OpenACS

Tools

Line History

Line Count Graph
Line Count Graph

Stats

Commits this week: 3
Total Committers: 145
Last Commit: 17 May
Commits this week: 3
Total Lines of Code (LoC): 6,873,112
Net change in LoC this week: 0

Commit Activity

Commits By Day In Week
52 week commits volume
Commits By Day In Week
Commits by day
Commits By Day In Week
Commits by hour
Commits By Hour In Day
Commit calendar
 

Most active committers (90 days)

loading
loading
  • last updated 14 hours ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
Wednesday 31 Jan
1:48 pm

antoniop

Extend test suite

when testing FormPage validation, make sure two distinct behaviors are respected:

1) Rejected values that were part of the request are kept into their original form fields so the user can rework them and resubmit

2) Other parts of the page, such as the page title, are NOT influenced by data that faild to validate

Rationale: displaying unvalidated information as part of the response can be interpreted as a page injection.

In current codebase, that the title was changed indicates, that rejected information made its way into the :title object member of the FormPage.

The potential consequences of the FormPage setting unvalidated information into its members depends on a number of factors such as formfield logics, callbacks and proper page quoting (to name a few).

Options
    • -1
    • +17
    /openacs-4/packages/xowiki/tcl/test/xowiki-test-procs.tcl
11:27 am

antoniop

Replace permission::require_write_permission with permission::require_permission across the calendar package

Rationale: permission::require_write_permission assumes the object creator to have write permission on the object. Instead, we should rely on permissions to be set correctly on the calendar. permission::require_write_permission also performs an additional query to retrieve the object creator.

It is unclear whether permission::require_write_permission makes sense at all as an api, but we leave this to a future post-release reform.

Options
    • -2
    • +2
    /openacs-4/packages/calendar/calendar.info
    • -6
    • +25
    /openacs-4/packages/calendar/www/cal-item-new.tcl
    • -3
    • +11
    /openacs-4/packages/calendar/www/cal-item-view.tcl
Tuesday 30 Jan
6:18 pm

gustafn

Reduced attack vectors for query and form variables while keeping semantics

- improve form_parameter and query variable validation

- revert partly change: it is intentional that in case of validation errors, the

instances variables of the in-memory object contain invalid data in order

to be able to show the use the invalid data in the form.

- prefer "string first" idiom over regular expression

Options
    • -54
    • +49
    /openacs-4/packages/xowiki/tcl/xowiki-www-procs.tcl
6:17 pm

gustafn

fix typo

Options
    • -2
    • +2
    /openacs-4/packages/xowiki/tcl/xowiki-form-procs.tcl
5:56 pm

antoniop

Move test from acs-kernel to acs-tcl, add remarks

Options
    • -19
    • +0
    /openacs-4/packages/acs-kernel/tcl/test/acs-kernel-procs.tcl
    • -0
    • +19
    /openacs-4/packages/acs-tcl/tcl/test/acs-tcl-test-procs.tcl
5:35 pm

antoniop

Fix typo

Options
    • -2
    • +1
    /openacs-4/packages/xowiki/tcl/xowiki-www-procs.tcl
4:57 pm

antoniop

Bring the logics to parse a datetime from lc_time_fmt into an own private utility lc_datetime_to_clock and reuse it also when we convert from one timezone to another

Options
    • -40
    • +47
    /openacs-4/packages/acs-lang/tcl/localization-procs.tcl
4:54 pm

antoniop

Test cornercase encountered in practice: a user claims a timezone different to that of the system and creates a calendar item in various formats

This test currently fails, because when we convert the time between the user and the system timezone, we are too strict and allow only the "long" timestamp format "%Y-%m-%d %H:%M:%S"

Options
    • -0
    • +70
    /openacs-4/packages/calendar/tcl/test/cal-item-procs.tcl
3:21 pm

antoniop

Allow also dates in the "short" time format, as they may be supplied to the api in such form e.g. by the calendar package

Fixes lang_test__lc_procs automated test

Options
    • -10
    • +18
    /openacs-4/packages/acs-lang/tcl/localization-procs.tcl
3:19 pm

antoniop

Extend test suite to check that also dates in the "short" time format are supported

This test will fail

Options
    • -0
    • +6
    /openacs-4/packages/acs-lang/tcl/test/acs-lang-localization-procs.tcl
2:41 pm

antoniop

Extend test cases

Options
    • -0
    • +3
    /openacs-4/packages/calendar/tcl/test/cal-item-procs.tcl
11:56 am

antoniop

Assume a cal_item is also an acs_object

Options
    • -2
    • +2
    /openacs-4/packages/calendar/tcl/cal-item-procs.xql
11:46 am

antoniop

Qualify source tables in query

Options
    • -4
    • +4
    /openacs-4/packages/calendar/tcl/cal-item-procs.xql
11:36 am

antoniop

Extend testing of data validation

Options
    • -0
    • +63
    /openacs-4/packages/calendar/tcl/test/cal-item-procs.tcl
11:28 am

gustafn

removed obsolete code

Options
    • -5
    • +1
    /openacs-4/packages/xowiki/tcl/includelet-procs.tcl
11:28 am

gustafn

update CDN source

The previous CDN site stopped working

Options
    • -2
    • +2
    /openacs-4/packages/xowiki/tcl/yui-init.tcl
11:15 am

gustafn

generalized handling of error pages in disconnected stage

Options
    • -12
    • +8
    /openacs-4/packages/xowiki/tcl/package-procs.tcl
10:35 am

antoniop

Cleanup leftover library: latest javascript assumes XMLHttpRequest is supported

Options
    • -3
    • +1
    /openacs-4/packages/xowiki/tcl/chat-procs.tcl
Monday 29 Jan
6:21 pm

antoniop

Reimplementation of the captcha

We drop the previous awkward implementations that would either not scale or require external dependencies. Instead, we adopt the approach in use at https://fossil-scm.org/, where a random string is converted to an ASCII art.

The ASCII art itself comes from the Fossil source code.

Options
    • -13
    • +10
    /openacs-4/packages/captcha/captcha.info
    • -202
    • +343
    /openacs-4/packages/captcha/tcl/captcha-procs.tcl
    • -6
    • +28
    /openacs-4/packages/captcha/tcl/test/captcha-procs.tcl
9:58 am

antoniop

Fix selector for the click all list callback

Options
    • -3
    • +3
    /openacs-4/packages/acs-subsite/www/resources/core.js
Friday 26 Jan
5:37 pm

antoniop

Chat reform

The goal of these changes is to reduce the "mode" specific javascript code in the chat implementation and reduce server-side guessing of browser capabilities.

- In the MessageRelay class from xotcl-core, we rework the javascript code sent to the connection when doing scripted streaming to make less assumptions about the functions defined in the parent scope

- In the chat code from xowiki, we move most of the logics to guess the mode into javascript, where we can test the actual capabilities of the browser without relying on the user agent

- The previously 4 javascript files dependant on the chat mode have been made into one

Options
    • -2
    • +2
    /openacs-4/packages/xotcl-core/xotcl-core.info
    • -2
    • +1
    /openacs-4/packages/xotcl-core/tcl/message-relay-procs.tcl
    • -3
    • +3
    /openacs-4/packages/xowiki/xowiki.info
    • -112
    • +17
    /openacs-4/packages/xowiki/tcl/chat-procs.tcl
    • -160
    • +0
    /openacs-4/packages/xowiki/www/resources/chat-common.js
    • -34
    • +286
    /openacs-4/packages/xowiki/www/resources/chat.js
    • -20
    • +0
    /openacs-4/packages/xowiki/www/resources/scripted-streaming-chat.js
    • -31
    • +0
    /openacs-4/packages/xowiki/www/resources/streaming-chat.js
2:14 pm

antoniop

When the mode is "streaming", use Server Sent Events instead of a "plain" endless request

This has the advantage of a clearer, less hacky api, which, for instance, does not require manual parsing of the partial response.

Options
    • -3
    • +3
    /openacs-4/packages/xotcl-core/xotcl-core.info
    • -7
    • +16
    /openacs-4/packages/xotcl-core/tcl/message-relay-procs.tcl
    • -3
    • +3
    /openacs-4/packages/xowiki/xowiki.info
    • -10
    • +9
    /openacs-4/packages/xowiki/tcl/chat-procs.tcl
    • -42
    • +16
    /openacs-4/packages/xowiki/www/resources/streaming-chat.js
11:30 am

antoniop

Cleanup leftover method: its logics were moved to the MessageRelay class

Options
    • -15
    • +1
    /openacs-4/packages/xowiki/tcl/chat-procs.tcl
Thursday 25 Jan
2:20 pm

antoniop

Prefer portable idiom

Options
    • -1
    • +1
    /openacs-4/packages/workflow/tcl/case-procs.xql
2:08 pm

antoniop

Replace deprecated idiom

Options
    • -2
    • +8
    /openacs-4/packages/bug-tracker/www/map-patch-to-bugs.tcl
2:06 pm

antoniop

Reduce divergency between Oracle and Postgres codebase

Options
    • -27
    • +0
    /openacs-4/packages/bug-tracker/www/map-patch-to-bugs-oracle.xql
    • -20
    • +0
    /openacs-4/packages/bug-tracker/www/map-patch-to-bugs-postgresql.xql
    • -2
    • +12
    /openacs-4/packages/bug-tracker/www/map-patch-to-bugs.tcl
1:50 pm

antoniop

Cleanup long deactivated code

Options
    • -1
    • +0
    /openacs-4/packages/acs-subsite/www/admin/site-map/index-postgresql.xql
    • -13
    • +1
    /openacs-4/packages/acs-subsite/www/admin/site-map/index.tcl
1:33 pm

antoniop

Fix typo

Options
    • -1
    • +1
    /openacs-4/packages/acs-subsite/www/resources/core.js
1:32 pm

antoniop

Improve documentation

Options
    • -0
    • +8
    /openacs-4/packages/acs-subsite/www/resources/core.js
1:28 pm

antoniop

Cleanuo commented code

Options
    • -9
    • +0
    /openacs-4/packages/acs-subsite/www/resources/core.js