• last updated 11 hours ago
Constraints: committers
Constraints: files
Constraints: dates
file style.css was initially added on branch oacs-5-10.

Allow to serialize also object options, allow to only include the header stuff

Cleanup leftover code from successful reform in December 2016

Since then, we have been long using dynamic repeat fields on production

    • -15
    • +5
Move the specific richtext-editor implementations into an own file

file richtext-procs.tcl was initially added on branch oacs-5-10.

    • -0
    • +0
Rework the add_editor api so that it won't rely on global templating variables and fix both configuration from defaults and local

Harden the page contract and ensure that:

- for chat rooms in the chat package, only the chat class enforcing permissions is used

- for other chat ids, either the id is an object the user can read, or the user can at least read on the current connection package

Cleanup old parameter on upgraded installations

file apm-callback-procs.tcl was initially added on branch oacs-5-10.

    • -0
    • +0
file download.tcl was initially added on branch oacs-5-10.

file index.tcl was initially added on branch oacs-5-10.

file index.adp was initially added on branch oacs-5-10.

TinyMCE 7.0.1 integration

We reboot TinyMCE richtext-editor integration to support newest version 7.0.1.

Editor can be served from CDN (requires an API key) or locally, by downloading a distribution via the site-wide admin page of the package.

Editor can be configured either per-website or per-usage, as we do with other editors.

At present, no OpenACS specific features, such as image upload, are provided. Custom plugins from previous versions of this package have also been discontinued.

Notable differences with similar integrations:

- editor configuration is specified as a dict, rather than a list of lists

- current package parameters are global, rather than de-facto global instance parameters

- deprecated configuration from acs-templating is not supported anymore

  1. … 1804 more files in changeset.
harden page_contract

    • -2
    • +2
Make test more robust in setups where we cache permissions

Cleanup commented code

Only allow valid privileges in the privs parameter

restrict substitution in string

Implement a package-specific page contract filter to collect current (and future) security fixes

Reject frames and iframes in the content

Prevent sneaking symlinks in the content repository

Many thanks to Thomas Rennner and Günter Ernst for analyzing the issue

cr_write_content reform

when serving files, do not trust the content information, as the absolute path to the file can be determined programmatically in this case.

This also reduce divergency between Oracle and Postgres

Fixed issue introduced in OpenACS 5.9.0

The old version did not insert a property value via the

sec_session_property__upsert() in PostgreSQL on the initial setting

(later updates were OK). The broken version was just adding a tuple

and left the "property_value" empty.

Many thanks to Jonathan Kelley for identifying the issue and reporting it.

file upgrade-5.10.1b4-5.10.1b5.sql was initially added on branch oacs-5-10.

Implement a new filter for inclass-exam submissions

When displayed by the print-answers method, allow to filter also for not graded.

    • -10
    • +10
added link to cluster info to acs-admin main page when cluster is enabled

improved spelling

    • -2
    • +2
    • -1
    • +1
    • -2
    • +2
clean dirty editor buffer

improved spelling

Made startup more robust

- handle not-yet-defined callback procs gracefully