• last updated 19 hours ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
new API call util::potentially_unsafe_eval_p

Check content of the string to identify potentially unsafe content

in the provided string. The content is unsafe, when it contains

externally provided content, which might be provided e.g. via

query variables, or via user values stored in the database. When

such content contains square braces, a "subst" command on

theses can evaluate arbitrary commands, which is dangerous.

The new API call is used in "::xo::Package->return_page", where the

"subst" command stripped from its command substitution capabilities.

In case, command subsitution is needed, perform this prior this call.

bumped acs-tcl to 5.10.1d23

bumped xotcl-core to 5.10.1d13

    • -2
    • +2
    /openacs-4/packages/acs-tcl/acs-tcl.info
check queuing situation for every connection pool

Allow to deactivate client-side double click prevention by setting DefaultPreventDoubleClickTimeoutMs to 0

Add vtt mime type to CR

file upgrade-5.10.1d4-5.10.1d5.sql was initially added on branch oacs-5-10.

generalize handling of premature ends of request processing at client side

added package parameter DefaultPreventDoubleClickTimeoutMs for default timeout of double click handler

added double-click prevention class to submit widget

allow passing of template variables as icon name (which are resolved later)

more beautification of admin pages, make interface more consistent

There is no year zero in the Gregorian calendar

prefer dict over anonymous array

prefer usage of parameter::get_from_package_key over plain parameter::get

bumped version numbers to reflect dependency on sitemap icon

file sitemap.svg was initially added on branch oacs-5-10.

added sitemap icon

modernized appearance of sitemap

bumped version number to 5.10.1d10

modernized appearance of acs-admin

bumped version to 5.10.1d4

Remember pool settings for the number-of-lines filter

Added pool filtering and improved layout for Bootstrap 5

- added filter option for pools on "long-calls" page

- added support for Bootstrap 5

- added adp:icon for parameter

- Bumped version to 0.65

xo::Table::Action: added property "CSSclass"

This property exists already for all other ::xo::Table::* widgets.

Bumped version number to 5.10.1d12

minor UI improvement

prefer adp:icon over old-style .gif files

removed obsolete argument

added "invisible" to the code documentation line

Handling of cases where exercises with 0 minutes (or empty minutes fields) are used,

or when the full exam has no minutes specifed

- Provide a hint on lecturers dashboard for questions with 0 minutes

- Don't provide timer on the lecturers dashboard

- Don't provide timer for the students

- Don't show timer for very short exams/quizzes (below 1 minute)

- Provide a hint on lecturers dashboard when no timer is displayed

- When the countdown timer has expired more than a minute, display the text

that the timer has expired, rather than counting to negative values.

Hints:

* It is recommended to set the end-time of the exam manually,

when a time window is specified and the total exam time is provided as 0.

* When there is no timer, the special autosaving semantics for the end of the exam

will not work (trying to get a snapshort short before the exam end).

* When there is no time-budget, the time budget control ("be able" exams) won't work

- bumping version to 5.10.1d47

    • -4
    • +7
    /openacs-4/packages/xowf/lib/inclass-exam.wf
shorten the description test and remove fa specifics

extended adp:icon

- added the feature "invisible" to <adp:icon....>

- added generic names "admin", "cog", "folder-add", "permissions", "search", and "unmount"

- added an overview page of adp-icons to the sitewide admin page

- bumped version to 5.10.1d22

reduce verbosity

Deactivate api-doc access for all registered users by default

Over many years, all "Registered Users" got per default access

to /api-doc. This is probably OK, when one assumes that the

registered users are developers. However, providing source code

access to all registered users can pose a security thread,

especially on large sites.

For new installs, api-doc is now just accessible for site-wide admins.

Providing more liberal rights for users can be achieved via

setting the permissions via the sitemap.