoUser
    
    The right side of CSS selector transforms is call-by-name, so we were computing
    two separate password fields for the password and confirmation input. As a result,
    we were failing to set the password because the confirmation input and password
    input both registered as not having a confirmation submitted for them. We now
    generate the password input ahead of time and reuse it to get the right behavior.
  2. @dpp
Commits on Apr 27, 2015
  1. @dcbriccetti
  2. @dcbriccetti

    Change LiftSession to accumulate pre-creation CometActor messages in …

    dcbriccetti authored
    …the order received, rather than reverse order.
Commits on Apr 26, 2015
  1. @dcbriccetti
  2. @dcbriccetti

    Move TestComet inside LiftSessionSpec.scala and create it with the ne…

    dcbriccetti authored
    …wer form of findOrCreateComet.
Commits on Apr 25, 2015
  1. @dcbriccetti

    Create test for Issue 1677, “Lift stores messages in LiftSession.come…

    dcbriccetti authored
    …tSetup List in wrong order”
Commits on Apr 20, 2015
  1. @Shadowfiend

    Merge pull request #1694 from lift/null-anti-null

    Shadowfiend authored
    Null-Anti-Null: Don't assume postPageFunctions are Some.
    
    When generating post-page JavaScript, we were assuming that because our first
    access of the post-page functions was non-empty, all of them would be. This led
    to occasional .get-related NullPointerExceptions. We now allow for later calls
    to the post-page functions to be None, and simply assume we have no more
    functions to fetch once we get a None for them.
  2. @Shadowfiend

    Merge pull request #1693 from lift/tilde-down-for-what

    Shadowfiend authored
    Implement ParamFailure chaining for ~>
    
    Now, when ~> is invoked in a ParamFailure, the existing ParamFailure
    will be chained, thereby preserving the original param that was
    attached.
Commits on Apr 19, 2015
  1. @Shadowfiend

    Merge pull request #1683 from lift/documentation-ape

    Shadowfiend authored
    Documentation Ape: Documentation updates to JsonAST and a few small code optimizations.
    
    This PR does some updates to the documentation in JsonAST.
  2. @Shadowfiend

    Merge pull request #1692 from lift/midair-collision

    Shadowfiend authored
    Midair Collision: Fix issue where binding an `href` and an `onclick` together could fail.
    
    This only manifested when the onclick came before the href on an
    a element, and probably also manifested if you bound an onsubmit
    on a form that had an action attribute. The cause was just that I had
    forgotten to properly pass on already-seen event attributes when
    processing the href attributes, so we lost them.
Commits on Apr 17, 2015
  1. @dpp

    Merge pull request #1698 from lift/dpp_extra_comet_args

    dpp authored
    Enhanced Support for browser Actor proxies
Commits on Apr 16, 2015
  1. @dpp
  2. @dpp
  3. @dpp
Commits on Apr 15, 2015
  1. @dcbriccetti

    Fix spelling error

    dcbriccetti authored
Commits on Apr 13, 2015
  1. @farmdawgnation

    Merge pull request #1696 from natekupp/patch-1

    farmdawgnation authored
    Replace defunct scala-tools.org reference
  2. @natekupp

    Replace defunct scala-tools.org reference

    natekupp authored
    scala-tools.org is no longer active. Pointing to sonatype.org for the jar instead.
Commits on Mar 23, 2015
  1. @Shadowfiend @fmpwizard

    Lock down SecurityHelpers.secureXML further.

    Shadowfiend authored fmpwizard committed
    We disable external doctypes altogether, and We also enable secure processing;
    combined, these mitigate more attacks than just the XML External Entity attack.
    
    The tests are updated to indicate that we now throw an exception whenever we
    encounter an XML document with a doctype declaration.
    
    Signed-off-by: Diego Medina <diego@fmpwizard.com>
Commits on Mar 21, 2015
  1. @Shadowfiend

    Further documentation tweaks.

    Shadowfiend authored
    A few clarifications, cross-references, and formatting tweaks.
  2. @Shadowfiend

    Don't assume postPageFunctions are Some.

    Shadowfiend authored
    When generating post-page JavaScript, we were assuming that because our first
    access of the post-page functions was non-empty, all of them would be. This led
    to occasional .get-related NullPointerExceptions. We now allow for later calls
    to the post-page functions to be None, and simply assume we have no more
    functions to fetch once we get a None for them.
  3. @farmdawgnation

    Implement ParamFailure chaining for ~>

    farmdawgnation authored
    Now, when ~> is invoked in a ParamFailure, the existing ParamFailure
    will be chained, thereby preserving the original param that was
    attached.
  4. @Shadowfiend

    Centralize call to fix remaining attributes.

    Shadowfiend authored
    We were calling fixAttrs with attrs.next in five places, which meant it was a
    bit error prone. We now do it up front so the call can be changed in one place.
  5. @Shadowfiend

    Fix an issue where we could lose event attributes.

    Shadowfiend authored
    This particularly manifested when the attribute whose href we wanted to fix
    (e.g., the `href` attribute on an `a` element or the `action` attribute on a
    `form` element) also had an event handler (e.g. `onclick`). The code that fixed
    the href failed to pass on the event handlers that had been seen so far to the
    attribute-fixing chain, so they got lost before they could be applied.
Commits on Mar 15, 2015
  1. @Shadowfiend @fmpwizard

    Provide a secure XML parser in SecurityHelpers, use it throughout.

    Shadowfiend authored fmpwizard committed
    The secure XML parser does not allow entity references to refer to external
    entities; allowing this exposes an application to XXE (XML External Entity)
    attacks, where the external reference can be to a local file with sensitive
    data, whose contents will then appear in the resulting parse error messages.
    External entities are ignored and will not appear in the parsed or reserialized
    XML.
    
    All of Lift's built-in XML parsing now uses Helpers.secureXML instead of
    directly using scala.xml.XML, including in tests.
    
    More at https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Processing .
    
    Signed-off-by: Diego Medina <diego@fmpwizard.com>
Commits on Feb 22, 2015
  1. @farmdawgnation
  2. @farmdawgnation
Commits on Feb 21, 2015
  1. @fmpwizard

    Merge pull request #1685 from lift/diego_warnings

    fmpwizard authored
    Removed many warnings
  2. @fmpwizard

    Merge pull request #1674 from lift/locket-down

    fmpwizard authored
    Locket Down: Add support for Content-Security-Policy and Strict-Transport-Security
Commits on Feb 18, 2015
  1. @fmpwizard

    use contant for eof char

    fmpwizard authored
Commits on Feb 17, 2015
  1. @fmpwizard

    code review fixes

    fmpwizard authored
Commits on Feb 16, 2015
  1. @Shadowfiend

    Merge pull request #1678 from arkadius/futureExInMapFlatMap

    Shadowfiend authored
    Fix LAFuture.map/flatMap when an exception happens inside.
    
    Before the change `LAFuture.map`/`.flatMap` never satisfied the future in cases
    where the function threw an exception. After the change, returned future is satisfied
    by a `Failure`.
    
    This change also contains minor fix: `get(timeout)` was returning `Empty` instead of
    a `Failure` if the `LAFuture` was aborted.
    
    Also added extensions providing `toBox` conversions from `scala.Option` and from
    `scala.util.Try`.
  2. @Shadowfiend
  3. @Shadowfiend
Something went wrong with that request. Please try again.