• last updated a few minutes ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
added policy for supporting view of revisons, used more detailed message key values for supporting rounding by points or revisions

    • -43
    • +112
    /openacs-4/packages/xowf/tcl/test-item-procs.tcl
added button for form-usages for displaying revisions

Improve further: flush the object only when the state changes

    • -3
    • +6
    /openacs-4/packages/xowf/tcl/xowf-procs.tcl
Improve fix:

in FormPage www-edit, just after the save_data operation we render the FormPage to refresh the references. We should flush the form object cache here, as otherwise any formfield spec will come from the form in the previous state

    • -5
    • +7
    /openacs-4/packages/xowf/tcl/xowf-procs.tcl
Reinstate oacs-dav as a dependency... there is api usage that is not so easy to replace at the moment

Remove non-functional "double click protection" in order to remove a potential attack vector

added page contract filter "printable" to avoid potential DB errors on certain binary values

    • -3
    • +3
    /openacs-4/packages/search/search.info
    • -4
    • +6
    /openacs-4/packages/search/www/search.tcl
added page contract filter "printable" to avoid passing of binary values to certain pages

    • -2
    • +2
    /openacs-4/packages/acs-tcl/acs-tcl.info
avoid site-map lookups from the DB when the connections is already closed. This avoids hard DB-errors when the URL contains invalid characters

fixed bug introduced 8 months ago

Fix test category, add tested api

Make sure that the form object is flushed whenever state might have changed

If code executed after the state change accesses the form object again, this could be that from a previous state and e.g. hold the wrong form definition. This happens in practice downstream, where the submitting of activities also involves accessing the form definition to e.g. compute the grade based on the questions. Downstream we also cache the formfield specs, so if a spec is dependent on the state, might be wrong in also for future requests.

    • -0
    • +5
    /openacs-4/packages/xowf/tcl/xowf-procs.tcl
improve robustness when called without connection

Fix typo, write a basic test for the involved api

provide a friendly error message

    • -7
    • +12
    /openacs-4/packages/xowiki/tcl/package-procs.tcl
allow at most 50K days, otherwise Tcl time scanner bails out

    • -2
    • +4
    /openacs-4/packages/xowiki/tcl/package-procs.tcl
strengthen regular expression for "days"; valid arguments are e.g. "20d" or "14days"

    • -2
    • +2
    /openacs-4/packages/xowiki/tcl/package-procs.tcl
Fix typo

revert incompatible change

    • -5
    • +4
    /openacs-4/packages/xowiki/tcl/package-procs.tcl
Sanitize bogus URLs such as "//" or e.g. dotlrn URL lookup would fail

Not clear if this should happen already at the ns_conn level or somewhere in the site_node api

avoid subst in export_vars by using xo::update_query

Accept only integers as value for the rss query parameter

    • -2
    • +3
    /openacs-4/packages/xowiki/tcl/package-procs.tcl
provide page-contract error instead of backtrace

    • -4
    • +3
    /openacs-4/packages/xowiki/tcl/package-procs.tcl
removed obsolete index.vuh file

    • -29
    • +0
    /openacs-4/packages/xooauth/www/index.vuh
removed automounting

    • -1
    • +0
    /openacs-4/packages/xooauth/xooauth.info
added KTI 1.1 properties

Cleanup leftover file

Remove attack surface

Check permissions when one accesses the script and also when one performs the actual unsubscribing operation

Harden safety: require login, do not let people outside the requester fiddle with the frequency