gernst in OpenACS

Accordion

About

82 commits

Committer is not mapped to a user
First commit: 22 September 2017
Last commit: 29 February 2024

	Last Week	All Time
Commits:	0	82
Files changed:	0	146
Change in LOC:	0	1,164

Commit Activity

Thursday 29 Feb

1:04 pm

gernst

Quote error message to better protect against XSS attacks

- -2
- +2
/openacs-4/packages/xotcl-core/tcl/context-procs.tcl
- History
- Source
- Diff
/openacs-4/packages/.../tcl/context-procs.tcl

Friday 10 Feb 2023

8:07 pm

gernst

Added proc "membership_rel::expire" so that all membership states are now covered. Note: The Oracle part is best effort only!

- -2
- +2
/openacs-4/packages/acs-kernel/acs-kernel.info
- History
- Source
- Diff
/openacs-4/packages/.../acs-kernel.info
- -1
- +11
/openacs-4/packages/acs-kernel/sql/oracle/groups-body-create.sql
- History
- Source
- Diff
/openacs-4/.../groups-body-create.sql
- -1
- +5
/openacs-4/packages/acs-kernel/sql/oracle/groups-create.sql
- History
- Source
- Diff
/openacs-4/packages/.../groups-create.sql
- -0
- +249
/openacs-4/packages/acs-kernel/sql/oracle/upgrade/upgrade-5.10.1d16-5.10.1d17.sql
- History
- Source
- Diff
/openacs-4/.../upgrade-5.10.1d16-5.10.1d17.sql
- -1
- +25
/openacs-4/packages/acs-kernel/sql/postgresql/groups-body-create.sql
- History
- Source
- Diff
/openacs-4/.../groups-body-create.sql
- -0
- +22
/openacs-4/packages/acs-kernel/sql/postgresql/upgrade/upgrade-5.10.1d16-5.10.1d17.sql
- History
- Source
- Diff
/openacs-4/.../upgrade-5.10.1d16-5.10.1d17.sql
- -2
- +2
/openacs-4/packages/acs-tcl/acs-tcl.info
- History
- Source
- Diff
/openacs-4/packages/acs-tcl/acs-tcl.info
- -0
- +5
/openacs-4/packages/acs-tcl/tcl/membership-rel-procs-oracle.xql
- History
- Source
- Diff
/openacs-4/.../membership-rel-procs-oracle.xql
- -0
- +5
/openacs-4/packages/acs-tcl/tcl/membership-rel-procs-postgresql.xql
- History
- Source
- Diff
/openacs-4/.../membership-rel-procs-postgresql.xql
- -1
- +10
/openacs-4/packages/acs-tcl/tcl/membership-rel-procs.tcl
- History
- Source
- Diff
/openacs-4/.../membership-rel-procs.tcl
- -1
- +11
/openacs-4/packages/acs-tcl/tcl/test/test-membership-rel-procs.tcl
- History
- Source
- Diff
/openacs-4/.../test-membership-rel-procs.tcl

8:07 pm

gernst

More
MAIN:gernst:20230210190731
deleted 2 files
MAIN

file upgrade-5.10.1d16-5.10.1d17.sql was initially added on branch oacs-5-10.

- -0
- +0
/openacs-4/packages/acs-kernel/sql/oracle/upgrade/upgrade-5.10.1d16-5.10.1d17.sql
- History
- Source
/openacs-4/.../upgrade-5.10.1d16-5.10.1d17.sql
- -0
- +0
/openacs-4/packages/acs-kernel/sql/postgresql/upgrade/upgrade-5.10.1d16-5.10.1d17.sql
- History
- Source
/openacs-4/.../upgrade-5.10.1d16-5.10.1d17.sql

Friday 27 Jan 2023

12:59 pm

gernst

Improve validation

- -1
- +3
/openacs-4/packages/file-storage/www/file-add.tcl
- History
- Source
- Diff
/openacs-4/packages/.../www/file-add.tcl
- -1
- +2
/openacs-4/packages/file-storage/www/file-edit.tcl
- History
- Source
- Diff
/openacs-4/packages/.../www/file-edit.tcl

Monday 17 Oct 2022

3:42 pm

gernst

Quote user provided value in error message to eliminate potential XSS attack vector

- -3
- +3
/openacs-4/packages/dotlrn/tcl/community-procs.tcl
- History
- Source
- Diff
/openacs-4/packages/.../community-procs.tcl

Tuesday 04 Oct 2022

5:07 pm

gernst

Allow only one format for the 'date' query parameter, bringing the page contract in line with the "Go to date"-form on this page from which this value is supplied.

- -2
- +2
/openacs-4/packages/calendar/www/view.tcl
- History
- Source
- Diff
/openacs-4/packages/calendar/www/view.tcl

Tuesday 13 Sep 2022

6:55 pm

gernst

ns_quotehtml user submitted value inside error message to prevent potential XSS attack

- -3
- +3
/openacs-4/packages/acs-tcl/tcl/tcl-documentation-procs.tcl
- History
- Source
- Diff
/openacs-4/.../tcl-documentation-procs.tcl

Wednesday 06 Jul 2022

5:19 pm

gernst

Fixed variable name

- -1
- +1
/openacs-4/packages/acs-subsite/www/shared/iso-codes.adp
- History
- Source
- Diff
/openacs-4/packages/.../shared/iso-codes.adp

Wednesday 13 Apr 2022

5:45 pm

gernst

Harden page contract; Prefer redirect url created via "export_vars" over handcrafted one

- -1
- +2
/openacs-4/packages/dotlrn/www/configure-2.tcl
- History
- Source
- Diff
/openacs-4/packages/.../www/configure-2.tcl

Wednesday 30 Mar 2022

6:40 pm

Gradually improve usability and security of the calendar item new/edit form by adding additonal input validations. Prefer built-in input validation over custom validation. Also make sure all needed Javascript is in place.

- -23
- +29
/openacs-4/packages/calendar/www/cal-item-new.tcl
- History
- Source
- Diff
/openacs-4/packages/.../www/cal-item-new.tcl

Friday 25 Feb 2022

3:01 pm

gernst

Make the initial population of the request-monitor counters more robust

- -5
- +9
/openacs-4/packages/xotcl-request-monitor/tcl/throttle_mod-procs.tcl
- History
- Source
- Diff
/openacs-4/.../throttle_mod-procs.tcl

Monday 24 Jan 2022

4:06 pm

gernst

Use package_id instead of the package object

- -2
- +2
/openacs-4/packages/xowiki/tcl/package-procs.tcl
- History
- Source
- Diff
/openacs-4/packages/.../tcl/package-procs.tcl

Tuesday 05 Oct 2021

3:42 pm

gernst

Fix order in expression

- -3
- +3
/openacs-4/packages/acs-templating/tcl/date-procs.tcl
- History
- Source
- Diff
/openacs-4/packages/.../tcl/date-procs.tcl

Monday 21 Jun 2021

3:51 pm

gernst

Fix typo

- -1
- +1
/openacs-4/packages/xowiki/tcl/test/api-test-procs.tcl
- History
- Source
- Diff
/openacs-4/packages/.../api-test-procs.tcl

Tuesday 01 Jun 2021

4:44 pm

gernst

Zoom LTI Interface: do not unset "lis_person_sourcedid" and "lis_person_contact_email_primary". The latter is not needed if a user should be logged in as "Student", but is required if the user should be logged in as "Instructor". "Instructor" in the Zoom context means, giving this person the permission to create/manage meetings in the context of the launch. Which roles are considered by Zoom as being an "Instructor" have to be specified in the settings of Zoom's "LTI Pro" application.

- -10
- +0
/openacs-4/packages/xooauth/tcl/lti-procs.tcl
- History
- Source
- Diff
/openacs-4/packages/.../tcl/lti-procs.tcl

Tuesday 25 May 2021

4:29 pm

gernst

Added feature to auto lauch LTI login forms upon page loading. This is especially useful when embedding LTI content using an iframe.

- -4
- +17
/openacs-4/packages/xooauth/tcl/lti-procs.tcl
- History
- Source
- Diff
/openacs-4/packages/.../tcl/lti-procs.tcl

Wednesday 19 May 2021

5:55 pm

gernst

Refine regular expression used for the detection of Includelets

- -2
- +2
/openacs-4/packages/xowiki/tcl/xowiki-procs.tcl
- History
- Source
- Diff
/openacs-4/packages/.../tcl/xowiki-procs.tcl

Friday 30 Apr 2021

6:06 pm

gernst

Bring the implementation of the "Search" operation of the "auth_search" service contract in line with the operation's definition by correcting the returned value ("username" instead of "user_id") and restricting the search to the local authority.

- -8
- +10
/openacs-4/packages/acs-authentication/tcl/local-procs.tcl
- History
- Source
- Diff
/openacs-4/packages/.../tcl/local-procs.tcl

Friday 23 Apr 2021

11:01 am

gernst

Remove non-functional "double click protection" in order to remove a potential attack vector

- -14
- +0
/openacs-4/packages/acs-tcl/tcl/form-processing-procs.tcl
- History
- Source
- Diff
/openacs-4/.../form-processing-procs.tcl
- -16
- +1
/openacs-4/packages/acs-tcl/tcl/tcl-documentation-procs.tcl
- History
- Source
- Diff
/openacs-4/.../tcl-documentation-procs.tcl

Wednesday 24 Mar 2021

6:00 pm

gernst

Added constraint site_nodes_parent_id_ck to table "site_nodes" to avoid certain simple loops on parent_ids

- -2
- +2
/openacs-4/packages/acs-kernel/acs-kernel.info
- History
- Source
- Diff
/openacs-4/packages/.../acs-kernel.info
- -1
- +10
/openacs-4/packages/acs-kernel/sql/oracle/site-nodes-create.sql
- History
- Source
- Diff
/openacs-4/packages/.../site-nodes-create.sql
- -0
- +8
/openacs-4/packages/acs-kernel/sql/oracle/upgrade/upgrade-5.10.0d31-5.10.0d32.sql
- History
- Source
- Diff
/openacs-4/.../upgrade-5.10.0d31-5.10.0d32.sql
- -1
- +10
/openacs-4/packages/acs-kernel/sql/postgresql/site-nodes-create.sql
- History
- Source
- Diff
/openacs-4/packages/.../site-nodes-create.sql
- -0
- +13
/openacs-4/packages/acs-kernel/sql/postgresql/upgrade/upgrade-5.10.0d31-5.10.0d32.sql
- History
- Source
- Diff
/openacs-4/.../upgrade-5.10.0d31-5.10.0d32.sql

6:00 pm

gernst

More
MAIN:gernst:20210324170008
deleted 2 files
MAIN

file upgrade-5.10.0d31-5.10.0d32.sql was initially added on branch oacs-5-10.

- -0
- +0
/openacs-4/packages/acs-kernel/sql/oracle/upgrade/upgrade-5.10.0d31-5.10.0d32.sql
- History
- Source
/openacs-4/.../upgrade-5.10.0d31-5.10.0d32.sql
- -0
- +0
/openacs-4/packages/acs-kernel/sql/postgresql/upgrade/upgrade-5.10.0d31-5.10.0d32.sql
- History
- Source
/openacs-4/.../upgrade-5.10.0d31-5.10.0d32.sql

Wednesday 17 Mar 2021

2:51 pm

gernst

Use "latest_revision" as revision_id for the newly created news-item when it is created with "is_live_p" set to false

- -2
- +2
/openacs-4/packages/news/news.info
- History
- Source
- Diff
/openacs-4/packages/news/news.info
- -4
- +5
/openacs-4/packages/news/sql/postgresql/news-package-create.sql
- History
- Source
- Diff
/openacs-4/.../news-package-create.sql
- -0
- +106
/openacs-4/packages/news/sql/postgresql/upgrade/upgrade-5.10.0d3-5.10.0d4.sql
- History
- Source
- Diff
/openacs-4/.../upgrade-5.10.0d3-5.10.0d4.sql

2:51 pm

gernst

More
MAIN:gernst:20210317135124
deleted 1 file
MAIN

file upgrade-5.10.0d3-5.10.0d4.sql was initially added on branch oacs-5-10.

- -0
- +0
/openacs-4/packages/news/sql/postgresql/upgrade/upgrade-5.10.0d3-5.10.0d4.sql
- History
- Source
/openacs-4/.../upgrade-5.10.0d3-5.10.0d4.sql

Monday 23 Nov 2020

4:49 pm

gernst

Package new-portal: additional database indices for tables "portal_element_map", "portal_element_parameters" and "portal_datasource_def_params"; bumped package version to 2.10.0d4