• last updated 12 hours ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
Remove non-functional "double click protection" in order to remove a potential attack vector

added page contract filter "printable" to avoid potential DB errors on certain binary values

    • -3
    • +3
    /openacs-4/packages/search/search.info
    • -4
    • +6
    /openacs-4/packages/search/www/search.tcl
added page contract filter "printable" to avoid passing of binary values to certain pages

    • -2
    • +2
    /openacs-4/packages/acs-tcl/acs-tcl.info
avoid site-map lookups from the DB when the connections is already closed. This avoids hard DB-errors when the URL contains invalid characters

fixed bug introduced 8 months ago

Fix test category, add tested api

Make sure that the form object is flushed whenever state might have changed

If code executed after the state change accesses the form object again, this could be that from a previous state and e.g. hold the wrong form definition. This happens in practice downstream, where the submitting of activities also involves accessing the form definition to e.g. compute the grade based on the questions. Downstream we also cache the formfield specs, so if a spec is dependent on the state, might be wrong in also for future requests.

    • -0
    • +5
    /openacs-4/packages/xowf/tcl/xowf-procs.tcl
improve robustness when called without connection

Fix typo, write a basic test for the involved api

provide a friendly error message

    • -7
    • +12
    /openacs-4/packages/xowiki/tcl/package-procs.tcl
allow at most 50K days, otherwise Tcl time scanner bails out

    • -2
    • +4
    /openacs-4/packages/xowiki/tcl/package-procs.tcl
strengthen regular expression for "days"; valid arguments are e.g. "20d" or "14days"

    • -2
    • +2
    /openacs-4/packages/xowiki/tcl/package-procs.tcl
Fix typo

revert incompatible change

    • -5
    • +4
    /openacs-4/packages/xowiki/tcl/package-procs.tcl
Sanitize bogus URLs such as "//" or e.g. dotlrn URL lookup would fail

Not clear if this should happen already at the ns_conn level or somewhere in the site_node api

avoid subst in export_vars by using xo::update_query

Accept only integers as value for the rss query parameter

    • -2
    • +3
    /openacs-4/packages/xowiki/tcl/package-procs.tcl
provide page-contract error instead of backtrace

    • -4
    • +3
    /openacs-4/packages/xowiki/tcl/package-procs.tcl
removed obsolete index.vuh file

    • -29
    • +0
    /openacs-4/packages/xooauth/www/index.vuh
removed automounting

    • -1
    • +0
    /openacs-4/packages/xooauth/xooauth.info
added KTI 1.1 properties

Cleanup leftover file

Remove attack surface

Check permissions when one accesses the script and also when one performs the actual unsubscribing operation

Harden safety: require login, do not let people outside the requester fiddle with the frequency

Make oacs-dav only a weak dependency for file-storage, if the package is not there, just treat it as if the parameter was disabled

Fix typo

Disable vuh, add remarks

    • -0
    • +5
    /openacs-4/packages/xooauth/www/index.vuh
added OAuth based LTI integration and launch buttons

For details, see https://openacs.org/xowiki/accessing-lti-services

    • -2
    • +2
    /openacs-4/packages/xooauth/xooauth.info
    • -0
    • +366
    /openacs-4/packages/xooauth/tcl/lti-procs.tcl
    • -22
    • +9
    /openacs-4/packages/xooauth/tcl/oauth-procs.tcl
file lti-procs.tcl was initially added on branch oacs-5-10.

    • -0
    • +0
    /openacs-4/packages/xooauth/tcl/lti-procs.tcl