Several changes:

 - Dbo benchmark, resolving warning: make i signed before putting - before it
 - Added missing include to FixedSqlConnectionPool.C
 - Issue #5773: make defensive copies of parameters
   Patch provided by Bruce Toll
 - WEnvironment: Added notes about lifetime of parameter map
 - OidcUserInfoEndpoint: skip unknown scopes
 - Don't name size parameter in Dbo tutorial to avoid warnings
 - Added Wt 3.3.8 release notes
 - Don't install release notes separately, they're already part of
   the reference documentation.
 - Issue #5780: komma -> comma in doc
 - Added public vs private linkage description to some target_link_libraries calls
 - Fixes to make TechEmpower benchmarks example build on Windows
 - Json: Added missing WT_API to ParseError

CMakeLists.txt

@@ -596,8 +596,6 @@ IF(INSTALL_DOCUMENTATION)
     ${CMAKE_INSTALL_PREFIX}/${DOCUMENTATION_DESTINATION}/examples)
   INSTALL(DIRECTORY ${PROJECT_SOURCE_DIR}/doc/tutorial DESTINATION
     ${CMAKE_INSTALL_PREFIX}/${DOCUMENTATION_DESTINATION})
-  INSTALL(FILES ${PROJECT_SOURCE_DIR}/ReleaseNotes.html DESTINATION
-    ${CMAKE_INSTALL_PREFIX}/${DOCUMENTATION_DESTINATION})
 ENDIF(INSTALL_DOCUMENTATION)
 
 IF(NOT EXISTS ${CONFIGDIR}/wt_config.xml)

ReleaseNotes.html

@@ -22,6 +22,77 @@ <h1>Wt Release notes</h1>
 the way you build Wt, the way you configure Wt or the Wt API and
 behaviour.
 
+<h2>Release 3.3.8 (July 2017)</h2>
+<p>
+  This release consists of bug fixes and some new features:
+</p>
+<dl>
+  <dt>
+    OpenID Connect support
+  </dt>
+  <dd>
+    As we've previously announced
+    <a href="https://www.webtoolkit.eu/wt/blog/2017/06/20/announcing_openid_connect_support_in_wt">on our blog</a>,
+    Wt now supports OpenID Connect. All you need to do to use any OpenID Connect based service is
+    configure a <a href="classWt_1_1Auth_1_1OidcService.html">Wt::Auth::OidcService</a>. You can also make your
+    own OpenID Connect identity provider. Check out the accompanying
+    <a href="https://github.com/emweb/wt/tree/master/examples/feature/oidc">OpenID Connect feature example</a>.
+  </dd>
+  <dt>
+    On Windows: font support based on DirectWrite
+  </dt>
+  <dd>
+  <p>Wt 3.3.7 already introduced the Direct2D backend for <a href="classWt_1_1WRasterImage.html">WRasterImage</a>.
+    Wt 3.3.8 further expands
+    on this by adding DirectWrite-based font support. This means that Wt 3.3.8 will be able to
+    select the appropriate fonts for every glyph, without requiring Pango. Pango was always
+    difficult to distribute on Windows, so we never included Pango in the binary distribution, relying on
+    very basic font support instead, replacing unknown characters by question marks. Now, you
+    can expect much better Unicode support with DirectWrite on Windows.</p>
+    <p>This means that the binary release of Wt on Windows is now built with Direct2D and DirectWrite.</p>
+  </dd>
+  <dt>
+    Wt::Dbo: added <a href="structWt_1_1Dbo_1_1sql__value__traits.html">sql_value_traits</a> for
+    <a href="classWt_1_1Json_1_1Object.html">Wt::Json::Object</a> and
+    <a href="classWt_1_1Json_1_1Array.html">Wt::Json::Array</a>.
+  </dt>
+  <dd>
+    <p>Quite often, the need arises to store some unindexed data with arbitrary structure in a database.
+       A common solution is to store JSON as a string. To facilitate this, we've included implementations
+       of <a href="structWt_1_1Dbo_1_1sql_value_traits.html">sql_value_traits</a> for
+       <a href="classWt_1_1Json_1_1Object.html">Wt::Json::Object</a> and
+       <a href="classWt_1_1Json_1_1Array.html">Wt::Json::Array</a> in
+       <tt>Wt/Dbo/WtSqlTraits</tt>. This allows you to store <tt>Wt::Json</tt> Objects and Arrays
+       just like you any other field.</p>
+    <p>Additionally, we've made the <tt>Wt::Json</tt> API a bit more friendly, by adding support
+    for initializer lists (when using C++11), and implicit constructors for
+    <a href="classWt_1_1Json_1_1Value.html">Wt::Json::Value</a>
+    from 
+    <a href="classWt_1_1Json_1_1Object.html">Wt::Json::Object</a> and
+    <a href="classWt_1_1Json_1_1Array.html">Wt::Json::Array</a>.</p>
+  </dd>
+  <dt>
+    Other small improvements:
+  </dt>
+  <dd>
+    <ul>
+      <li>Any <tt>boost::asio::io_service</tt> can now be used with <a href="classWt_1_1Http_1_1Client.html">Wt::Http::Client</a>,
+	  instead of just <a href="classWt_1_1WIOService.html">Wt::WIOService</a>.</li>
+      <li>Added support for <tt>PATCH</tt> requests in <a href="classWt_1_1WResource.html">WResource</a> and
+	<a href="classWt_1_1Http_1_1Client.html">Wt::Http::Client</a>,
+	next to <tt>GET</tt>, <tt>POST</tt>, <tt>PUT</tt>, and <tt>DELETE</tt>.
+      <li>wthttp connector: added support for forward secrecy with the <tt>--ssl-prefer-server-ciphers</tt> option.</li>
+      <li>Added the <tt>num-session-threads</tt> configuration parameter, to set the amount of threads per session when
+	  using dedicated process mode. By default, the main process and the session threads use the same amount of threads.</li>
+      <li>The <a href="https://github.com/emweb/wt/tree/master/examples/te-benchmark">te-benchmark</a>
+	  example was added, implementing the TechEmpower framework benchmarks.
+          This example also demonstrates how Wt can be used to write RESTful services. Improved, less verbose, support for
+          RESTful services is planned in a future release.</li>
+      <li>Added <a href="classWt_1_1Dbo_1_1FixedSqlConnectionPool.html#a955e2ce03d8d45e8738f6ff718614601">Wt::Dbo::FixedSqlConnectionPool::setTimeout()</a>, to set a timeout for obtaining a connection.</li>
+    </ul>
+  </dd>
+</dl>
+
 <h2>Release 3.3.7 (March 31, 2017)</h2>
 <p>
   This release fixes many bugs, but also introduces some new features:

examples/codeview/CMakeLists.txt

@@ -10,7 +10,7 @@ ELSE(NOT MULTI_THREADED_BUILD)
    CoderApplication.C CodeSession.C CoderWidget.C ObserverWidget.C
  )
 
- TARGET_LINK_LIBRARIES(codingview.wt ${BOOST_THREAD_LIB})
+ TARGET_LINK_LIBRARIES(codingview.wt ${BOOST_THREAD_LIB} ${CMAKE_THREAD_LIBS_INIT})
 
 INCLUDE_DIRECTORIES(${WT_SOURCE_DIR}/src)
 

examples/feature/dbo/tutorial6.C

@@ -52,7 +52,7 @@ namespace Wt {
 
     template <class Action>
     void field(Action& action, Coordinate& coordinate, const std::string& name,
-	       int size = -1)
+	       int /*size*/ = -1)
     {
       field(action, coordinate.x, name + "_x");
       field(action, coordinate.y, name + "_y");

examples/feature/dbo/tutorial8.C

@@ -58,7 +58,7 @@ namespace Wt {
 
     template <class Action>
     void field(Action& action, MembershipId& mid, const std::string& name,
-	       int size = -1)
+	       int /*size*/ = -1)
     {
       /*
        * Note: here we ignore name because MembershipId is used only

examples/feature/dbo/tutorial9/MembershipId.h

@@ -75,7 +75,7 @@ namespace Wt
 
     template <class Action>
     void field(Action& action, MembershipId& mid, const std::string& name,
-	       int size = -1)
+	       int /*size*/ = -1)
     {
       /*
        * Note: here we ignore name because MembershipId is used only

examples/feature/socketnotifier/CMakeLists.txt

@@ -15,6 +15,8 @@ ELSE(NOT MULTI_THREADED_BUILD)
     # instead of the following:
     #
     INCLUDE_DIRECTORIES(${WT_SOURCE_DIR}/src)
+
+    TARGET_LINK_LIBRARIES(socketnotifier.wt ${WT_SOCKET_LIBRARY})
   ENDIF (MINGW)
 
 ENDIF(NOT MULTI_THREADED_BUILD)

examples/simplechat/CMakeLists.txt

@@ -11,7 +11,7 @@ ELSE(NOT MULTI_THREADED_BUILD)
    SimpleChatServer.C
 )
 
- TARGET_LINK_LIBRARIES(simplechat.wt ${BOOST_THREAD_LIB})
+ TARGET_LINK_LIBRARIES(simplechat.wt ${BOOST_THREAD_LIB} ${CMAKE_THREAD_LIBS_INIT})
 
  #
  # If you have Wt installed somehwere, you should use the

examples/te-benchmark/benchmark.cpp

@@ -3,7 +3,6 @@
 #include <string>
 #include <vector>
 #include <algorithm>
-#include <mutex>
 
 #include <Wt/WServer>
 #include <Wt/WResource>
@@ -357,8 +356,10 @@ int main(int argc, char** argv) {
       std::cerr << "Shutdown (signal = " << sig << ")" << std::endl;
       server.stop();
 
+#ifndef WT_WIN32
       if (sig == SIGHUP)
         Wt::WServer::restart(argc, argv, environ);
+#endif // WT_WIN32
     }
   } catch (Wt::WServer::Exception& e) {
     std::cerr << e.what() << "\n";

src/CMakeLists.txt

@@ -463,7 +463,9 @@ ENDIF(WIN32)
 
 ADD_LIBRARY(wt ${libsources})
 TARGET_LINK_LIBRARIES(wt
+  PUBLIC
     ${BOOST_WT_LIBRARIES}
+  PRIVATE
     ${WT_SOCKET_LIBRARY}
     ${WT_MATH_LIBRARY}
     ${RT_LIBRARY}
@@ -498,7 +500,7 @@ ELSE(ENABLE_LIBWTTEST)
 ENDIF(ENABLE_LIBWTTEST)
 
 IF(HAVE_SSL)
-  TARGET_LINK_LIBRARIES(wt ${SSL_LIBRARIES})
+  TARGET_LINK_LIBRARIES(wt PRIVATE ${SSL_LIBRARIES})
   INCLUDE_DIRECTORIES(${SSL_INCLUDE_DIRS})
 ELSE(HAVE_SSL)
   MESSAGE("** Disabling crypto support (Auth::SHA1HashFunction, HTTPS support): requires OpenSSL.")
@@ -508,7 +510,7 @@ ELSE(HAVE_SSL)
 ENDIF(HAVE_SSL)
 
 IF(HAVE_HARU)
-  TARGET_LINK_LIBRARIES(wt ${HARU_LIBRARIES})
+  TARGET_LINK_LIBRARIES(wt PUBLIC ${HARU_LIBRARIES})
   INCLUDE_DIRECTORIES(${HARU_INCLUDE_DIRS})
 ELSE(HAVE_HARU)
   MESSAGE("** Disabling PDF support (WPdfImage, WPdfRenderer): requires libharu.")
@@ -518,25 +520,25 @@ ELSE(HAVE_HARU)
 ENDIF(HAVE_HARU)
 
 IF("${WT_WRASTERIMAGE_IMPLEMENTATION}" STREQUAL "GraphicsMagick")
-  TARGET_LINK_LIBRARIES(wt ${GM_LIBRARIES})
+  TARGET_LINK_LIBRARIES(wt PRIVATE ${GM_LIBRARIES})
   INCLUDE_DIRECTORIES(${GM_INCLUDE_DIRS})
   ADD_DEFINITIONS(-DHAVE_GRAPHICSMAGICK)
 ELSEIF("${WT_WRASTERIMAGE_IMPLEMENTATION}" STREQUAL "skia")
-  TARGET_LINK_LIBRARIES(wt ${SKIA_LIBRARIES})
+  TARGET_LINK_LIBRARIES(wt PRIVATE ${SKIA_LIBRARIES})
   INCLUDE_DIRECTORIES(${SKIA_INCLUDE_DIRS})
   ADD_DEFINITIONS(${SKIA_DEFINES})
 ELSEIF("${WT_WRASTERIMAGE_IMPLEMENTATION}" STREQUAL "Direct2D")
-  TARGET_LINK_LIBRARIES(wt D2d1 Dwrite Windowscodecs Shlwapi)
+  TARGET_LINK_LIBRARIES(wt PRIVATE D2d1 Dwrite Windowscodecs Shlwapi)
 ELSE("${WT_WRASTERIMAGE_IMPLEMENTATION}" STREQUAL "GraphicsMagick")
   MESSAGE("** Disabling raster image support (WRasterImage): set WT_WRASTERIMAGE_IMPLEMENTATION to GraphicsMagick or skia.")
 ENDIF("${WT_WRASTERIMAGE_IMPLEMENTATION}" STREQUAL "GraphicsMagick")
 
 IF(HAVE_GL)
   INCLUDE_DIRECTORIES(${GL_INCLUDE_DIRS})
   IF(USE_SYSTEM_GLEW)
-    TARGET_LINK_LIBRARIES(wt GLEW)
+    TARGET_LINK_LIBRARIES(wt PRIVATE GLEW)
   ENDIF(USE_SYSTEM_GLEW)
-  TARGET_LINK_LIBRARIES(wt ${GL_LIBRARIES})
+  TARGET_LINK_LIBRARIES(wt PRIVATE ${GL_LIBRARIES})
 ELSE(HAVE_GL)
   MESSAGE("** Disabling server-side opengl rendering for WGLWidget: requires gl, glew and WRasterImage (GraphicsMagick or skia).")
 ENDIF(HAVE_GL)
@@ -548,18 +550,18 @@ IF(WT_FONTSUPPORT_SIMPLE)
     MESSAGE("   Wt will use pkg-config to retrieve your libpango installation location.")
   ENDIF(ENABLE_PANGO)
 ELSEIF(WT_FONTSUPPORT_PANGO)
-  TARGET_LINK_LIBRARIES(wt ${PANGO_FT2_LIBRARIES})
+  TARGET_LINK_LIBRARIES(wt PRIVATE ${PANGO_FT2_LIBRARIES})
   INCLUDE_DIRECTORIES(${PANGO_FT2_INCLUDE_DIRS})
   ADD_DEFINITIONS(-DWT_FONTSUPPORT_PANGO)
   MESSAGE("** Enabling advanced font support using libpango")
 ELSEIF(WT_FONTSUPPORT_DIRECTWRITE)
-  TARGET_LINK_LIBRARIES(wt Dwrite)
+  TARGET_LINK_LIBRARIES(wt PRIVATE Dwrite)
   ADD_DEFINITIONS(-DWT_FONTSUPPORT_DIRECTWRITE)
   MESSAGE("** Enabling advanced font support using DirectWrite")
 ENDIF(WT_FONTSUPPORT_SIMPLE)
 
 IF(MULTI_THREADED_BUILD)
-  TARGET_LINK_LIBRARIES(wt ${CMAKE_THREAD_LIBS_INIT})
+  TARGET_LINK_LIBRARIES(wt PRIVATE ${CMAKE_THREAD_LIBS_INIT})
 ENDIF(MULTI_THREADED_BUILD)
 
 INSTALL(TARGETS wt
@@ -583,7 +585,7 @@ PROPERTIES
 
 IF(MSVC)
   SET_TARGET_PROPERTIES(wt PROPERTIES COMPILE_FLAGS "${BUILD_PARALLEL} /wd4251 /wd4275 /wd4355 /wd4800 /wd4996 /wd4101 /wd4267")
-  TARGET_LINK_LIBRARIES(wt winmm)
+  TARGET_LINK_LIBRARIES(wt PRIVATE winmm)
 ENDIF(MSVC)
 
 SUBDIRS(isapi fcgi http)

src/Wt/Auth/OAuthAuthorizationEndpointProcess

@@ -131,9 +131,9 @@ protected:
 private:
   void sendResponse(const std::string& param);
   int authCodeExpSecs_;
-  const std::string *redirectUri_;
-  const std::string *state_;
-  const std::string *scope_;
+  std::string redirectUri_;
+  std::string state_;
+  std::string scope_;
   OAuthClient client_;
   bool validRequest_;
   Login& login_;

src/Wt/Auth/OAuthAuthorizationEndpointProcess.C

@@ -37,11 +37,13 @@ OAuthAuthorizationEndpointProcess::OAuthAuthorizationEndpointProcess(
 void OAuthAuthorizationEndpointProcess::processEnvironment()
 {
   const WEnvironment& env = WApplication::instance()->environment();
-  redirectUri_ = env.getParameter("redirect_uri");
-  if (!redirectUri_) {
+  const std::string *redirectUri = env.getParameter("redirect_uri");
+  if (!redirectUri) {
     LOG_ERROR("The client application did not pass a redirection URI.");
     return;
   }
+  redirectUri_ = *redirectUri;
+
   const std::string *clientId = env.getParameter("client_id");
   if (!clientId) {
     LOG_ERROR("Missing client_id parameter.");
@@ -53,23 +55,27 @@ void OAuthAuthorizationEndpointProcess::processEnvironment()
     return;
   }
   std::set<std::string> redirectUris = client_.redirectUris();
-  if (redirectUris.find(*redirectUri_) == redirectUris.end()) {
+  if (redirectUris.find(redirectUri_) == redirectUris.end()) {
     LOG_ERROR("The client application passed an unregistered redirection URI.");
     return;
   }
-  scope_ = env.getParameter("scope");
+  const std::string *scope = env.getParameter("scope");
   const std::string *responseType = env.getParameter("response_type");
-  state_ = env.getParameter("state");
-  if (!scope_ || !responseType || *responseType != "code") {
+  const std::string *state  = env.getParameter("state");
+  if (!scope || !responseType || *responseType != "code") {
     sendResponse("error=invalid_request");
     return;
   }
   validRequest_ = true;
+  scope_ = *scope;
+
+  if (state)
+    state_ = *state;
 
   login_.changed().connect(this, &OAuthAuthorizationEndpointProcess::authEvent);
   const std::string *prompt = WApplication::instance()->environment().getParameter("prompt");
   if (login_.loggedIn()) {
-    authorized_.emit(*scope_);
+    authorized_.emit(scope_);
     return;
   } else if (prompt && *prompt == "none") {
     sendResponse("error=login_required");
@@ -83,7 +89,7 @@ void OAuthAuthorizationEndpointProcess::authorizeScope(const std::string& scope)
     std::string authCodeValue = WRandom::generateId();
     WDateTime expirationTime = WDateTime::currentDateTime().addSecs(authCodeExpSecs_);
     db_->idpTokenAdd(authCodeValue, expirationTime, "authorization_code", scope,
-        *redirectUri_, login_.user(), client_);
+        redirectUri_, login_.user(), client_);
     sendResponse("code=" + authCodeValue);
   } else {
     throw WException("Wt::Auth::OAuthAuthorizationEndpointProcess::authorizeScope: request isn't valid");
@@ -93,19 +99,19 @@ void OAuthAuthorizationEndpointProcess::authorizeScope(const std::string& scope)
 void OAuthAuthorizationEndpointProcess::authEvent()
 {
   if (login_.loggedIn()) {
-    authorized_.emit(*scope_);
+    authorized_.emit(scope_);
   } else {
     sendResponse("error=login_required");
   }
 }
 
 void OAuthAuthorizationEndpointProcess::sendResponse(const std::string& param)
 {
-  std::string redirectParam = redirectUri_->find("?") != std::string::npos ? "&" : "?";
+  std::string redirectParam = redirectUri_.find("?") != std::string::npos ? "&" : "?";
   redirectParam += param;
-  if (state_)
-    redirectParam += "&state=" + Utils::urlEncode(*state_);
-  WApplication::instance()->redirect(*redirectUri_ + redirectParam);
+  if (!state_.empty())
+    redirectParam += "&state=" + Utils::urlEncode(state_);
+  WApplication::instance()->redirect(redirectUri_ + redirectParam);
 }
 
 void OAuthAuthorizationEndpointProcess::setAuthCodeExpSecs(int seconds)

src/Wt/Auth/OidcUserInfoEndpoint.C

@@ -75,7 +75,12 @@ Json::Object OidcUserInfoEndpoint::generateUserInfo(const User& user, const std:
   root["sub"] = Json::Value(user.id());
   std::set<std::string> claims;
   for (std::set<std::string>::iterator s = scope.begin(); s != scope.end(); ++s) {
-    const std::set<std::string>& c = claimMap_.find(*s)->second;
+    std::map<std::string,std::set<std::string> >::const_iterator it
+      = claimMap_.find(*s);
+    if (it == claimMap_.end())
+      continue;
+
+    const std::set<std::string>& c = it->second;
     for (std::set<std::string>::iterator s2 = c.begin(); s2 != c.end(); ++s2)
       claims.insert(*s2);
   }

src/Wt/Dbo/FixedSqlConnectionPool.C

@@ -14,6 +14,8 @@
 #else
 #endif // WT_THREADED
 
+#include <iostream>
+
 namespace Wt {
   namespace Dbo {