• last updated 9 hours ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
- fix quoting of href

- remove xss attack vector via error messages while including templates

- perform minimal safety checks on dates passed to weblog

    • -1
    • +8
    /openacs-4/packages/xowiki/tcl/weblog-procs.tcl
- use type checking for boolean parameters in page_contracts to improve security

- make layout more robust

- start autogenerated ids with characters

- provide defaults for Content-Style-Type and Content-Script-Type

- fix HTML attribute quoting

- one more case of HTML attribute quoting

- fix more HTML attribute quoting

- fixed html attribute quoting

Add missing file extension to referenced image 'checkboxchecked.gif'

- remove default bgcolor in flash (swf) links, use styling via surrounding divs etc. instead

- make same changes to acs-subsite/www/site-map.tcl as to acs-subsite/www/admin/site-map.tcl

- adding quotes for HTML attributes

  1. … 6 more files in changeset.
- fix HTML attribute quoting

- quote html attributes properly

- fix html HTML 4.01 validity

- use export_vars instead of manual coded url parameter to increase security

- improve usage of export_vars (no unecessary quotes, use "-base" parameter to make intentions clear)

- fix html HTML 4.01 validity of ds toolbar

merging back to HEAD fixes regarding repeatable formfields.

    • -2
    • +2
    /openacs-4/packages/xowiki/tcl/repeat-procs.tcl
All js functions used to load ckeditor need to be prefixed with 'load_'.

Removing formfield css class from delete repeated field links otherwise they are mistaken with html elements used during ckeditor initialization.

    • -2
    • +2
    /openacs-4/packages/xowiki/tcl/repeat-procs.tcl
- keep link-source for folder-tree to allow for opening the link-source and not the link-target branch

    • -2
    • +7
    /openacs-4/packages/xowiki/tcl/folder-procs.tcl
    • -2
    • +5
    /openacs-4/packages/xowiki/tcl/package-procs.tcl
- FormPage.edit: in the "view mode" of edit (as opposed to the "save

mode"), add the ::xo::cc url as return_url in case no return_url

was specified to ensure to return on the starting page (necessary

for editing linked pages)

- add query parameter "deref" to control per-call whether

operations should be performed on the link or on the target object

    • -8
    • +18
    /openacs-4/packages/xowiki/tcl/package-procs.tcl
- provide path for calc_wiki_image_links_to_image_tags() in

richtext::ckeditor and richtext::ckeditor2 to fix image

replacement in cases, where a linked page is edited with

embedded images.

- do not change resolve context per default on included pages. this is required, when the included page has included content stored underneath the object (e.g. .SELF./... references)

- reduce verbosity

    • -2
    • +2
    /openacs-4/packages/xowiki/tcl/folder-procs.tcl
- don't use _p suffix for variable names in xotcl/nsf methods

    • -3
    • +3
    /openacs-4/packages/xowiki/tcl/package-procs.tcl
- make resolving of embedded resources more robust (reset id of search-path instead of prepending name, which might be unsufficiently constraint)

    • -4
    • +18
    /openacs-4/packages/xowiki/tcl/xowiki-procs.tcl