• last updated 9 hours ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
reduced verbosity

bumped version number of upstram package to 1.11.3

Removed "-debug" flag

improved robustness of "try_cache"

Added handling of "-per_request" option

Made "ad_find_all_files" more robust when some subdirectory has too restrictive permissions

Previously, on some OS, Tcl's "glob" command was returning file names,

also, when the permissions should not allow it (macOS), while one

other systems, it raised an error (Linux). The problem is that

"ad_find_all_files" raises an error during startup, not all files are

found, and e.g. some of the files (like e.g. .xql) are not picked up,

... and as a consequence, strange things happen.

With this change, loading is more robust. Now, warnings are issued instead of exceptions.

Silence potentially confusing warning during first installation

Improved consistency of appearance, when multiple CSS toolkits are in use

- This change makes sure that consistently [::xowiki::CSS toolkit] is

used instead of accessing the package parameter

"PreferredCSSToolkit" directly. This change is necessary for

handling e.g. of the parameter setting "default"

consistently. Previously, a "default" value could result in loading

the obsolete YUI .js and .css files.

- When "menu_entries" have multiple "config" entries, use the last one.

    • -5
    • +11
    /openacs-4/packages/xowiki/tcl/folder-procs.tcl
Extended site-wide admin page to include link for site-wide pages

Adding a link to site-wide admin pages makes it easier for admins to locate

the site-wide pages (pages, which can be used in all xowiki instances)

Added link to parameter page in xowiki/admin page if it exists

This is a change to ease usage for novices. The "admin" pages should be replaced

in the future, but for the time being, it helps for site-admins to understand,

how to change which parameter value to obtain the desired results.

Extended "Page.copy_content_vars" with a "-except" parameter

This change makes it possible to use values from template pages

without changing the name of the target page. This change also

introduces a small modernization to use dicts instead of arrays.

    • -7
    • +14
    /openacs-4/packages/xowiki/tcl/xowiki-procs.tcl
added URL for version checking to see, if a newer version is available from the CDN

Added site-wide admin pages for xowf

This makes it easy for admins to locate the site-wide pages

(pages, which can be used in all xowf instances)

file index.adp was initially added on branch oacs-5-10.

    • -0
    • +0
    /openacs-4/packages/xowf/www/sitewide-admin/index.adp
file index.tcl was initially added on branch oacs-5-10.

    • -0
    • +0
    /openacs-4/packages/xowf/www/sitewide-admin/index.tcl
Improved simple setups and usability for novices:

- turn off production mode per default, such that users see the pages they create immediately

- added a menu-entry per default to add exam folder. This eases testing for users of the test item family of features

    • -3
    • +4
    /openacs-4/packages/xowf/tcl/xowf-procs.tcl
Extend test suite

when testing FormPage validation, make sure two distinct behaviors are respected:

1) Rejected values that were part of the request are kept into their original form fields so the user can rework them and resubmit

2) Other parts of the page, such as the page title, are NOT influenced by data that faild to validate

Rationale: displaying unvalidated information as part of the response can be interpreted as a page injection.

In current codebase, that the title was changed indicates, that rejected information made its way into the :title object member of the FormPage.

The potential consequences of the FormPage setting unvalidated information into its members depends on a number of factors such as formfield logics, callbacks and proper page quoting (to name a few).

Replace permission::require_write_permission with permission::require_permission across the calendar package

Rationale: permission::require_write_permission assumes the object creator to have write permission on the object. Instead, we should rely on permissions to be set correctly on the calendar. permission::require_write_permission also performs an additional query to retrieve the object creator.

It is unclear whether permission::require_write_permission makes sense at all as an api, but we leave this to a future post-release reform.

    • -3
    • +11
    /openacs-4/packages/calendar/www/cal-item-view.tcl
Reduced attack vectors for query and form variables while keeping semantics

- improve form_parameter and query variable validation

- revert partly change: it is intentional that in case of validation errors, the

instances variables of the in-memory object contain invalid data in order

to be able to show the use the invalid data in the form.

- prefer "string first" idiom over regular expression

fix typo

Move test from acs-kernel to acs-tcl, add remarks

Fix typo

Bring the logics to parse a datetime from lc_time_fmt into an own private utility lc_datetime_to_clock and reuse it also when we convert from one timezone to another

Test cornercase encountered in practice: a user claims a timezone different to that of the system and creates a calendar item in various formats

This test currently fails, because when we convert the time between the user and the system timezone, we are too strict and allow only the "long" timestamp format "%Y-%m-%d %H:%M:%S"

Allow also dates in the "short" time format, as they may be supplied to the api in such form e.g. by the calendar package

Fixes lang_test__lc_procs automated test

Extend test suite to check that also dates in the "short" time format are supported

This test will fail

Extend test cases

Assume a cal_item is also an acs_object

Qualify source tables in query

Extend testing of data validation

removed obsolete code