OpenACS Version 5.9.1 Release of OpenACS 5.9.1: This is the announcement of the release of the OpenACS 5.9.1. This release contains many security and performance improvements and includes new functionalities. The release of OpenACS 5.9.1 contains the 88 packages of the oacs-5-9 branch. These packages include the OpenACS core packages, the major application packages (e.g. most the ones used on OpenACS.org), and DotLRN 2.9.1. The quanitative summary of the changes since the release of OpenACS 5.9.0 is as follows: 3548 files changed, 113292 insertions(+), 90507 deletions(-) contributed by 5 committers (Michael Aram, Gustaf Neumann, Antonio Pisano, Hector Romojaro, Thomas Renner) and 8 patch/bugfix providers (Frank Bergmann, Günter Ernst, Brian Fenton, Felix Mödritscher, Marcus Moser, Franz Penz, Stefan Sobernig, Michael Steigman). All packages of the release were tested with PostgreSQL 9.6.* and Tcl 8.5.*. Below is a short summary of the changes in this release. For details, consult the changelog of the release. Refactoring of rich-text editor integration - Driving force: Debian packaging (e.g. js minified code is not allowed) - Moved out code from acs-templating, provided interfaces to add many different richtext editors as separate packages - New OpenACS packages: * richtext-xinha * richtext-tinymce * richtext-ckeditor4 (has ability to choose between CDN and local installation via web interface) Improving admin interface - New theme manager: * Goals: + Make it easier to keep track of themes with local modifications + Make it easier to create local modification a new themes and to update these + Show differences between default theme parameter (in DB) and actual settings (in subsite parameters) + Allow to delete unused themes + Give site admin hints, which theme is used at which subsite + Ease theme switching * Added a subsite::theme_changed callback to be able to handle theme changes in custom themes (was also necessary for proper integration with DotLRN theming) * Added support for these features under subsite admin (/admin/) Improved support for themed templates via [template::themed_template] - Improved (broken) interface to define/manage groups over web interface - Allow to send as well mail, when membership was rejected - New functions [membership_rel::get_user_id], [membership_rel::get] and [membership_rel::get_group_id] to avoid code duplication - Added support to let user include %forgotten_password_url% in self-registration emails (e.g. in message key acs-subsite.email_body_Registration_password) - Improved subsite/www/members * Make it possible to manage members of arbitrary groups * Improved performance for large groups * Improved configurability: when ShowMembersListTo is set to "3", show list to members only, when this is not the whole subsite - Improved user interface for /admin/applications for large number of applications - Various fixes for sitewide-admin pages (under /acs-admin) - Update blueprint in "install from repository" (currently just working in NaviServer) SQL - Further cleanup of .xql files (like what as done for acs-subsite in OpenACS 5.9.0): * 36 files deleted * Removed more than 100 obsolete named queries * Stripped misleading SQL statements - Marked redundant / uncalled sql functions as deprecated - Replaced usages of obsolete view "all_object_party_privilege_map" by "acs_object_party_privilege_map" - Removed type discrepancy introduced in 2002: * acs_object_types.object_type has type varchar(1000), while * acs_object_types.supertype has type varchar(100) * ... several more data types are involved, using acs_object_types.object_type as foreign key - Simplified core sql functions by using defaults: * Number of functions reduced by a factor of 2 compared to OpenACS 5.9.0 (while providing compatibility for clients using old versions), * Reduced code redundancy Affected functions: + Reduced content_item__new from 12 versions to 6, + Reduce content_revision__new from 7 to 4 + Similar in image__new, image__new_revision, content_item__copy, content_item__get_title, content_item__move + PostgreSQL 9.5 supports named parameter in the same syntax as in Oracle. Further reduction of variants will be possible, once OpenACS requires at least PostgreSQL 9.5 - Reduced usage of deprecated versions of SQL functions (mostly content repository calls) - Reduced generation of dead tuples by combining multiple DML statements to one (reduces costs of checkpoint cleanups in PostgreSQL) - Permission queries: * Improved performance * Support PACKAGE.FUNCTION notation for PostgreSQL to allow calls permission queries exactly the same way as in Oracle (e.g. "acs_permission.permission_p()"). This helps to reduce the number of postgres specific .xql files. - Modernize SQL: * Use real Boolean types instead of character(1) (done for new-portal, forums, faq, attachments, categories, dotlrn, dotlrn-forums, evaluation) * Use real enumeration types rather than check constraints (done for storage_type text/file/lob) CR hygienics (reduce cr bloat) - Provided means to avoid insert/update/delete operations in the search queue: OpenACS adds for every new revision often multiple entries to the search_queue, without providing any means to prevent this. This requires for busy sites very short intervals between queue sweeps (otherwise too many entries pile up). Another consequence is that this behavior keeps the PostgreSQL auto-vacuum daemons permanently active. Many of these operations are useless in cases where the content repository is used for content that should not be provided via search. The changed behavior should honors a publish-date set to the future, since it will not add any content with future publish dates to the search-queue. - Reduced number of insert cr_child_rels operations, just when needed: cr_child_rels provide only little benefit (allow one to use roles in a child-rel), but the common operation is a well available in cr_items via the parent_id. cr_child_rels do not help for recursive queries either. One option would be to add an additional argument for content_item__new to omit child-rel creation (default is old behavior) and adapt the other cases. Security improvements - Added support against [[CSRF]] (cross site request forgery) * OpenACS maintains a per-request CSRF token that ensures that form replies are coming just from sites that received the form * CSRF support is optional for packages where CSRF is less dangerous, and such requests are wanted (e.g. search and API-browser) - Added Support for W3C "Upgrade-Insecure-Headers" (see https://www.w3.org/TR/upgrade-insecure-requests/): For standard compliant upgrade for requests from HTTP to HTTPS - Added support for W3C "Subresource Integrity" (SRI; see https://www.w3.org/TR/SRI/) - Added support for W3C "Content Security Policy" ([[CSP]]; see https://www.w3.org/TR/CSP/) * Removed "javascript:*" links (all such urls are removed from the 90 packages in oacs-5-9, excluding js libraries (ajaxhelper) and richtext code) * Removed "onclick", "onfocus", "onblur", "onchange" handlers from all .adp and .tcl files in the 90 packages in oacs-5-9 (excluding js libraries (ajaxhelper) and richtext code) * Added optional nonces to all