• last updated 7 hours ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
improve Oracle compatibility

improve Oracle compatibility

improve Oracle compatibility

fix setting of dict value in error cases

improve Oracle compatibility

improve Oracle compatibility

Don't break appearance for bootstrap3

make sure, variables for emergency settings are provided

added warnings/errors in case outdated code is encountered

harden policy that a user needs at least admin permission on the package for e.g. editing a question

improve Oracle compatibility

improve Oracle compatibility

Minor CSP improvements

- provided ability to add "trusted-types" and "require-trusted-types-for"

directives (Trusted Types policies)

For details, see:

https://blog.bitsrc.io/trusted-types-api-for-javascript-dom-security-fcdafa927e73

- changed default "object-src" from 'self' to 'none'

improve Oracle compatibility

register URN for highcharts from CDN only, when highcharts package is not installed

    • -3
    • +5
    /openacs-4/packages/xowiki/tcl/resource-init.tcl
file jquery.ui.touch-punch-0.2.3.js was initially added on branch oacs-5-10.

Added support for drag&drop on reorder items for mobile devices

Additionally, provided a minimal width for drag items (there is probably a better solution for this)

    • -0
    • +2
    /openacs-4/packages/xowiki/tcl/resource-init.tcl
fix icon for boostrap5 (CSS value)

change datatype to file to ensure template::data::validate::file is executed

register javascript click event for adding a calender entry only once for each day

before javascript event was registered multiple times: for each day and for each calender event

javascript click event for adding a calender entry was also fired when a calender event was viewed

Deescalation: the usage of the pairs in export_vars is not so dangerous as it looked at first sight.

The problem case was originating from the call

lappend __vars [lindex $_var 0] [uplevel subst [lindex $_var 1]]

which calls Tcl's "uplevel" with two arguments. In this case, the arguments

are concatenated and the evaluated in the caller's frame. There is a substitution

before the evaluation. When just one argument is passed in, this problem there

is only one evaluation:

lappend __vars [lindex $_var 0] [uplevel [list subst [lindex $_var 1]]]

avoid subst in export_vars when not necessary

avoid subst in export_vars when not necessary

avoided subst in export_vars when not necessary

added warning to export_vars

Added support for passing parameter_name:value_constraint to xowiki::Package->get_parameter

- The get_parameter method can get values from query-parameters, therefore

we have to validate these.

- Use the new feature at several places (especially for boolean values)

- Still, more places should be checked

- bumped xowiki to 5.10.1d37

- bumped xotcl-core to 5.10.1d14

    • -3
    • +3
    /openacs-4/packages/xowiki/xowiki.info
    • -1
    • +1
    /openacs-4/packages/xowiki/tcl/folder-procs.tcl
    • -12
    • +29
    /openacs-4/packages/xowiki/tcl/package-procs.tcl
    • -13
    • +13
    /openacs-4/packages/xowiki/tcl/xowiki-procs.tcl
add missing brackets

added optional parameter "-timeout" to "CACHE eval ..." method

make ad_sanitize_filename more robust to filenames with parentheses + extend automated tests

ensure year has only 4 digits