Activity OpenACS/

7:33 pm

gustafn

- Added support for W3C Content Security Policy(CSP)

* For details about CSP, see https://www.w3.org/TR/CSP/

* New calls:

security::csp::nonce:

Generate a CSP nonce token token

security::csp::require /directive/ /value/:

Add a requirements of a page to the CSP in order to generate

later a tailored policy with the minimal permissions for

this page. For example, the following requirement is

currently added per default to the oacs-master template to

permit style tags and style attribites in the markup.

security::csp::require style-src 'unsafe-inline'

security::csp::render:

Generate a policy from the requirements

* Added Kernel Parameter CSPEnabledP to activate/desctivate CSP

(default on)

- Bump version numbers

acs-tcl to 5.9.1d11

acs-bootstrap-installer to 5.9.1d4

acs-kernel to 5.9.1d17

- -2
- +2
/openacs-4/packages/acs-bootstrap-installer/acs-bootstrap-installer.info
- History
- Source
- Diff
/openacs-4/.../acs-bootstrap-installer.info
- -3
- +3
/openacs-4/packages/acs-bootstrap-installer/installer/www/blank-master.adp
- History
- Source
- Diff
/openacs-4/packages/.../www/blank-master.adp
- -6
- +20
/openacs-4/packages/acs-bootstrap-installer/installer/www/blank-master.tcl
- History
- Source
- Diff
/openacs-4/packages/.../www/blank-master.tcl
- -4
- +4
/openacs-4/packages/acs-kernel/acs-kernel.info
- History
- Source
- Diff
/openacs-4/packages/.../acs-kernel.info
- -2
- +2
/openacs-4/packages/acs-tcl/acs-tcl.info
- History
- Source
- Diff
/openacs-4/packages/acs-tcl/acs-tcl.info
- -33
- +124
/openacs-4/packages/acs-tcl/tcl/security-procs.tcl
- History
- Source
- Diff
/openacs-4/packages/.../security-procs.tcl
- -3
- +3
/openacs-4/www/blank-master.adp
- History
- Source
- Diff
/openacs-4/www/blank-master.adp
- -5
- +19
/openacs-4/www/blank-master.tcl
- History
- Source
- Diff
/openacs-4/www/blank-master.tcl

10:14 am

gustafn

- new function ::security::nonce_token to generate a nonce token as described in W3C Content Security Policy

- -5
- +51
/openacs-4/packages/acs-tcl/tcl/security-procs.tcl
- History
- Source
- Diff
/openacs-4/packages/.../security-procs.tcl

10:07 am

gustafn

- use "filter_return" in cases, where we can map the .adp file and improve documentation

- -6
- +10
/openacs-4/packages/acs-core-docs/tcl/acs-core-docs-procs.tcl
- History
- Source
- Diff
/openacs-4/.../acs-core-docs-procs.tcl

1:34 pm

gustafn

- add support for W3C Subresource Integrity (SRI)

* For details about SRI, see https://www.w3.org/TR/SRI/

* Added arguments -crossorigin and -integrity

to the following functions

template::add_body_script

template::add_script

template::head::add_javascript

template::head::add_link

template::head::add_script

* Updated blank-master.adp

- some more cleanup:

* remove commented out code

* add missing argument documentation

(template::head::add_javascript)

* document arguments alphabetically

- -2
- +2
/openacs-4/packages/acs-bootstrap-installer/acs-bootstrap-installer.info
- History
- Source
- Diff
/openacs-4/.../acs-bootstrap-installer.info
- -3
- +3
/openacs-4/packages/acs-bootstrap-installer/installer/www/blank-master.adp
- History
- Source
- Diff
/openacs-4/packages/.../www/blank-master.adp
- -82
- +102
/openacs-4/packages/acs-templating/tcl/head-procs.tcl
- History
- Source
- Diff
/openacs-4/packages/.../tcl/head-procs.tcl
- -3
- +3
/openacs-4/www/blank-master.adp
- History
- Source
- Diff
/openacs-4/www/blank-master.adp

1:32 pm

gustafn

- bring version in www (in cvs) in sync with version from packages/acs-bootstrap-installer/installer/www/

- -98
- +22
/openacs-4/www/blank-master.tcl
- History
- Source
- Diff
/openacs-4/www/blank-master.tcl

1:22 pm

gustafn

- provide a better error message in case the request processor fails early

- -6
- +11
/openacs-4/packages/acs-templating/tcl/query-procs.tcl
- History
- Source
- Diff
/openacs-4/packages/.../tcl/query-procs.tcl

10:53 am

gustafn

- Implements "Upgrade Insecure Requests" headers:

W3C Candidate Recommendation

https://www.w3.org/TR/upgrade-insecure-requests/

- -1
- +9
/openacs-4/packages/acs-tcl/tcl/request-processor-procs.tcl
- History
- Source
- Diff
/openacs-4/.../request-processor-procs.tcl

10:32 am

gustafn

- security::redirect_to_secure: add flag "-script_abort" to make it

usable in filter procs (ad_script_abort triggers errors without

error message)

- security::get_secure_location:

* align implementation to function documentation (to make it usable

for sub-sites). Last version returned always the "configured

secure" location, not the "current secure location"

* replace regexps by util::split_location/util::join_location/

- -22
- +16
/openacs-4/packages/acs-tcl/tcl/security-procs.tcl
- History
- Source
- Diff
/openacs-4/packages/.../security-procs.tcl

8:28 am

gustafn

- add missing expand operator

- -2
- +2
/openacs-4/packages/acs-tcl/tcl/utilities-procs.tcl
- History
- Source
- Diff
/openacs-4/packages/.../utilities-procs.tcl

10:08 pm

gustafn

- add kernel parameter to make ad_session_id cookies secure (useful on sites, where all sessions are via https, improves security rating on e.g. mozillas observatory tool)

- -3
- +4
/openacs-4/packages/acs-kernel/acs-kernel.info
- History
- Source
- Diff
/openacs-4/packages/.../acs-kernel.info
- -3
- +7
/openacs-4/packages/acs-tcl/tcl/security-procs.tcl
- History
- Source
- Diff
/openacs-4/packages/.../security-procs.tcl

10:03 pm

gustafn

- provide default masters in case no theme provides a template

- -0
- +66
/openacs-4/packages/acs-templating/resources/masters/plain-streaming-head.adp
- History
- Source
- Diff
/openacs-4/.../plain-streaming-head.adp
- -0
- +24
/openacs-4/packages/acs-templating/resources/masters/plain-streaming-head.tcl
- History
- Source
- Diff
/openacs-4/.../plain-streaming-head.tcl

10:03 pm

gustafn

More
MAIN:gustafn:20160902200319
deleted 1 file
MAIN

file plain-streaming-head.adp was initially added on branch oacs-5-9.

- -0
- +0
/openacs-4/packages/acs-templating/resources/masters/plain-streaming-head.adp
- History
- Source
/openacs-4/packages/.../plain-streaming-head.adp

10:03 pm

gustafn

More
MAIN:gustafn:20160902200319:1
deleted 1 file
MAIN

file plain-streaming-head.tcl was initially added on branch oacs-5-9.

- -0
- +0
/openacs-4/packages/acs-templating/resources/masters/plain-streaming-head.tcl
- History
- Source
/openacs-4/packages/.../plain-streaming-head.tcl

9:16 pm

gustafn

- reduce redundancy handling legacy network drivers

- simplify code

- -33
- +14
/openacs-4/packages/acs-tcl/tcl/security-procs.tcl
- History
- Source
- Diff
/openacs-4/packages/.../security-procs.tcl

7:33 pm

gustafn

- fix bug for host-node-mapped subsites: on the (subsite) admin-page

of a host-node-mapped subsites, the link to site-wide-admin should

always point to the main site.

- add new helper function util::configured_location to address the bug

above to return the configured location as configured for the

current network driver. While [util_current_location] honors the

virtual host information of the host header field,

util::configured_location returns the main configured location

(probably the main subsite).

- extend [util_driver_info]

* make the passed-in array name optional and to return always a dict

* include the configured host name in the result (dict/array)

- add cross references via @see to make it easier to switch between

related functions

- bump version number of acs-tcl to 5.9.1d10 and acs-subsite to

5.9.1d7 to address dependencies

- -3
- +3
/openacs-4/packages/acs-subsite/acs-subsite.info
- History
- Source
- Diff
/openacs-4/packages/.../acs-subsite.info
- -1
- +1
/openacs-4/packages/acs-subsite/www/admin/index.adp
- History
- Source
- Diff
/openacs-4/packages/.../admin/index.adp
- -1
- +2
/openacs-4/packages/acs-subsite/www/admin/index.tcl
- History
- Source
- Diff
/openacs-4/packages/.../admin/index.tcl
- -2
- +2
/openacs-4/packages/acs-tcl/acs-tcl.info
- History
- Source
- Diff
/openacs-4/packages/acs-tcl/acs-tcl.info
- -1
- +3
/openacs-4/packages/acs-tcl/tcl/defs-procs.tcl
- History
- Source
- Diff
/openacs-4/packages/.../tcl/defs-procs.tcl
- -5
- +8
/openacs-4/packages/acs-tcl/tcl/security-procs.tcl
- History
- Source
- Diff
/openacs-4/packages/.../security-procs.tcl
- -19
- +50
/openacs-4/packages/acs-tcl/tcl/utilities-procs.tcl
- History
- Source
- Diff
/openacs-4/packages/.../utilities-procs.tcl

11:38 am

gustafn

- improve labels on "install from repo" (distinguish between "install" and "upgrade")

- -3
- +6
/openacs-4/packages/acs-admin/www/install/install.tcl
- History
- Source
- Diff
/openacs-4/packages/.../install/install.tcl

9:31 am

gustafn

- fix potential problem, when form objs is already preloaded

- -0
- +1
/openacs-4/packages/xowf/xowf.info
- History
- Source
- Diff
/openacs-4/packages/xowf/xowf.info
- -2
- +5
/openacs-4/packages/xowf/tcl/xowf-procs.tcl
- History
- Source
- Diff
/openacs-4/packages/.../tcl/xowf-procs.tcl

2:01 pm

hectorr

Removed unnecesary exists, causing problems at least when form field file is used as repeat field, not showing the add button properly

- -2
- +2
/openacs-4/packages/xowiki/tcl/form-field-procs.tcl
- History
- Source
- Diff
/openacs-4/packages/.../form-field-procs.tcl

1:26 pm

gustafn

- adding missing $ sign

- -2
- +2
/openacs-4/packages/acs-core-docs/tcl/acs-core-docs-procs.tcl
- History
- Source
- Diff
/openacs-4/.../acs-core-docs-procs.tcl

12:53 pm

stefans

More
MAIN:stefans:20160901105337
changed 1 file
MAIN

Deactivating commit hook for now, for testing

- -1
- +1
/CVSROOT/loginfo
- History
- Source
- Diff
/CVSROOT/loginfo

12:32 pm

gustafn

- don't change names of arguments unless necessary, since such cases require a DROP FUNCTION

- -11
- +15
/openacs-4/packages/acs-kernel/sql/postgresql/upgrade/upgrade-5.9.0d5-5.9.0d6.sql
- History
- Source
- Diff
/openacs-4/.../upgrade-5.9.0d5-5.9.0d6.sql

8:57 pm

gustafn

More
oacs-5-9:gustafn:20160831185741
changed 35 files
oacs-5-9

composition-rel reform:

- apply changes developed by Michael Steigman for making rel-types

configurable whether these should be composable or not

(default is: these are composable, which was up to now the only

choice)

- improved documentation of log argument lists of SQL functions

- Background:

http://openacs.org/forums/message-view?message_id=5330734

http://openacs.org/forums/message-view?message_id=4031049

- bump version number of acs-kernel to 5.9.1d16

- -2
- +2
/openacs-4/packages/acs-kernel/acs-kernel.info
- History
- Source
- Diff
/openacs-4/packages/.../acs-kernel.info
- -1
- +2
/openacs-4/packages/acs-kernel/sql/oracle/acs-relationships-create.sql
- History
- Source
- Diff
/openacs-4/.../acs-relationships-create.sql
- -23
- +32
/openacs-4/packages/acs-kernel/sql/oracle/groups-body-create.sql
- History
- Source
- Diff
/openacs-4/.../groups-body-create.sql
- -4
- +7
/openacs-4/packages/acs-kernel/sql/oracle/groups-create.sql
- History
- Source
- Diff
/openacs-4/packages/.../groups-create.sql
- -2
- +4
/openacs-4/packages/acs-kernel/sql/oracle/test/rel-segments-test-types-create.sql
- History
- Source
- Diff
/openacs-4/.../rel-segments-test-types-create.sql
- -0
- +344
/openacs-4/packages/acs-kernel/sql/oracle/upgrade/upgrade--5.9.1d15-5.9.1d16.sql
- History
- Source
- Diff
/openacs-4/.../upgrade--5.9.1d15-5.9.1d16.sql
- -68
- +71
/openacs-4/packages/acs-kernel/sql/postgresql/acs-create.sql
- History
- Source
- Diff
/openacs-4/packages/.../acs-create.sql
- -19
- +55
/openacs-4/packages/acs-kernel/sql/postgresql/acs-relationships-create.sql
- History
- Source
- Diff
/openacs-4/.../acs-relationships-create.sql
- -25
- +36
/openacs-4/packages/acs-kernel/sql/postgresql/groups-body-create.sql
- History
- Source
- Diff
/openacs-4/.../groups-body-create.sql
- -7
- +10
/openacs-4/packages/acs-kernel/sql/postgresql/groups-create.sql
- History
- Source
- Diff
/openacs-4/packages/.../groups-create.sql
- -3
- +0
/openacs-4/packages/acs-kernel/sql/postgresql/postgresql.sql
- History
- Source
- Diff
/openacs-4/packages/.../postgresql.sql
- -8
- +5
/openacs-4/packages/acs-kernel/sql/postgresql/rel-segments-create.sql
- History
- Source
- Diff
/openacs-4/.../rel-segments-create.sql
- -2
- +4
/openacs-4/packages/acs-kernel/sql/postgresql/test/rel-segments-test-types-create.sql
- History
- Source
- Diff
/openacs-4/.../rel-segments-test-types-create.sql
- -0
- +376
/openacs-4/packages/acs-kernel/sql/postgresql/upgrade/upgrade-5.9.1d15-5.9.1d16.sql
- History
- Source
- Diff
/openacs-4/.../upgrade-5.9.1d15-5.9.1d16.sql
- -4
- +6
/openacs-4/packages/acs-kernel/sql/test/rel-segments-test-types-create.sql
- History
- Source
- Diff
/openacs-4/.../rel-segments-test-types-create.sql
… 20 more files in changeset.

8:57 pm

gustafn

More
MAIN:gustafn:20160831185741
deleted 1 file
MAIN

file upgrade--5.9.1d15-5.9.1d16.sql was initially added on branch oacs-5-9.

- -0
- +0
/openacs-4/packages/acs-kernel/sql/oracle/upgrade/upgrade--5.9.1d15-5.9.1d16.sql
- History
- Source
/openacs-4/.../upgrade--5.9.1d15-5.9.1d16.sql

8:57 pm

gustafn

More
MAIN:gustafn:20160831185741:1
deleted 1 file
MAIN

file upgrade-5.9.1d15-5.9.1d16.sql was initially added on branch oacs-5-9.

- -0
- +0
/openacs-4/packages/acs-kernel/sql/postgresql/upgrade/upgrade-5.9.1d15-5.9.1d16.sql
- History
- Source
/openacs-4/.../upgrade-5.9.1d15-5.9.1d16.sql

8:41 pm

gustafn

- fix incorrect links

- -3
- +20
/openacs-4/packages/acs-core-docs/tcl/acs-core-docs-procs.tcl
- History
- Source
- Diff
/openacs-4/.../acs-core-docs-procs.tcl
- -3
- +3
/openacs-4/packages/acs-core-docs/www/xml/kernel/apm-design.xml
- History
- Source
- Diff
/openacs-4/packages/.../kernel/apm-design.xml

8:39 pm

gustafn

- distinguish in apm_package_selection_widget between operations (updates/installs/or both)

- -3
- +4
/openacs-4/packages/acs-admin/tcl/apm-admin-procs.tcl
- History
- Source
- Diff
/openacs-4/packages/.../apm-admin-procs.tcl

8:37 pm

gustafn

- remove unneeded quoting

- -2
- +2
/openacs-4/packages/acs-admin/www/users/search.tcl
- History
- Source
- Diff
/openacs-4/packages/.../users/search.tcl

8:19 pm

gustafn

- use dollar quoting for SQL comments

- -9
- +9
/openacs-4/packages/acs-kernel/sql/postgresql/acs-objects-create.sql
- History
- Source
- Diff
/openacs-4/.../acs-objects-create.sql
- -31
- +31
/openacs-4/packages/acs-kernel/sql/postgresql/apm-create.sql
- History
- Source
- Diff
/openacs-4/packages/.../apm-create.sql

8:16 pm

gustafn

- add verbosity setting

- make it easy to log SQL statements as these are executed

- -4
- +4
/openacs-4/packages/acs-kernel/sql/postgresql/acs-kernel-create.sql
- History
- Source
- Diff
/openacs-4/packages/.../acs-kernel-create.sql

7:17 pm

gustafn

- remove initial-install-p flag

- -1
- +2
/openacs-4/packages/openacs-bootstrap3-theme/openacs-bootstrap3-theme.info
- History
- Source
- Diff
/openacs-4/.../openacs-bootstrap3-theme.info

OpenACS

Line History

Stats

Commits this week: 19

Commit Activity

52 week commits volume

Commits by day

Commits by hour

Commit calendar

Most active committers (90 days)

gustafn

gustafn

gustafn

gustafn

gustafn

gustafn

gustafn

gustafn

gustafn

gustafn

gustafn

gustafn

gustafn

gustafn

gustafn

gustafn

gustafn

hectorr

gustafn

stefans

gustafn

gustafn

gustafn

gustafn

gustafn

gustafn

gustafn

gustafn

gustafn

gustafn