• last updated 17 hours ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
    • -2
    • +2
    /openacs-4/packages/xowiki/xowiki.info
    • -3
    • +4
    /openacs-4/packages/xowiki/tcl/package-procs.tcl
- fixed severe vulnerability with path traversal attack

Translate messages

Fix call to is_content_type, parameter was fixed to be object_type to match oracle pl/sql

Set charset for xml so rss support works correctly. Without the charset set for the mime type it sends iso-8859-1 which is wrong.

Rolling back previos commit for 2 reasons: 1. this branch is closed; 2. the change not needed.

Retriving nextvalue of sequence using nextval sequence function.

- factor out adp name checking code

- allow adp includes from sub-packages (names are resolved relative to the package key)

    • -22
    • +37
    /openacs-4/packages/xowiki/tcl/xowiki-procs.tcl
Require in all shipped policies swa permissions to create ::xowiki::Objects

    • -2
    • +2
    /openacs-4/packages/xowiki/tcl/package-procs.tcl
Require in all shipped policies swa permissions to edit ::xowiki::Objects, since these can contain Tcl code

    • -2
    • +2
    /openacs-4/packages/xowiki/tcl/package-procs.tcl
perform permission checks on included xowiki pages

    • -1
    • +11
    /openacs-4/packages/xowiki/tcl/xowiki-procs.tcl
bump version number

    • -3
    • +3
    /openacs-4/packages/xowiki/xowiki.info
security update for adp includes

    • -2
    • +25
    /openacs-4/packages/xowiki/tcl/xowiki-procs.tcl
bump version number to make sure, apm picks up the newest version

fix parameter setting where a new parameter was defined after startup, and its value is being modified.

bump version numbers to pick up fixes from last weeks via apm-tools

    • -3
    • +3
    /openacs-4/packages/xowiki/xowiki.info
allow dot in page order

    • -2
    • +2
    /openacs-4/packages/xowiki/tcl/xowiki-procs.tcl
ensure to return package_id with a site-nodes entry in Package->first_instance

for locating the tcl script directory for xinha, use the actual package instance, if it is plain xowiki instance

Don't barf, when cattree is empty

fix for bug #109

    • -1
    • +2
    /openacs-4/packages/xowiki/tcl/xowiki-procs.tcl
Fix admin priv check (thks Raul for catching that)

    • -4
    • +1
    /openacs-4/packages/dotlrn/www/applet-remove.tcl
Check permission before internal-redirecting to default template for that content type

- deletegate delete to package_object to ensure cache flushing

- check, if a prototype page was imported with language en, but the current language is different

    • -1
    • +11
    /openacs-4/packages/xowiki/tcl/package-procs.tcl
- fetch always the parent_id for weblog entries

    • -4
    • +4
    /openacs-4/packages/xowiki/tcl/weblog-procs.tcl
- don't let folder_path call get_instance_from_db with a folder_id

    • -5
    • +5
    /openacs-4/packages/xowiki/xowiki.info
    • -3
    • +7
    /openacs-4/packages/xowiki/tcl/package-procs.tcl
- ignore errors during at_delete in destroy operations

- send bulk actions via POST

- reduce verbosity