Activity OpenACS/

2:20 pm

gustafn

moved long time deprecated function "ad_approval_system_inuse_p" to deprecated-procs

- -18
- +1
/openacs-4/packages/acs-tcl/tcl/admin-procs.tcl
- History
- Source
- Diff
/openacs-4/packages/.../tcl/admin-procs.tcl
- -2
- +19
/openacs-4/packages/acs-tcl/tcl/deprecated-procs.tcl
- History
- Source
- Diff
/openacs-4/packages/.../deprecated-procs.tcl

2:14 pm

gustafn

Improved comments and make code more robust in regards of legacy setups

- -12
- +20
/openacs-4/packages/acs-tcl/tcl/request-processor-procs.tcl
- History
- Source
- Diff
/openacs-4/.../request-processor-procs.tcl

7:47 pm

gustafn

Added support for relative redirects

RFC 2616 requires an absolute URI in the "Location" header field. So

if someone calls "ns_returnredirect /", NaviServer transforms it on

the fly into an absolute URL by prefixing it with the location

(e.g. https://openacs.org/). NaviServer (and OpenACS) has some complex

code to compute the location value, especially when virtual servers

are involved (or for "host-node mapped" subsites in OpenACS). The

situation is further complicated when running behind a reverse proxy

and/or in a containerized environment. In such cases, the location is

computed from the "host" request header field, which must be

validated, otherwise an attacker could hijack a session and redirect

it to a spoofed site.

The situation changed 10 years ago (June 2014) with the introduction

of RFC 7231, which allows relative redirects (see

https://www.rfc-editor.org/rfc/rfc7231#section-7.1.2). Using relative

redirects greatly simplifies configuration and closes the attack

vector using the host header field. RFC 7231 has been superseded by

RFC 9110 (June 2022), which also supports relative redirects via the

"location" response header field (see

https://www.rfc-editor.org/rfc/rfc9110#field.location).

Since OpenACS prefixed always the URL with a location, when it

encounters are relative URL in a "ad_returnredirect", this change

makes use of the new feature of NaviServer 5.

Make sure to use a current version of NaviServer, where the support

was added recently.

- -0
- +14
/openacs-4/packages/acs-tcl/tcl/00-icanuse-procs.tcl
- History
- Source
- Diff
/openacs-4/packages/.../00-icanuse-procs.tcl
- -4
- +10
/openacs-4/packages/acs-tcl/tcl/utilities-procs.tcl
- History
- Source
- Diff
/openacs-4/packages/.../utilities-procs.tcl

3:57 pm

antoniop

Document more explicitly that we do not perform filesystem operations when deleting files via the fs:: api, but we rely on the content repository and its trigger+scheduled proc mechanism

- -3
- +18
/openacs-4/packages/file-storage/tcl/file-storage-procs.tcl
- History
- Source
- Diff
/openacs-4/.../file-storage-procs.tcl

3:45 pm

antoniop

Document behavior: the assumption that one can derive the filename from the api is not correct in case of copies

- -0
- +11
/openacs-4/packages/acs-content-repository/tcl/revision-procs.tcl
- History
- Source
- Diff
/openacs-4/packages/.../revision-procs.tcl

3:10 pm

antoniop

Revert https://cvs.openacs.org/changelog/OpenACS?cs=oacs-5-10%3Aantoniop%3A20240423144330

currently, file-storage will copy files by simply copying the revision entry of the new file from the original one. This means that copied files will in fact point to the same filesystem file of the original.

This "works" because the file-storage api will currently never delete a file from the filesystem, so deleting the original file will not affect the copies.

This behavior is probably not ideal, but we won't address it before the release, as to change it will most likely require some careful planning, in particular for existing installations.

- -0
- +8
/openacs-4/packages/acs-content-repository/tcl/revision-procs-oracle.xql
- History
- Source
- Diff
/openacs-4/.../revision-procs-oracle.xql
- -0
- +8
/openacs-4/packages/acs-content-repository/tcl/revision-procs-postgresql.xql
- History
- Source
- Diff
/openacs-4/.../revision-procs-postgresql.xql
- -9
- +14
/openacs-4/packages/acs-content-repository/tcl/revision-procs.tcl
- History
- Source
- Diff
/openacs-4/packages/.../revision-procs.tcl

2:01 pm

gustafn

improved robustness during bootstrap

- -7
- +20
/openacs-4/packages/acs-tcl/tcl/parameter-procs.tcl
- History
- Source
- Diff
/openacs-4/packages/.../parameter-procs.tcl

2:00 pm

gustafn

improved speling

- -2
- +2
/openacs-4/packages/acs-tcl/tcl/xml-0-sgml-procs.tcl
- History
- Source
- Diff
/openacs-4/packages/.../xml-0-sgml-procs.tcl

2:00 pm

gustafn

improved spelling

- -1
- +1
/openacs-4/packages/acs-tcl/tcl/acs-db-00-procs.tcl
- History
- Source
- Diff
/openacs-4/packages/.../acs-db-00-procs.tcl
- -2
- +2
/openacs-4/packages/acs-tcl/tcl/acs-permissions-procs.tcl
- History
- Source
- Diff
/openacs-4/.../acs-permissions-procs.tcl
- -2
- +2
/openacs-4/packages/acs-tcl/tcl/request-processor-procs.tcl
- History
- Source
- Diff
/openacs-4/.../request-processor-procs.tcl
- -2
- +2
/openacs-4/packages/acs-tcl/tcl/text-html-procs.tcl
- History
- Source
- Diff
/openacs-4/packages/.../text-html-procs.tcl
- -4
- +4
/openacs-4/packages/acs-tcl/tcl/utilities-procs.tcl
- History
- Source
- Diff
/openacs-4/packages/.../utilities-procs.tcl
- -2
- +2
/openacs-4/packages/acs-templating/tcl/list-procs.tcl
- History
- Source
- Diff
/openacs-4/packages/.../tcl/list-procs.tcl

1:48 pm

gustafn

updated jqueryui to latest version

- -5
- +5
/openacs-4/packages/xowiki/www/resources/jquery/jquery-ui.css
- History
- Source
- Diff
/openacs-4/packages/.../jquery/jquery-ui.css
- -323
- +331
/openacs-4/packages/xowiki/www/resources/jquery/jquery-ui.js
- History
- Source
- Diff
/openacs-4/packages/.../jquery/jquery-ui.js
- -4
- +4
/openacs-4/packages/xowiki/www/resources/jquery/jquery-ui.min.js
- History
- Source
- Diff
/openacs-4/packages/.../jquery-ui.min.js

1:34 pm

gustafn

improved spelling

- -2
- +2
/openacs-4/packages/xowiki/tcl/form-field-procs.tcl
- History
- Source
- Diff
/openacs-4/packages/.../form-field-procs.tcl
- -3
- +3
/openacs-4/packages/xowiki/tcl/xowiki-www-procs.tcl
- History
- Source
- Diff
/openacs-4/packages/.../xowiki-www-procs.tcl

1:32 pm

gustafn

bumped version numbers due to upstream releases

- -2
- +2
/openacs-4/packages/fa-icons/fa-icons.info
- History
- Source
- Diff
/openacs-4/packages/.../fa-icons.info
- -2
- +2
/openacs-4/packages/fa-icons/tcl/resource-procs.tcl
- History
- Source
- Diff
/openacs-4/packages/.../resource-procs.tcl
- -2
- +2
/openacs-4/packages/highcharts/highcharts.info
- History
- Source
- Diff
/openacs-4/packages/.../highcharts.info
- -1
- +1
/openacs-4/packages/highcharts/tcl/resource-procs.tcl
- History
- Source
- Diff
/openacs-4/packages/.../resource-procs.tcl

11:24 am

gustafn

Extended "ad_conn behind_secure_proxy_p"

This test will be now true, when either the recieved request

contains one of those request header fields.

- "X-SSL-Request: 1"

- "X-Forwarded-Proto: https"

Before, only the first variant was accepted.

The AWS load balancer uses the second variant.

- -2
- +5
/openacs-4/packages/acs-tcl/tcl/request-processor-procs.tcl
- History
- Source
- Diff
/openacs-4/.../request-processor-procs.tcl

1:23 pm

gustafn

whitespace changes

- -14
- +14
/openacs-4/packages/acs-api-browser/tcl/acs-api-documentation-procs.tcl
- History
- Source
- Diff
/openacs-4/.../acs-api-documentation-procs.tcl

1:18 pm

gustafn

Fixed potential infinie loop when source code looks like an regexp call

The api-code prettifier contains several heuristics for prettifying

source code without being a proper parser. It contains a

"Hack for nasty regexp stuff" which could run potentially into an infinite

parsing loop. This change fixes an acutal bug on openacs.org for file [1]

which is site-local.

[1] https://openacs.org/api-doc/procs-file-view?path=packages/xowf/tcl/openacs-procs.tcl&version_id=5526548&source_p=1

- -2
- +6
/openacs-4/packages/acs-api-browser/tcl/acs-api-documentation-procs.tcl
- History
- Source
- Diff
/openacs-4/.../acs-api-documentation-procs.tcl

10:34 am

trenner

fix typo

- -2
- +2
/openacs-4/packages/acs-tcl/tcl/request-processor-procs.tcl
- History
- Source
- Diff
/openacs-4/.../request-processor-procs.tcl

7:04 pm

gustafn

Permit "lang::message::cache" in acs::clusterwide operations

- -0
- +1
/openacs-4/packages/acs-tcl/tcl/cluster-procs.tcl
- History
- Source
- Diff
/openacs-4/packages/.../tcl/cluster-procs.tcl

7:01 pm

gustafn

improvement for ACS clusters

Incorporated changes as suggested by Jonathan Kelley

For details, see https://openacs.org/forums/message-post?parent_id=5814308

- -8
- +6
/openacs-4/packages/acs-lang/tcl/lang-message-procs.tcl
- History
- Source
- Diff
/openacs-4/.../lang-message-procs.tcl
- -1
- +2
/openacs-4/packages/acs-tcl/tcl/memoize-procs-naviserver.tcl
- History
- Source
- Diff
/openacs-4/.../memoize-procs-naviserver.tcl

4:05 pm

gustafn

Base "ad_conn behind_proxy_p" on "ns_conn details" when available

- -1
- +6
/openacs-4/packages/acs-tcl/tcl/00-icanuse-procs.tcl
- History
- Source
- Diff
/openacs-4/packages/.../00-icanuse-procs.tcl
- -10
- +27
/openacs-4/packages/acs-tcl/tcl/request-processor-procs.tcl
- History
- Source
- Diff
/openacs-4/.../request-processor-procs.tcl

2:41 pm

antoniop

Inject a reference to the current connection package into the tinymce conf (when used outside of xowiki)

- -1
- +7
/openacs-4/packages/richtext-tinymce/tcl/richtext-procs.tcl
- History
- Source
- Diff
/openacs-4/packages/.../richtext-procs.tcl

2:37 pm

antoniop

Fix file metadata

- -3
- +3
/openacs-4/packages/richtext-tinymce/tcl/richtext-procs.tcl
- History
- Source
- Diff
/openacs-4/packages/.../richtext-procs.tcl

2:31 pm

antoniop

Provide a reference to the current object when configuring tinymce

- -1
- +7
/openacs-4/packages/xowiki/tcl/form-field-procs.tcl
- History
- Source
- Diff
/openacs-4/packages/.../form-field-procs.tcl

11:00 am

antoniop

Allow to completely override the imageSelectorDialog URL downstream

- -2
- +12
/openacs-4/packages/xowiki/tcl/form-field-procs.tcl
- History
- Source
- Diff
/openacs-4/packages/.../form-field-procs.tcl

2:36 pm

antoniop

Fix typo

- -2
- +2
/openacs-4/packages/richtext-tinymce/tcl/richtext-procs.tcl
- History
- Source
- Diff
/openacs-4/packages/.../richtext-procs.tcl

9:40 am

antoniop

Don't trigger the "too long without artifacts" timeout in case we are just doing dummy uploads

- -0
- +1
/openacs-4/packages/proctoring-support/www/resources/proctored-page.js
- History
- Source
- Diff
/openacs-4/packages/.../proctored-page.js

8:59 am

antoniop

Fallback to the editor from parameter in the generic api, rather than the widget, so fallback will work also outside of ad_form

- -6
- +13
/openacs-4/packages/acs-templating/tcl/richtext-procs.tcl
- History
- Source
- Diff
/openacs-4/packages/.../richtext-procs.tcl

4:47 pm

antoniop

Introduce for richtext editors the concept of "preset"

A preset is an abstract set configurations designed to address a specific use case.

An example could be a preset for a "minimal" richtext editor, used in those forms where we want to limit the features a user should have access to. Other presets could address specific usages or applications.

Downstream developers can provide a set of ::richtext::$editor::preset::$preset procs, returning an options dict. This set of options will be merged other local configurations.

The same approach works in ad_forms and xowiki forms.

This also enables the use-case of switching to a different editor maintaining the existing application-specific configurations consistent.

- -0
- +21
/openacs-4/packages/acs-templating/tcl/richtext-procs.tcl
- History
- Source
- Diff
/openacs-4/packages/.../richtext-procs.tcl
- -2
- +34
/openacs-4/packages/xowiki/tcl/form-field-procs.tcl
- History
- Source
- Diff
/openacs-4/packages/.../form-field-procs.tcl

2:27 pm

antoniop

Drop the old approacs based on ::acs_blank_master__htmlareas and use explicit id configuration

- -7
- +3
/openacs-4/packages/richtext-tinymce/tcl/richtext-procs.tcl
- History
- Source
- Diff
/openacs-4/packages/.../richtext-procs.tcl

4:06 pm

antoniop

TinyMCE XoWiki formfield integration

We introduce a new richtext mixin richtext::tinymce, requiring the richtext-tinymce package, currently integrating TinyMCE editor 7.0.1.

This implementation has been tested with regular, repeat, compound and repeatedcompound fields.

Downstream implementations based on this formfield can customize the editor configuration further, e.g. provide custom plugins via the api parameters.

- -3
- +3
/openacs-4/packages/xowiki/xowiki.info
- History
- Source
- Diff
/openacs-4/packages/xowiki/xowiki.info
- -1
- +207
/openacs-4/packages/xowiki/tcl/form-field-procs.tcl
- History
- Source
- Diff
/openacs-4/packages/.../form-field-procs.tcl

3:29 pm

antoniop

Move hardcoded configuration out of the default (can be overridden by parameter in case), add image and code plugins in the default, set branding to false by default

- -7
- +5
/openacs-4/packages/richtext-tinymce/richtext-tinymce.info
- History
- Source
- Diff
/openacs-4/packages/.../richtext-tinymce.info
- -1
- +2
/openacs-4/packages/richtext-tinymce/tcl/richtext-procs.tcl
- History
- Source
- Diff
/openacs-4/packages/.../richtext-procs.tcl

OpenACS

Line History

Stats

Commits this week: 6

Commit Activity

52 week commits volume

Commits by day

Commits by hour

Commit calendar

Most active committers (90 days)

gustafn

gustafn

gustafn

antoniop

antoniop

antoniop

gustafn

gustafn

gustafn

gustafn

gustafn

gustafn

gustafn

gustafn

gustafn

trenner

gustafn

gustafn

gustafn

antoniop

antoniop

antoniop

antoniop

antoniop

antoniop

antoniop

antoniop

antoniop

antoniop

antoniop