• last updated 13 hours ago
Constraints: committers
Constraints: files
Constraints: dates
improved spelling

  1. … 3 more files in changeset.
Improved readability of configuration parameter "parameterSecret"

- Switched to camelCase for better readabilty and uniformity

- NaviServer configuration parameters are case insensitive, so no danger for backward compatibility

  1. … 5 more files in changeset.
Use a simpler approach to achieve the intended result, which does not rely on events

Keep comments on the server side

JS upstream updates

- Updated highcharts to 11.4.0 (when highcharts package is not installed)

- Updated jquery-3.6.3 to jquery-3.7.1.

- Bumped version number to 5.10.1b10

    • -10965
    • +0
    • -2
    • +0
    • -0
    • +10716
    • -0
    • +2
Ensure chat javascript is executed only when the chat itself is actually a part of the DOM

This may not be the case at the time of rendering, e.g. because the chat is rendered inside of a <template> tag and appended to the document at a later moment.

file jquery-3.7.1.js was initially added on branch oacs-5-10.

    • -0
    • +0
  1. … 2 more files in changeset.
file jquery-3.7.1.min.js was initially added on branch oacs-5-10.

    • -0
    • +0
  1. … 2 more files in changeset.
Fix variable name

Update italian localization

  1. … 4 more files in changeset.
Introduce server-side validation for HTML5 date and time formfields

A "formats" parameter can be specified on the formfields indicating one or more formats that we want to enforce. The syntax for any of such format is that of the Tcl clock command.

Default values have been set according to the expected behavior of each form field type.

Empty values are always considered valid. If a field is required, this will be enforced in its own validator.

Test behavior of HTML5 date and time formfields when invalid values are submitted

    • -0
    • +186
removed code, which was commented out since ages.

Cleanup of external binaries: always use "util::which" to resolve binaries

    • -1
    • +3
  1. … 5 more files in changeset.
Fixed unreviewed commit, which might lead to hard-to-spot errors

The last change assumed that "nls_language" can be hard-wired to

contain most 5 characters. While this not backed by the OpenACS data

model, the standard (RFC 5646) explicitly states that there is no

upper limit on the size of language tags. The tree letter language

codes have been standard since 2001 (RFC 4646).

The change accepts now all defined locales. When the specified locale

is not enabled, it provides a log notice, when the locale is not

defined at all, it provides a warning and falls back to "en_US".

  1. … 2 more files in changeset.
Validate as a token also the default coming from _nls_language, ensure the resulting language key is at most 5 chars long (many thanks to Markus Moser for this)

improved bootstrap5 compatibility for personal notifications

This change improves the appearance of personal notifications

for bootstrap5. It still works with bootstrap3.

Many thanks to Sebastian Scheder for this contribution!

    • -11
    • +24
Close the connection to the EventSource before leaving the page

Some browsers such as current Firefox may complain otherwise

Many thanks to Sebastian Scheder

Improve visualization of test info

Relax test condition:

make sure potential injections are not rendered on the page response.

Improved consistency of appearance, when multiple CSS toolkits are in use

- This change makes sure that consistently [::xowiki::CSS toolkit] is

used instead of accessing the package parameter

"PreferredCSSToolkit" directly. This change is necessary for

handling e.g. of the parameter setting "default"

consistently. Previously, a "default" value could result in loading

the obsolete YUI .js and .css files.

- When "menu_entries" have multiple "config" entries, use the last one.

Extended site-wide admin page to include link for site-wide pages

Adding a link to site-wide admin pages makes it easier for admins to locate

the site-wide pages (pages, which can be used in all xowiki instances)

Added link to parameter page in xowiki/admin page if it exists

This is a change to ease usage for novices. The "admin" pages should be replaced

in the future, but for the time being, it helps for site-admins to understand,

how to change which parameter value to obtain the desired results.

Extended "Page.copy_content_vars" with a "-except" parameter

This change makes it possible to use values from template pages

without changing the name of the target page. This change also

introduces a small modernization to use dicts instead of arrays.

added URL for version checking to see, if a newer version is available from the CDN

Extend test suite

when testing FormPage validation, make sure two distinct behaviors are respected:

1) Rejected values that were part of the request are kept into their original form fields so the user can rework them and resubmit

2) Other parts of the page, such as the page title, are NOT influenced by data that faild to validate

Rationale: displaying unvalidated information as part of the response can be interpreted as a page injection.

In current codebase, that the title was changed indicates, that rejected information made its way into the :title object member of the FormPage.

The potential consequences of the FormPage setting unvalidated information into its members depends on a number of factors such as formfield logics, callbacks and proper page quoting (to name a few).

Reduced attack vectors for query and form variables while keeping semantics

- improve form_parameter and query variable validation

- revert partly change: it is intentional that in case of validation errors, the

instances variables of the in-memory object contain invalid data in order

to be able to show the use the invalid data in the form.

- prefer "string first" idiom over regular expression

fix typo

Fix typo

removed obsolete code