gernst in OpenACS

Zoom LTI Interface: do not unset "lis_person_sourcedid" and "lis_person_contact_email_primary". The latter is not needed if a user should be logged in as "Student", but is required if the user should be logged in as "Instructor". "Instructor" in the Zoom context means, giving this person the permission to create/manage meetings in the context of the launch. Which roles are considered by Zoom as being an "Instructor" have to be specified in the settings of Zoom's "LTI Pro" application.

Added feature to auto lauch LTI login forms upon page loading. This is especially useful when embedding LTI content using an iframe.

Refine regular expression used for the detection of Includelets

    • -2
    • +2
    /openacs-4/packages/xowiki/tcl/xowiki-procs.tcl
Bring the implementation of the "Search" operation of the "auth_search" service contract in line with the operation's definition by correcting the returned value ("username" instead of "user_id") and restricting the search to the local authority.

Remove non-functional "double click protection" in order to remove a potential attack vector

Added constraint site_nodes_parent_id_ck to table "site_nodes" to avoid certain simple loops on parent_ids

file upgrade-5.10.0d31-5.10.0d32.sql was initially added on branch oacs-5-10.

Use "latest_revision" as revision_id for the newly created news-item when it is created with "is_live_p" set to false

file upgrade-5.10.0d3-5.10.0d4.sql was initially added on branch oacs-5-10.

Package new-portal: additional database indices for tables "portal_element_map", "portal_element_parameters" and "portal_datasource_def_params"; bumped package version to 2.10.0d4

file upgrade-2.10.0d3-2.10.0d4.sql was initially added on branch oacs-5-10.

Removed instmixin specification from the ::xo::oauth::Package creation statement as the to-be-mixed-in classes no longer exist; Fixed varname

Change from ad_page_contract to ad_include_contract; removed unused arguments

Remove Hinweise zum Datenschutz bei Googleparameter

Fix typo in message-key name

Strip of validation part before checking for the existence of query parameter

thighten parameter checking to valid classes

    • -3
    • +3
    /openacs-4/packages/xowiki/tcl/package-procs.tcl
Provide default value for "return_url" and use "export_vars" for url-construction; whitespace changes

Make page for managing the parameter "PrivateEmailLevelP" subsite aware.

Use already existing message-key.

Fixed typo in message-key. Bump acs-lang version to reload message keys.

Remove unused variable

Use template::util::tcl_to_sql_list for proper list element quoting

ns_quotehtml user submitted value inside an error message to prevent potential XSS attack

Fix incorrect proc name

Code cleanup: use "ad_form" for form processing and "ad_include_contract"; dropped support for "change-locale-include"-include attribute "return_p" as it was never used in the include's code.

Throw an error instead of a warning when trying to use template::data::validate::oneof without having specifyed the parameter "-options" on the form element which should be validated.

Added validation "oneof" to form element validations. It checks the user submitted value to be part of a predefined list of possible values of a form element. This is typically the case with widgets of type "select" or "multiselect".

fix typo

Added switch "-ulevel" to proc "util::var_subst_quotehtml";

ad_form: quote form field values in validation error messages to prevent XSS attacks