OpenACS

Tools

Line History

Line Count Graph
Line Count Graph

Stats

Commits this week: 21
Total Committers: 146
Last Commit: 10:23
Commits this week: 21
Total Lines of Code (LoC): 7,560,944
Net change in LoC this week: 123

Commit Activity

Commits By Day In Week
52 week commits volume
Commits By Day In Week
Commits by day
Commits By Day In Week
Commits by hour
Commits By Hour In Day
Commit calendar
 

Most active committers (90 days)

loading
loading
  • last updated 1 hour ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
Sunday 11 Sep 2016
1:48 am

gustafn

- turn onclick handler into event listener and a body script (for strict CSPs)

Options
    • -7
    • +15
    /openacs-4/packages/xowiki/tcl/includelet-procs.tcl
Saturday 10 Sep 2016
8:18 pm

gustafn

- fix css statements

Options
    • -1
    • +1
    /openacs-4/packages/xowiki/resources/templates/oacs-view.adp
    • -1
    • +1
    /openacs-4/packages/xowiki/resources/templates/oacs-view2.adp
    • -3
    • +3
    /openacs-4/packages/xowiki/resources/templates/oacs-view3-bootstrap3.adp
    • -1
    • +1
    /openacs-4/packages/xowiki/resources/templates/oacs-view3.adp
    • -1
    • +1
    /openacs-4/packages/xowiki/resources/templates/view-book-no-ajax.adp
    • -1
    • +1
    /openacs-4/packages/xowiki/resources/templates/view-book.adp
    • -1
    • +1
    /openacs-4/packages/xowiki/resources/templates/view-default.adp
    • -1
    • +1
    /openacs-4/packages/xowiki/resources/templates/view-links.adp
    • -1
    • +1
    /openacs-4/packages/xowiki/resources/templates/view-plain.adp
1:53 pm

gustafn

- add preventDefault() to all event handlers listening to click events

Options
    • -3
    • +5
    /openacs-4/packages/acs-admin/www/apm/packages-install.tcl
    • -2
    • +4
    /openacs-4/packages/acs-developer-support/lib/toolbar.tcl
    • -3
    • +5
    /openacs-4/packages/dotlrn/www/admin/term-new.tcl
1:29 pm

gustafn

- prevent jumping in event listeners

- added sample template oacs-view3-bootstrap3.adp as used on openacs.org

- updated sample templates

Options
    • -2
    • +3
    /openacs-4/packages/xowiki/resources/templates/oacs-view.adp
    • -2
    • +3
    /openacs-4/packages/xowiki/resources/templates/oacs-view2.adp
    • -0
    • +104
    /openacs-4/packages/xowiki/resources/templates/oacs-view3-bootstrap3.adp
    • -2
    • +3
    /openacs-4/packages/xowiki/resources/templates/oacs-view3.adp
    • -1
    • +1
    /openacs-4/packages/xowiki/resources/templates/view-book-no-ajax.adp
    • -1
    • +1
    /openacs-4/packages/xowiki/resources/templates/view-book.adp
    • -2
    • +3
    /openacs-4/packages/xowiki/resources/templates/view-default.adp
    • -2
    • +3
    /openacs-4/packages/xowiki/resources/templates/view-links.adp
    • -1
    • +1
    /openacs-4/packages/xowiki/resources/templates/view-plain.adp
    • -2
    • +85
    /openacs-4/packages/xowiki/tcl/adp-generator-procs.tcl
    • -5
    • +7
    /openacs-4/packages/xowiki/tcl/includelet-procs.tcl
1:29 pm

gustafn

file oacs-view3-bootstrap3.adp was initially added on branch oacs-5-9.

Options
    • -0
    • +0
    /openacs-4/packages/xowiki/resources/templates/oacs-view3-bootstrap3.adp
12:13 pm

gustafn

- add CSP directives

Options
    • -2
    • +2
    /openacs-4/packages/openacs-bootstrap3-theme/openacs-bootstrap3-theme.info
    • -0
    • +5
    /openacs-4/packages/openacs-bootstrap3-theme/resources/masters/plain-master.tcl
12:11 pm

gustafn

- use addEventListener instead of onclick markup for wiki-search,

edit-tags and popular-tags

- fix popular tags link

- regenerated template files

- added scp directives for yui

- bump version number to 5.9.1d12

Options
    • -3
    • +3
    /openacs-4/packages/xowiki/xowiki.info
    • -1
    • +1
    /openacs-4/packages/xowiki/lib/view.tcl
    • -3
    • +13
    /openacs-4/packages/xowiki/resources/templates/oacs-view.adp
    • -3
    • +13
    /openacs-4/packages/xowiki/resources/templates/oacs-view2.adp
    • -3
    • +13
    /openacs-4/packages/xowiki/resources/templates/oacs-view3.adp
    • -1
    • +1
    /openacs-4/packages/xowiki/resources/templates/view-book-no-ajax.adp
    • -1
    • +1
    /openacs-4/packages/xowiki/resources/templates/view-book.adp
    • -3
    • +13
    /openacs-4/packages/xowiki/resources/templates/view-default.adp
    • -3
    • +13
    /openacs-4/packages/xowiki/resources/templates/view-links.adp
    • -1
    • +1
    /openacs-4/packages/xowiki/resources/templates/view-plain.adp
    • -3
    • +13
    /openacs-4/packages/xowiki/tcl/adp-generator-procs.tcl
    • -8
    • +26
    /openacs-4/packages/xowiki/tcl/includelet-procs.tcl
    • -4
    • +6
    /openacs-4/packages/xowiki/tcl/xowiki-www-procs.tcl
12:05 pm

gustafn

- use always template::head procs

- bump version number to 0.150

Options
    • -3
    • +3
    /openacs-4/packages/xotcl-core/xotcl-core.info
    • -58
    • +23
    /openacs-4/packages/xotcl-core/tcl/30-widget-procs.tcl
Friday 09 Sep 2016
10:32 am

gustafn

- add required CSP directives; turn "body_handler -event onload" into a body_script

Options
    • -5
    • +11
    /openacs-4/packages/richtext-xinha/tcl/richtext-procs.tcl
10:27 am

gustafn

- add CSP directive "img-src 'self'" per default

Options
    • -1
    • +2
    /openacs-4/packages/acs-tcl/tcl/security-procs.tcl
10:21 am

gustafn

- CSP-reform: turn hrefs with javascript: URLs into body_scripts with eventListener for "click"

Options
    • -14
    • +15
    /openacs-4/packages/acs-admin/www/apm/packages-install.tcl
    • -1
    • +1
    /openacs-4/packages/acs-developer-support/lib/toolbar.adp
    • -2
    • +16
    /openacs-4/packages/acs-developer-support/lib/toolbar.tcl
10:19 am

gustafn

- reduce verbosity

Options
    • -3
    • +1
    /openacs-4/packages/acs-developer-support/www/index.tcl
10:18 am

gustafn

- CSP-reform: turn onclick handler into body_script with eventListener

Options
    • -3
    • +12
    /openacs-4/packages/dotlrn/www/admin/term-new.tcl
10:14 am

gustafn

- composition-rel reform: add one more type-cast

Options
    • -2
    • +2
    /openacs-4/packages/dotlrn/sql/postgresql/students-init.sql
10:12 am

gustafn

- add CSP nonce to script tags if nonce value is available

- turn function definition of acs_Focus() into a conditionally defined

body-script

- turn "body_event_handlers" into "window.addEventListener"

Options
    • -2
    • +2
    /openacs-4/packages/acs-bootstrap-installer/installer/www/blank-master.adp
    • -20
    • +23
    /openacs-4/packages/acs-bootstrap-installer/installer/www/blank-master.tcl
    • -2
    • +18
    /openacs-4/packages/acs-templating/tcl/head-procs.tcl
    • -2
    • +2
    /openacs-4/www/blank-master.adp
    • -20
    • +23
    /openacs-4/www/blank-master.tcl
9:56 am

gustafn

- Improved compatiblity with PostgreSQL before 9.2:

don't use SQL-language function names to reference parameters to

obtain compatibility for earlier PostgreSQL versions

(see https://www.postgresql.org/docs/9.2/static/release-9-2.html

item E.19.3.9.3)

Options
    • -2
    • +2
    /openacs-4/packages/acs-kernel/sql/postgresql/acs-permissions-create.sql
    • -1
    • +1
    /openacs-4/packages/acs-kernel/sql/postgresql/upgrade/upgrade-5.9.1d10-5.9.1d11.sql
9:32 am

gustafn

- fix upgrade script for PostgreSQL before 9.2: the old version checked

already the version number, but actually the SQL compilation failed

due to the unknown "IF EXISTS" for sequences.

Options
    • -18
    • +8
    /openacs-4/packages/acs-kernel/sql/postgresql/upgrade/upgrade-5.9.1d3-5.9.1d4.sql
Thursday 08 Sep 2016
11:45 am

gustafn

- add required CSP directives

- update dependences on acs-tcl for CSP

- upgrade CKEditor version to 4.5.11

- bump version number to 5.9.1d11

Options
    • -4
    • +4
    /openacs-4/packages/xowiki/xowiki.info
    • -1
    • +4
    /openacs-4/packages/xowiki/tcl/bootstrap-procs.tcl
    • -4
    • +22
    /openacs-4/packages/xowiki/tcl/form-field-procs.tcl
Wednesday 07 Sep 2016
2:08 pm

gustafn

- add required CSP directives

- update dependences for CSP

- upgrade CKEditor version to 4.5.10

- bump version number to 0.6

Options
    • -3
    • +4
    /openacs-4/packages/richtext-ckeditor4/richtext-ckeditor4.info
    • -2
    • +11
    /openacs-4/packages/richtext-ckeditor4/tcl/richtext-procs.tcl
11:25 am

gustafn

- turn hardcoded inline script into a template::add_body_script to use CSP nonces

- bump version number to 1.3d15

Options
    • -2
    • +2
    /openacs-4/packages/forums/forums.info
    • -1
    • +0
    /openacs-4/packages/forums/lib/message/thread-chunk.adp
    • -7
    • +5
    /openacs-4/packages/forums/lib/message/thread-chunk.tcl
11:17 am

gustafn

- use functions rather than strings in js setTimeout() for CSP

Options
    • -2
    • +2
    /openacs-4/packages/acs-subsite/www/resources/core.js
Tuesday 06 Sep 2016
7:45 pm

gustafn

- use template::add_body_script to get csp nonces generated

- bump version to 0.47

Options
    • -2
    • +2
    /openacs-4/packages/xotcl-request-monitor/xotcl-request-monitor.info
    • -8
    • +0
    /openacs-4/packages/xotcl-request-monitor/www/index.adp
    • -6
    • +8
    /openacs-4/packages/xotcl-request-monitor/www/index.tcl
7:33 pm

gustafn

- Added support for W3C Content Security Policy(CSP)

* For details about CSP, see https://www.w3.org/TR/CSP/

* New calls:

security::csp::nonce:

Generate a CSP nonce token token

security::csp::require /directive/ /value/:

Add a requirements of a page to the CSP in order to generate

later a tailored policy with the minimal permissions for

this page. For example, the following requirement is

currently added per default to the oacs-master template to

permit style tags and style attribites in the markup.

security::csp::require style-src 'unsafe-inline'

security::csp::render:

Generate a policy from the requirements

* Added Kernel Parameter CSPEnabledP to activate/desctivate CSP

(default on)

- Bump version numbers

acs-tcl to 5.9.1d11

acs-bootstrap-installer to 5.9.1d4

acs-kernel to 5.9.1d17

Options
    • -2
    • +2
    /openacs-4/packages/acs-bootstrap-installer/acs-bootstrap-installer.info
    • -3
    • +3
    /openacs-4/packages/acs-bootstrap-installer/installer/www/blank-master.adp
    • -6
    • +20
    /openacs-4/packages/acs-bootstrap-installer/installer/www/blank-master.tcl
    • -4
    • +4
    /openacs-4/packages/acs-kernel/acs-kernel.info
    • -2
    • +2
    /openacs-4/packages/acs-tcl/acs-tcl.info
    • -33
    • +124
    /openacs-4/packages/acs-tcl/tcl/security-procs.tcl
    • -3
    • +3
    /openacs-4/www/blank-master.adp
    • -5
    • +19
    /openacs-4/www/blank-master.tcl
10:14 am

gustafn

- new function ::security::nonce_token to generate a nonce token as described in W3C Content Security Policy

Options
    • -5
    • +51
    /openacs-4/packages/acs-tcl/tcl/security-procs.tcl
10:07 am

gustafn

- use "filter_return" in cases, where we can map the .adp file and improve documentation

Options
    • -6
    • +10
    /openacs-4/packages/acs-core-docs/tcl/acs-core-docs-procs.tcl
Monday 05 Sep 2016
1:34 pm

gustafn

- add support for W3C Subresource Integrity (SRI)

* For details about SRI, see https://www.w3.org/TR/SRI/

* Added arguments -crossorigin and -integrity

to the following functions

template::add_body_script

template::add_script

template::head::add_javascript

template::head::add_link

template::head::add_script

* Updated blank-master.adp

- some more cleanup:

* remove commented out code

* add missing argument documentation

(template::head::add_javascript)

* document arguments alphabetically

Options
    • -2
    • +2
    /openacs-4/packages/acs-bootstrap-installer/acs-bootstrap-installer.info
    • -3
    • +3
    /openacs-4/packages/acs-bootstrap-installer/installer/www/blank-master.adp
    • -82
    • +102
    /openacs-4/packages/acs-templating/tcl/head-procs.tcl
    • -3
    • +3
    /openacs-4/www/blank-master.adp
1:32 pm

gustafn

- bring version in www (in cvs) in sync with version from packages/acs-bootstrap-installer/installer/www/

Options
    • -98
    • +22
    /openacs-4/www/blank-master.tcl
1:22 pm

gustafn

- provide a better error message in case the request processor fails early

Options
    • -6
    • +11
    /openacs-4/packages/acs-templating/tcl/query-procs.tcl
10:53 am

gustafn

- Implements "Upgrade Insecure Requests" headers:

W3C Candidate Recommendation

https://www.w3.org/TR/upgrade-insecure-requests/

Options
    • -1
    • +9
    /openacs-4/packages/acs-tcl/tcl/request-processor-procs.tcl
10:32 am

gustafn

- security::redirect_to_secure: add flag "-script_abort" to make it

usable in filter procs (ad_script_abort triggers errors without

error message)

- security::get_secure_location:

* align implementation to function documentation (to make it usable

for sub-sites). Last version returned always the "configured

secure" location, not the "current secure location"

* replace regexps by util::split_location/util::join_location/

Options
    • -22
    • +16
    /openacs-4/packages/acs-tcl/tcl/security-procs.tcl