• last updated 1 hour ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
- fix and standardize quoting in template properties

    • -2
    • +2
    /openacs-4/packages/news/www/index.adp
  1. … 28 more files in changeset.
- fix and standardize quoting in template properties

  1. … 6 more files in changeset.
- fix and standardize quoting in template properties

  1. … 331 more files in changeset.
- fix and standardize quoting in template properties

    • -2
    • +2
    /openacs-4/packages/acs-admin/www/apm/apm.adp
  1. … 382 more files in changeset.
- add doc(title) property

- fix quoting

- strengthen page contracts

    • -2
    • +2
    /openacs-4/packages/forums/www/message-view.tcl
- fix quoting in navigation procs

- fix subtle quoting bug: the substitution of

#package_key.message_key# happens via regex on the resulting page

late in the layout process. When a message contains %-substitution

variables, at least these values have to be html-escaped.

The bug showed up e.g. on OpenACS.org in the forums, when

a subject line contained a double quote (e.g. in the .LRN Q&A forum,

message "My applet doesn't appear ...". Since the layout is produced

via

<a href="@messages.message_url@" title="#forums.goto_thread_subject#">

and the message key is defined as

Go to thread %messages.subject%

the HTML title attribute was terminated prematurely by the double

quote of the subject line and the remainder was invalid HTML.

- update documentation

- don't raise an error on missing substitution variables, but write an error to the error.log (otherwise, one can get recursive errors on missing variables)

- improve readability

- remove ignored sql statement

- use more precise data types

- strengthen page contracts

    • -4
    • +4
    /openacs-4/packages/search/www/search.tcl
- backport from head to ease using HEAD modules

- harden page contracts

- use export_vars for url-generation

- improve validity of HTML

    • -1
    • +1
    /openacs-4/packages/download/www/help.adp
- fix typos

- improve validity of HTML

- fix HTML validity of plsql-subprogram-one, proc-browse and tcl-proc-view

- strengthen page contracts

- use stored procedure sec_session_property__upsert

- add stored procedure sec_session_property__upsert to address concurrency problems with

updates in sec_session_properties; implementation for PostgreSQL and

Oracle are added, latter is not tested.

- bump version number to 5.9.0d4

- adjust return status information

- add function args missed by earlier upgrades

- bump version numbers

    • -2
    • +2
    /openacs-4/packages/forums/forums.info
- provide a friendly message in case the xowiki_form_instance_item_index was not setup correctly

    • -2
    • +9
    /openacs-4/packages/xowiki/tcl/xowiki-procs.tcl
- increase verbosity of upgrade script

- don't build db-stubs for trigger functions