• last updated 3 hours ago
Constraints: committers
Constraints: files
Constraints: dates
Validate field names when these might come directly from the POST request and therefore contain arbitrary text

Fix typo in comment

Use existing api to tell whether a formfield is disabled or not and to set/unset disabled on a field, handle the case of checkboxes and select fields, where the attribute should not be set whe it is false (e.g. disabled=0 == disabled)

This fixes upstream automated tests on xowiki and xowf

  1. … 1 more file in changeset.
Fixed serious bug killing at least short-text questions in inclass exam

The bug was introduced in [1], by testing for the existence of the

disabled attribute, and when it exists, it was omitting values

reading. The problem is that when form-fields are reset, the

"disabled" attribute is set to 0, leading the exists check to

succeed. In essence, This change sets now the default value of the

form-field to "0", such that it is safe to test it everywhere.

Originally, it was not set by default to save resources (memory and

processing power), but this requires a more careful analysis when

changes happen.

[1] https://fisheye.openacs.org/browse/OpenACS/openacs-4/packages/xowiki/tcl/xowiki-www-procs.tcl?r1=1.368.2.125&r2=1.368.2.126

  1. … 1 more file in changeset.
rename "iconified file" to "thumbnail file"

  1. … 3 more files in changeset.
Extended functionality of the DropZone widget

- added parameters "label", "disposition" and "file_name_prefix"

for better configurability

- added support for updating the current page with feedback of the

dropped files. This is used e.g. by the online exam in the exam

protocol to display incrementally thumbnails of feedback files.

- change property "uploader" to "disposition", since "uploader" is

somewhat ambiguous. "Disposition" defines, what happens after the

file was uploaded, e.g. whether the content has to be transformed,


- bumped version number to 5.10.1d35

  1. … 5 more files in changeset.
Generalized handling of local_return_url

I am not fully happy with the handlings of "return_url" in exam workflows.

Maybe this can be reworked in a way such that "local_return_url" is not

neccsessary in the future.

  1. … 1 more file in changeset.
Skip processing for all formfields that are defined as disabled:

the browser should not send us these data in the first place.

undo part of last change

unfortunatly, the 0.9.3 issue can't be fixed so simple as hoped. The "-html" flag is necessary for dealing with autoclosed entries.

  1. … 1 more file in changeset.
for orthogonaly, remove "-html" flag from dom parse to avoid a potential top-level <html> element

  1. … 4 more files in changeset.
Provide a fix for "dom parse -html ..." for adp tags.

"dom parse -html" has two problems with ADP tags like "<adp:icon ...>":

a) If the tag name contains a colon or underscore, the tag is

treated like plain text, i.e. "<" and ">" are converted into

HTML entities.

b) These tags have to be closed "<adp:icon ...>" is invalid.

Several existomg ADP tags have not closing tag.

Therefore, we resolve the ADP tags before parsing the text by

tdom. There should be some future framework support to do this in

general, but until we have this, resolve this problem here locally.

get rid of "xowiki::adp_parse_tags", since this is handled now already in acs-templating

  1. … 4 more files in changeset.
Do not force all validation errors to the end of a form.

Caveat: we might miss some validation errors in cases,

where render_item is not used.... but such cases rarely

exist. Provide an log message to identify such cases

that would require further changes. The advantage of

having potentially the message at the right place

is more important for the time being since this is

a usability issue for large forms.

perform adp-tag subsitution also in xowiki footer

fix misspelled name

reduce hard-coded icons

  1. … 2 more files in changeset.
apply parse_adp_tags on full rendered text in www-view

Perform stricter checking of parent_ids

bump version number of xowiki to 5.10.1d22

  1. … 3 more files in changeset.
prefer global variable over proc

  1. … 6 more files in changeset.
keep avoiding call "value_if_nothing_is_returned_from_form" for disabled field

This change reverts to the previous behavior and is logically sound.

All regression test continue to work. Not clear, why Antonio removed

this call (maybe due to downstream changes, but these should be

sorted out).

Port of downstream feature: optionally allow to instantiate the items before deletion in order to apply specific class logics

execute configure proc after page was created

Treat disabled form fields as they are: fields that the browser would not send to us and need to be treated "internally"

  1. … 1 more file in changeset.
Added the option to parameterize www-delete and www-toggle-publish-status with return_url

In cases, these www* methods are called programmatically, these can be

now parameterized with an "-return_url" parameter to achieve

e.g. workflow-specific behavior.

Many thanks to Thomas Renner for the analysis on


Version number bumped to 5.10.1d18

  1. … 2 more files in changeset.
Modernize code

- use dict instead of Tcl array

- prefer char operations instead of match operations

prefer "string first" over "string match" (the first one is slightly faster)

Don't break the page cyclus protocol if not necessary.

There is no need to call ad_script_abort in a situation,

where the local installation is broken.

Various small improvements:

- Page->content_header_append/content_header_get: new methods to

include HTML content before the form. One use case ist to include

additional forms this way, since these cannot be included in the

main form of a FormPage. The additional content is displayed in the

www-view method.

- FormPage->create_form_fields_from_names: new convenience function to create

form-fields via their names. The definitions of the named form-fields are

taken from the provided form_constraints. This function is useful when

only a subset of the form-constraints definitions should be used

to create form-fields.

- improve comments

- improve argument checking on parent_id to be able to provide better

error messages

- reduce usage of regexp for performance reasons

- improve spelling

  1. … 2 more files in changeset.
minor editing changes

Make error consistent with the already existing check in the content-repository