• last updated 10 hours ago
Constraints: committers
Constraints: files
Constraints: dates
Add new column 'public_avatar_p' to the 'user_preferences' table, in order to allow the user to decide wheter to make the avatar (profile picture) public to other users or not, with a conservative default, false. Add also a simple API to get/set that value and bump acs-kernel version number.

file avatar-procs.tcl was initially added on branch oacs-5-10.

    • -0
    • +0
file avatar-procs.xql was initially added on branch oacs-5-10.

    • -0
    • +0
regenerated adp files

Allow to filter members by relationship type

fix invalid HTML (closing INPUT tag is not allowed)

    • -1
    • +1
fix invalid markup

follow usual indentation

Force xowiki.css to be loaded sooner than css from the theme, so we have a chance to override its styling

whitespace changes

address issue #3384

Allow new 'publish_status' action button to be specified in form-usages includelet, similar to what we have in xowiki/www/admin/list

Introduce a new option for form-usages includelet which, similar to child resources, allows to specify bulk actions (currently, only 'export' is implemented)

report server tag name as well to get precise version info

Add '-delete' flag to 'ad_parameter_cache' in 'parameter::set_value', to delete the value from cache before setting, making the value coherent amongst threads (thanks Antonio for the fix).

make code more robust when exposed to hacking attacks

keep chain on session_ids in case the sessions change

comment out and/or drop references t money to address issue #3381

Default value for "sign" in export vars should be empty, and not "0"

- relax strict error handling on export_vars_sign for the time being

Fix regression in 'if_no_rows' idiom for db_foreach, document alternative syntax, create a test for db_foreach main functionalities

simplify and fix subst operation

distinguish between "install" and "upgrade" in heading and explanation text

- ad_set_cookie: add option "-samesite" and use it, when the server supports it (NaviServer 4.99.18)

- use "-samesite strict" per default on signed cookies

Background from NaviServer commit:

ns_setcookie: add flag "-samesite" with values "strict|lax|none"

When the flag is set it prevents the browser from

sending this cookie along with cross-site requests to mitigate cross site

scripting attacks. Permissible values are [term strict], [term lax],

or [term none] (default). While the value [term strict] prevents

sending the cookie to the target site in all cross-site browsing

context, the value of [term lax] allows sending the cookie when the

user clicks on regular links. For details, see


This cookie flag is not yet part of an RFC, but most major browsers

support it. Browsers that do not support it, ignore the flag

silently (see https://caniuse.com/#search=samesite).

Although most cookies should probably use the flags, in order to

provide backward compatibility, the flag can't be activated by

default on all cookies.

Bring files on oacs-5-10 in sync with HEAD

    • -13
    • +0
whitespace and spelling changes

category_tree::get_categories reform:

always return all root categories of given tree. Keep sorting by localized name, but use the en_US translation as a default when desired one is missing. Improve documentation.

Rollback of 'boolean' parameter datatype, as oracle does not see necessary to have 'boolean' datatypes, and they do not even provide with a proper alternative on what to use instead. Great. See: https://asktom.oracle.com/pls/asktom/f?p=100:11:0::::P11_QUESTION_ID:6263249199595#876972400346931526

Add 'boolean' parameter datatype and increase version number

file upgrade-5.10.0d12-5.10.0d13.sql was initially added on branch oacs-5-10.