• last updated 13 hours ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
harden page contracts

  1. … 8 more files in changeset.
protect query-parameters against exceptions with empty values

The page_conract filter require a "notnull", otherwise it lets

values like ...?v=&... through, although {v:boolean} was used.

These empty values will cause exceptions, when it is later

assumed that "v" has a proper boolean value.

added standard parameterizations for Argon2 when supported.

Quote URLs rendered inside of markup

    • -11
    • +11
    /openacs-4/packages/xowf/lib/inclass-exam.wf
Fix idiom: the value should be null to not be counted

Provide the id directly to the subquery to improve planning and execution, use quicker json idioms to count review outcomes

Make values optional, as the user should supply them via the form

bugfix: provide proper encoding for text phrases in email addresses

Previously, mails to addresses of the form

PHRASE <USER@HOST>

where PHRASE contains UTF-8 were sent without the required encoding.

One many systems, this was perfectly fine, but on some, these

where leading to mangled characters. Now, the "to_addr" adresseses

and the "from_addr" address of acs_mail_lite::send_immediately

are properly encoded. Note, that "to_addr" is a list of addresses.

Many thanks to Franz Penz for reporting this.

Prefer the test authority: downstream local authorities may depend on other systems to perform additional checks, which may fail on a test user

Export catalog via the UI to normalize sorting and quoting

    • -2
    • +2
    /openacs-4/packages/xowiki/xowiki.info
Export message keys via the UI to normalize sort order and quoting and reduce downstream conflicts

more upstream version updates (font-awesome, bootstrap-icons)

font-awesome 6.4.2 (e.g. twitter -> "x" brand icon change)

https://fontawesome.com/v6/docs/changelog/

Bootstrap Icons v1.11.1 (100 new icons, including brand icon "x")

now including new floppy disk icons, additional brand icons, new person icons,

new emojis, some birthday cake, a few new science icons, and .... in total more than 2,000 icons

https://blog.getbootstrap.com//2023/09/12/bootstrap-icons-1-11-0/

upgrade to Bootstreap 5.3.2 (package 5.10.1b3)

improved error handling, when mapped fields are missing

Reintroduce "short_name" list element in the folder-chunk, used in the list format and not exactly equivalent to "name"

Provide a Bootstrap-agnostic way to make the iframe "as big as possible"

Make btn CSS BS3 and BS5 aware

Many thanks to Monika Andergassen

Hide other potentially visible components of the template master

Many thanks to Monika Andergassen

fix typo

fix typos

bugfix for azure content with multibyte characters

This change fixes two bugs:

a) base64decode was used instead of base64urldecode

b) the binary flag is harmful, since this leads to double-encoding

Many thanks to Sebastian Scheder for the fix.

improved support for Bootstrap5 for composite items

Many thanks to Monika Andergassen for the changes

In case the user used an external_registry for login, we have to allow the redirect to a complete url

move "-destroy_on_cleanup" towards the end of the parameter list

This change improves protection about ambiguous user input

    • -2
    • +3
    /openacs-4/packages/xowf/tcl/atjob-procs.tcl
    • -7
    • +10
    /openacs-4/packages/xowf/tcl/xowf-procs.tcl
    • -5
    • +7
    /openacs-4/packages/xowiki/tcl/import-procs.tcl
    • -5
    • +7
    /openacs-4/packages/xowiki/tcl/package-procs.tcl
use CSSclass "form-range" for Bootstrap5

    • -1
    • +4
    /openacs-4/packages/xowiki/tcl/package-procs.tcl
added support for icanuse "ns_crypto::scrypt"

it looks as if this was lost over time

add one more sample

fix typo

Improve fix: if any other click handler would take longer than the timeout (e.g. an alert) don't wait again

Make sure disabling the button always happens before re-enabling the button and that both happen after all other click handlers have completed