1. Added session-update.tcl, a small utility which somewhat safely allows you to put up a link that changes a session_property, for instance to change the number of items displayed or that sort of thing. The caller must sign their values and URL, which are verified by the callee via ad_page_contract. If the referrer doesn't match the signed expected referrer, you get bounced. I think this is reasonably secure (though permissions should always be rigorously checked on all pages, of course)
2. acs_events had an html_p flag in the datamodel but no way to set it. Fixed. It should really be a mime-type but since it's not using the CR, and since I'm extremely busy with other stuff, I didn't fix it.
3. While doing #1 above I learned that signing and verifying arrays didn't quite work. Fixed.
4. Found and fixed a small problem with my earlier work on the currency widget.
Fixed the 4K character limit on session properties for Oracle by making an optional "clob" value available. The APM wouldn't let me load any packages when I added all the dotLRN packages plus standard packages over to a new "dotlrn" user from my normal "acs" user - the list of packages grew to > 4KB in size! Grrrr!