Reduced number of insert cr_child_rels operations, just when -needed:
cr_child_rels provide only little benefit (allow to use roles in +needed:
cr_child_rels provide only little benefit (allow one to use roles in a child-rel), but the common operation is a well available in cr_items via the parent_id. cr_child_rels do not help for recursive queries either. One option would be to add an additional argument @@ -136,8 +136,7 @@
Added support against CSRF (cross site request forgery)
OpenACS maintains a per-request CSRF token that ensures that form replies are coming just from sites that received the form
CSRF support is optional for packages where CSRF is less -dangerous, and such requests are wanted (e.g. search and -api-browser)
Added Support for W3C "Upgrade-Insecure-Headers" (see @@ -209,8 +208,7 @@
Misc code improvements:
18 issues from the OpenACS-bug-tracker fixed
Made code more robust against invalid/incorrect input (page_contracts, validators, values obtained from header fields -such as Accept-Language)
Fixed quoting of message keys on many places
Improved exception handling (often, a "catch" swallows -to much, e.g. script_aborts), introducing +such as Accept-Language)
Fixed quoting of message keys on many places
Improved exception handling (often, a "catch" swallows one to much, e.g. script_aborts), introducing "ad_exception".
Generalized handling of leading zeros:
Fixed cases where leading zeros could lead to unwanted octal @@ -279,7 +277,7 @@
Misc new functions:
"lang::util::message_key_regexp": factor out scattered regexp for detecting message keys
"ns_md5" and "ns_parseurl": improve -compatibility between AOLserver and NaviServer
"ad_dom_sanitize_html": allow to specify different +compatibility between AOLserver and NaviServer
"ad_dom_sanitize_html": allow one to specify different sets of tags, attributes and protocols and "ad_dom_fix_html", which is a light weight tidy variant.
Moved templates from www into xowiki/resources to avoid naming conflicts
Improved ckeditor support
Added usage of prepared statements for common queries
Improved error handling
Better value checking for query parameter, error reporting via ad_return_complaint
Added option "-path_encode" to methods -"pretty_link" and "folder_path" to allow to +"pretty_link" and "folder_path" to allow one to control, whether the result should be encoded or not (default true)
Form fields:
Improved repeatable form fields (esp. composite cases), don't require preallocation (can be costly in composite cases)
Added signing of form-fields
Added HTML5 attributes such as "multiple" (for "file") or "autocomplete"
Fixed generation of "orderby" attribute based on -form-field names
richtext: allow to specify "extraAllowedContent" via +form-field names
richtext: allow one to specify "extraAllowedContent" via options
Improved layout of horizontal check boxes
New api function "ad_log" having the same interface as +parameters)
New API function "ad_log" having the same interface as ns_log, but which logs the calling information (like URL and call-stack) to ease tracking of errors.
Use per-thread caching to reduce number of mutex lock operations and lock contention on various caches (util-memoize, xo_site_nodes, @@ -556,7 +554,7 @@ "outdated" package in the 5.9 or 6.0 release)
General overhaul of package management
Install-from-local and install-from-repository can be used to install the provided packages based on a acs-core installation. This means that also DotLRN can be installed from repository or -from local into an existing OpenACS instance.
Install-from-repository offers filtering functions, allows to +from local into an existing OpenACS instance.
Install-from-repository offers filtering functions, allows one to install optionally from head-channel (for packages not in the base channel of the installed instance). Install-from-repository works more like an app-store, showing as well vendor information
Packages can be equipped with xml-based configuration files