• last updated 8 hours ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
Reduce usage of ns_mktemp in OpenACS

ns_mktemp uses the deprecated old POSIX call mktemp(), which should

not be used anymore for security reasons (race between the name

creation and opening the file). This change removes several usages of

"ns_mktemp" from OpenACS and replaces it with calls to the

safe Tcl call "file tempfile ..." (introduced by Tcl 8.6).

prefer usage of "xo::write_tmp_file" over "xo::write_file" for writing tmp files

    • -3
    • +3
    /openacs-4/packages/xowiki/xowiki.info
    • -4
    • +5
    /openacs-4/packages/xowiki/tcl/xowiki-procs.tcl
Reduce usage of ns_mktemp in OpenACS

ns_mktemp uses the deprecated old POSIX call mktemp(), which should

not be used anymore for security reasons (race between the name

creation and opening the file). This change removes several usages of

"ns_mktemp" from OpenACS and replaces it with calls to the

safe Tcl call "file tempfile ..." (introduced by Tcl 8.6).

added function xo::write_tmp_file

The new function uses an atomic call to create a temporary file and

is therefore lass prone to attacks.

bumped verison number to 5.10.0d41

reinstantiate accidentially deleted code

fix header generation

since the headers are set in a loop, "ns_set put" is incorrect

since it is additive. "ns_set update" is correct.

make using page-filter "object_id" backwards compatible by allowing it to be used also during update scripts

improve spelling

improve log message

Do not urlencode the return URL in every case, but only when this falls back to the current URL from the connection context, normally coming from "ns_conn url" which will return it "raw", as in not encoded for any purpose

add comments with class names to ease navigation in the source file

    • -2
    • +169
    /openacs-4/packages/xowf/tcl/test-item-procs.tcl
URLencode the return URL, or the server might complain for invalid characters (e.g. unencoded umlaut characters)

whitespace change

Remove hard-coded styling with the "style" element to get a more consistent appearance

(many thanks to Monika Andergassen for looking into this).

    • -8
    • +8
    /openacs-4/packages/xowiki/www/admin/list.tcl
Document behavior

Whitespace cleanup

improve query variable checking

    • -1
    • +1
    /openacs-4/packages/xowiki/tcl/folder-procs.tcl
Adapt 'ad_urlencode_url' to the new 'ns_parseurl' stricter behavior

added CSS properties for adding scrollbars to overly large exam texts. Not sure, these are always wanted.

Initial support for composite questions

A composite question is a test-item containing other regular test

items. This makes it possible to define a larger test item case for

which arbitrary other questions can be associated (e.g. short text

question plus an MC and ordering question etc.). The randomization

features (shuffling, x out of N, etc.) of the included test-items are

preserved such that it is possible to present the student e.g. a sub

question where only 2 out of 5 possible alternatives are displayed.

The provided implementation builds for a composite question consisting

of a constant exam intro text and the selected sub items including

points, minutes etc. The points and minutes of the composite question

are computed as the sum of the points and minutes of the

sub-items. The actual sub-items are constructed at runtime such that

per-user randomization can be applied.

Current shortcoming: question with percent-substitutions are not

supported (since the exam intro text is placed at composite form

creation time already into the form, therefore, it is the same for all

students). Furthermore, the substitution semantics are not clear

concerning the included content.

    • -116
    • +196
    /openacs-4/packages/xowf/tcl/test-item-procs.tcl
include form-vars in log messages for workflows since this eases debugging

    • -2
    • +3
    /openacs-4/packages/xowf/www/index.vuh
add checker for object_ids. In order to use this, a recent version of nsf is required, no accepting abbreviations for all types

tighten checking on input parameters

allow user to open exam answering in multiple tabs in try-out mode

fix creating/editing of xowiki::Forms

This change essentially reverts the change of July 2, which broke

the feature to specify "editor=none". This is important for the

"form" form-field entry, which requires a FORM tag, that is

usually removed by actual version of the ckeditor.

added value checker, improved comments and logging statements

file q-and-a-new-2-postgresql.xql was initially added on branch oacs-5-10.

file q-and-a-new.tcl was initially added on branch oacs-5-10.

    • -0
    • +0
    /openacs-4/packages/faq/www/admin/q-and-a-new.tcl
file q-and-a-new.adp was initially added on branch oacs-5-10.

    • -0
    • +0
    /openacs-4/packages/faq/www/admin/q-and-a-new.adp
file q-and-a-new-2.tcl was initially added on branch oacs-5-10.

    • -0
    • +0
    /openacs-4/packages/faq/www/admin/q-and-a-new-2.tcl