• last updated 13 hours ago
Constraints: committers
Constraints: files
Constraints: dates
Fix syntax of new oneof value checker

  1. … 1 more file in changeset.
Validate nls_language so that the only values allowed are existing enabled locales

  1. … 1 more file in changeset.
move "-destroy_on_cleanup" towards the end of the parameter list

This change improves protection about ambiguous user input

  1. … 8 more files in changeset.
use wordchar instead of word

intensify validation of form variables

  1. … 1 more file in changeset.
Update api

Use signed value for form_parameter "__object_name"

Bumped version number to 5.10.1d40

  1. … 3 more files in changeset.
increased value checking for paramter that might be influenced by user input

  1. … 8 more files in changeset.
improved checking of parameter values, which might be influenced via query parameters

  1. … 6 more files in changeset.
reduce verbosity

Added support for passing parameter_name:value_constraint to xowiki::Package->get_parameter

- The get_parameter method can get values from query-parameters, therefore

we have to validate these.

- Use the new feature at several places (especially for boolean values)

- Still, more places should be checked

- bumped xowiki to 5.10.1d37

- bumped xotcl-core to 5.10.1d14

  1. … 10 more files in changeset.
query_parameter_return_url is defined on the package

improve spelling

  1. … 7 more files in changeset.
Validate field names when these might come directly from the POST request and therefore contain arbitrary text

Fix typo in comment

Use existing api to tell whether a formfield is disabled or not and to set/unset disabled on a field, handle the case of checkboxes and select fields, where the attribute should not be set whe it is false (e.g. disabled=0 == disabled)

This fixes upstream automated tests on xowiki and xowf

  1. … 1 more file in changeset.
Fixed serious bug killing at least short-text questions in inclass exam

The bug was introduced in [1], by testing for the existence of the

disabled attribute, and when it exists, it was omitting values

reading. The problem is that when form-fields are reset, the

"disabled" attribute is set to 0, leading the exists check to

succeed. In essence, This change sets now the default value of the

form-field to "0", such that it is safe to test it everywhere.

Originally, it was not set by default to save resources (memory and

processing power), but this requires a more careful analysis when

changes happen.

[1] https://fisheye.openacs.org/browse/OpenACS/openacs-4/packages/xowiki/tcl/xowiki-www-procs.tcl?r1=1.368.2.125&r2=1.368.2.126

  1. … 1 more file in changeset.
rename "iconified file" to "thumbnail file"

  1. … 3 more files in changeset.
Extended functionality of the DropZone widget

- added parameters "label", "disposition" and "file_name_prefix"

for better configurability

- added support for updating the current page with feedback of the

dropped files. This is used e.g. by the online exam in the exam

protocol to display incrementally thumbnails of feedback files.

- change property "uploader" to "disposition", since "uploader" is

somewhat ambiguous. "Disposition" defines, what happens after the

file was uploaded, e.g. whether the content has to be transformed,


- bumped version number to 5.10.1d35

  1. … 5 more files in changeset.
Generalized handling of local_return_url

I am not fully happy with the handlings of "return_url" in exam workflows.

Maybe this can be reworked in a way such that "local_return_url" is not

neccsessary in the future.

  1. … 1 more file in changeset.
Skip processing for all formfields that are defined as disabled:

the browser should not send us these data in the first place.

undo part of last change

unfortunatly, the 0.9.3 issue can't be fixed so simple as hoped. The "-html" flag is necessary for dealing with autoclosed entries.

  1. … 1 more file in changeset.
for orthogonaly, remove "-html" flag from dom parse to avoid a potential top-level <html> element

  1. … 4 more files in changeset.
Provide a fix for "dom parse -html ..." for adp tags.

"dom parse -html" has two problems with ADP tags like "<adp:icon ...>":

a) If the tag name contains a colon or underscore, the tag is

treated like plain text, i.e. "<" and ">" are converted into

HTML entities.

b) These tags have to be closed "<adp:icon ...>" is invalid.

Several existomg ADP tags have not closing tag.

Therefore, we resolve the ADP tags before parsing the text by

tdom. There should be some future framework support to do this in

general, but until we have this, resolve this problem here locally.

get rid of "xowiki::adp_parse_tags", since this is handled now already in acs-templating

  1. … 4 more files in changeset.
Do not force all validation errors to the end of a form.

Caveat: we might miss some validation errors in cases,

where render_item is not used.... but such cases rarely

exist. Provide an log message to identify such cases

that would require further changes. The advantage of

having potentially the message at the right place

is more important for the time being since this is

a usability issue for large forms.

perform adp-tag subsitution also in xowiki footer

fix misspelled name

reduce hard-coded icons

  1. … 2 more files in changeset.
apply parse_adp_tags on full rendered text in www-view