• last updated 3 hours ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
Support specification of allowed tags/attributes/protocols via global package parameters.

This change makes it possible to define for a package values for

AllowedTags, AllowedAttributes, or AllowedProtocols. If (some of)

these exist, use these for configuring "ad_html_security_check". If +

not, fall back to the default (site wide) definition.

This change is fully backward compatible and effects on sites defining

such global parameters. This change was induced by the need of large

sites, where it is not feasible to set these parameters on the package

instance level, since this site has 830000 packages instances.

Bump version number to 5.10.1d19

  1. … 1 more file in changeset.
improve error message

fix typo

Actually not enforce options validation on disabled formfields

Don't enforce options validation on disabled fields, demonstrate that this won't allow to insert invalid values in the field

Fix the test, which was not actually reproducing the issue

in order to do so, I had to fix the behavior of acs::test::xpath::get_form_values: we should in fact NOT extract the value of disabled formfield, as a real browser will not send them in the POST request.

  1. … 1 more file in changeset.
Expose behavior:

extend date formfield test to include also a date in a specific format from downstream, set to disabled. Set the day of the month as a number < 10. Show that in this case the validation will complain about an invalid value. This because the field is represented as " 1" rather than the expected "1"

Added the option to parameterize www-delete and www-toggle-publish-status with return_url

In cases, these www* methods are called programmatically, these can be

now parameterized with an "-return_url" parameter to achieve

e.g. workflow-specific behavior.

Many thanks to Thomas Renner for the analysis on

www-toggle-publish-status.

Version number bumped to 5.10.1d18

Modernize code

- use dict instead of Tcl array

- prefer char operations instead of match operations

Fixes for Oracle 19c: boolean and timestamp handling

- a clause "true" is invalid in Oracle SQL (using "1=1" is fine).

- function "now()" does not exist, use "CURRENT_TIMESTAMP" instead

- addressing all attributes in a join via "*" is not allowed, when other

attributes are used as well. Using e.g., "bt.*" is OK.

added file content checker for zip, gzip and dump imports

The reorder_box must always be treated as a multiple field

Explicitly set the :plugin <variable>

Support the extraPlugins attribute the same as the CKEditor4 richtext formfield, as some places in xowiki assume it

Fixes for Oracle 19c: added missing Oracle support

Beautify display of CSS tree renderer for deeper trees

- allow one to specify general UL class via "toc" includelet (was only CSS class for top-level UL)

- support passing general class for UL for tree renderer (was only CSS class for top-level UL)

- passing properties also via "add_page" to TreeNode instances

Update italian localization

  1. … 2 more files in changeset.

Reduce dependencies on YUI 2

- Added native CSS classes for Tree renderer

(named "xowiki-tree" to avoid name clashes).

- Made TreeRenderer more configurable, by providing css class names etc.

- toc includelet: replaced default (when no style is provided)

from yuitree to list + xowiki-tree.

The old behavior can be achieved by {{toc -style yuitree}}

Note that not all features of the YUI tree might be available

- The CSS variant with xowiki-tree can also be used for the folder-tree,

but so far, the bootstrap3 renderer is more nice.

Modernize api

Improve test robustness:

the folder in the test is required, so it might be the case that its state was already tampered with. Change the test to first make sure the state from db and object are consistent, whatever they are, then perform some set/fetch/check tests on 3 arbitrary states

    • -13
    • +15
    ./tcl/test/xowiki-test-procs.tcl
extended regression test

    • -10
    • +117
    ./tcl/test/xowiki-test-procs.tcl
improve spelling

make API call a public one

issue error for unexpected value

added missing space

date formfield does not need special conversion when converting to external, its value is already converted when rendered

prefer YUI 2.9.0 when available

Upgrade to jQuery UI 1.13.1

    • -2
    • +2
    ./www/resources/jquery/jquery-ui.min.js
Updated inferface for Page->create_form_page_instance

Since "create_form_page_instance" creates always a form

page, we can also pass the state at creation to it

(like other essential parameters). The default value

is "initial" (the default state in workflows).

Bumped version number to 5.10.1d15

updated list of tested functions

    • -6
    • +6
    ./tcl/test/xowiki-admin-tests-procs.tcl