• last updated 4 hours ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
Make ad_html_security_check configurable

ad_html_security_check has now three optional attributes

to make it configurable for different situations

-allowed_tags

-allowed_attributes

-allowed_protocols

If these attributes are not specified, the behavior is exactly like

before. This change makes it also easier to regression test this

function, since the behavior does not necessarily depend on a site's

parameter settings.

The function was also modernized, new regression tests were added.

Use only ok and flagged as color schemes, so that results can be investigated also while review is in progress

Handle the case where only one type of artifacts is collected

Replace private with public api

Actually not enforce options validation on disabled formfields

Don't enforce options validation on disabled fields, demonstrate that this won't allow to insert invalid values in the field

Fix the test, which was not actually reproducing the issue

in order to do so, I had to fix the behavior of acs::test::xpath::get_form_values: we should in fact NOT extract the value of disabled formfield, as a real browser will not send them in the POST request.

Expose behavior:

extend date formfield test to include also a date in a specific format from downstream, set to disabled. Set the day of the month as a number < 10. Show that in this case the validation will complain about an invalid value. This because the field is represented as " 1" rather than the expected "1"

Reduce hard errors in the search indexer on invalid file content

This change uses util::file_content_check introduced with acs-tcl

5.10.1d9 to detect error situations before external programs are

called, which can lead to unpredictable error messages.

bumped version to 5.10.1d1

    • -3
    • +3
    /openacs-4/packages/search/search.info
    • -2
    • +2
    /openacs-4/packages/search/tcl/search-procs.tcl
fix issue shown with acunetix testing (without login)

    • -3
    • +3
    /openacs-4/packages/search/www/search.tcl
guarantee uniqueness of IDs when multiple aggregated forms are used in one page (e.g. exam protocol)

Constrain the language we return for the connection to the ones we support: could happen on system that have supposted a language in the past and still have users set it as their preferred language

Additional CSP exceptions for Xinha

improve class diagram drawing logic

- Draw always the superclass of the object of

interest, which might in the case of multiple

inheritance not in the "things" variable.

- don't draw lines twice in cases of multiple inheritance

include DB interface classes in API-doc

pass "hide methods" to svg generation

switch from xo::db::sql to acs::dc interface

Make the initial population of the request-monitor counters more robust

simplify logic

Fix variable name

switch from xo::db::sql to acs::dc interface

    • -3
    • +2
    /openacs-4/packages/chat/tcl/chat-procs.tcl
    • -2
    • +3
    /openacs-4/packages/xooauth/xooauth.info
    • -1
    • +1
    /openacs-4/packages/xowf/tcl/xowf-procs.tcl
Basic test of the proctoring upload endpoint

Switch to a select widget to keep a more predictable vertical size in case of many time presets

Prefer "::acs::dc call ..." over "::xo::db::sql::..."

Use the common new acs interface rather than the xotcl-core variant.

Goal should be on the medium time range to replace all of the

"::xo::db::sql::*" interface.

    • -123
    • +136
    /openacs-4/packages/xotcl-core/tcl/05-db-procs.tcl
Align names used in utility db functions in Oracle and PostgreSQL

Over the years, the names used in the function for PostgreSQL and

Oracle drifted away, which is a problem when using call-by-name

convention for stored procedures. Furthermore, recent Oracle versions

do not allow attributes named "table" (for table_name). So the longer

version is now used uniformily. Fortunately, nsf allow abbreviation

for named parameters (like Tcl does), such one can use both

"-table_name" and "-table".

Bumped version number to 5.10.1d7.

file upgrade-5.10.1d6-5.10.1d7.sql was initially added on branch oacs-5-10.

Notify new revisions on a proctoring artifact on the object's websocket, in a way that the users list, already designed to refresh in case on messages, will display new information when the revision is proceeding

Fix typos

Generate the fullscreen preview element in javascript and make it a child of the body, so that it can expand to the full page also when the include itself would be rendered in a smaller container

Implement a pre-selection filter for timeframes, which can be extended using downstream specific logics