• last updated 7 hours ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
New pages for admins: Security and Privacy Posture Overview

As expressed as a wish from OpenACS users at the last OpenACS

conference, a "Security and Privacy Posture Overview" was added that

offers a quick overview of the state of the system and eases access to

the parameters scattered over different packages in the system.

The page offers:

- Quick overview

- Check of security and privacy relevant package parameters

- Permission and accessibility check of mounted packages

- Response header check

- External library check (CDN vs local usage, vulnerable or outdated libraries)

TODO: One should probably reconsider the permissions of some of the standard site nodes

(similar to what we did with the API browser some time ago).

file posture-overview.adp was initially added on branch oacs-5-10.

    • -0
    • +0
    /openacs-4/packages/acs-admin/www/posture-overview.adp
file widely-accessible-packages.tcl was initially added on branch oacs-5-10.

file widely-accessible-packages.adp was initially added on branch oacs-5-10.

file posture-overview.tcl was initially added on branch oacs-5-10.

    • -0
    • +0
    /openacs-4/packages/acs-admin/www/posture-overview.tcl
reduce verbosity in the system log

    • -1
    • +12
    /openacs-4/packages/forums/tcl/forums-procs.tcl
spell "site-wide" consistently with a dash

  1. … 20 more files in changeset.
improved the site-wide admin pages for external ja libraries

- add a sample for pinning the version number via the NaviServer configuration file

- privide a link to the requirements and background page explaining the implemented policies

add action link icon just to the immediate child of an action list

factored out vulerability check to make it reusable

- New proc ::util::resources::check_vulnerability

- bumped verison number to 5.10.1b7

    • -2
    • +2
    /openacs-4/packages/acs-tcl/acs-tcl.info
fixed typo

removed obsolete file

remove leftovers of the acs-core-ui, which does not exist anymore since at least 20 years

Implement for TinyMCE a trivial plugin integrating with the new feature in the attachments package

The plugin simply opens a window to the attachments UI. It uses its generic message passing mechanism to receive the content and inject it in the page.

See https://openacs.org/forums/message-view?message_id=5820909

file oacsAttachments.js was initially added on branch oacs-5-10.

Implement for the attachment package a reusable UI meant to be integrated by richtext editors

The UI implements basic CRUD operations on an attachment stored under a generic acs_object. The UI expects to be opened by an iframe and to pass the rendered content to the opener page.

file richtext-procs.tcl was initially added on branch oacs-5-10.

    • -0
    • +0
    /openacs-4/packages/attachments/tcl/richtext-procs.tcl
file file-delete.tcl was initially added on branch oacs-5-10.

    • -0
    • +0
    /openacs-4/packages/attachments/www/richtext/file-delete.tcl
file file-browser.tcl was initially added on branch oacs-5-10.

    • -0
    • +0
    /openacs-4/packages/attachments/www/richtext/file-browser.tcl
file file-browser.adp was initially added on branch oacs-5-10.

    • -0
    • +0
    /openacs-4/packages/attachments/www/richtext/file-browser.adp
added titles for the action URLs to guide the user

Made in parameter-add/edit/delete operations update of info file optional

file release-notes-5-10-1.xml was initially added on branch oacs-5-10.

regenreated documentation (with non-finished release notes)

  1. … 132 more files in changeset.
fixed typoes in documentation

  1. … 9 more files in changeset.
Fix the page order swapping UI

- the page used to assume that tree_sortkey was not unique, but it is. Implement a silly swapping logic to overcome this

- introduce input validation

- rework db idioms

- fix indentation

Notice that the whole script relies on the tree_sortkey column on cr_items, which does not seem to exist on Oracle.

Provide client and server side validation

improved spelling

  1. … 15 more files in changeset.
improved spelling

Let site-wide admin pages of external js pages modify, create and delete package parameters

The real change escaped with the previous commit.