• last updated 18 hours ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
reduce verbosity

comment recent smelly change

+CVS: ----------------------------------------------------------------------

Support specification of allowed tags/attributes/protocols via global package parameters.

This change makes it possible to define for a package values for

AllowedTags, AllowedAttributes, or AllowedProtocols. If (some of)

these exist, use these for configuring "ad_html_security_check". If +

not, fall back to the default (site wide) definition.

This change is fully backward compatible and effects on sites defining

such global parameters. This change was induced by the need of large

sites, where it is not feasible to set these parameters on the package

instance level, since this site has 830000 packages instances.

Bump version number to 5.10.1d19

    • -2
    • +2
    /openacs-4/packages/acs-tcl/acs-tcl.info
    • -3
    • +3
    /openacs-4/packages/xowiki/xowiki.info
improve error message

    • -4
    • +6
    /openacs-4/packages/xowiki/tcl/xowiki-procs.tcl
fix typo

Use a more stable logic to tell which image to use to store comments: if camera pictures are there, use those and otherwise use the desktop

Filter consistently with the new definition of "reviewed"

Fix typo

Fix the case of the last comment

Improve performance of delete operation

Usability improvement: disable the buttons to flag/unflag artifacts when these are already flagged/unflagged (applies also to bulk buttons)

Behavior reform:

now commenting an artifact won't be considered as "OK". To flag an artifact as "OK" or "for review", one has to explicitly click on the green and red buttons.

Apply filters also to new images coming from the websocket

allow fractional minutes (useful for short quizzes)

Make the border indicating the status of an artifact's review slightly bigger

Implement buttons to set all artifacts for a user as ok or not ok

file review-all.tcl was initially added on branch oacs-5-10.

Improve robustness of upgrade script for legacy applications

In case, an installation has the legacy view (must be from very old installations)

in place, it is necessary to drop it before registered_users, otherwise

PostgreSQL will complain that it cannot drop view registered_users because

other objects depend on it.

Many thanks to Franz Penz to report this potential problem for old sites.

Make ad_html_security_check configurable

ad_html_security_check has now three optional attributes

to make it configurable for different situations

-allowed_tags

-allowed_attributes

-allowed_protocols

If these attributes are not specified, the behavior is exactly like

before. This change makes it also easier to regression test this

function, since the behavior does not necessarily depend on a site's

parameter settings.

The function was also modernized, new regression tests were added.

Use only ok and flagged as color schemes, so that results can be investigated also while review is in progress

Handle the case where only one type of artifacts is collected

Replace private with public api

Actually not enforce options validation on disabled formfields

Don't enforce options validation on disabled fields, demonstrate that this won't allow to insert invalid values in the field

Fix the test, which was not actually reproducing the issue

in order to do so, I had to fix the behavior of acs::test::xpath::get_form_values: we should in fact NOT extract the value of disabled formfield, as a real browser will not send them in the POST request.

Expose behavior:

extend date formfield test to include also a date in a specific format from downstream, set to disabled. Set the day of the month as a number < 10. Show that in this case the validation will complain about an invalid value. This because the field is represented as " 1" rather than the expected "1"

Reduce hard errors in the search indexer on invalid file content

This change uses util::file_content_check introduced with acs-tcl

5.10.1d9 to detect error situations before external programs are

called, which can lead to unpredictable error messages.

bumped version to 5.10.1d1

    • -3
    • +3
    /openacs-4/packages/search/search.info
    • -2
    • +2
    /openacs-4/packages/search/tcl/search-procs.tcl
fix issue shown with acunetix testing (without login)

    • -3
    • +3
    /openacs-4/packages/search/www/search.tcl
guarantee uniqueness of IDs when multiple aggregated forms are used in one page (e.g. exam protocol)

Constrain the language we return for the connection to the ones we support: could happen on system that have supposted a language in the past and still have users set it as their preferred language