• last updated 13 hours ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
- fix subtle quoting bug: the substitution of

#package_key.message_key# happens via regex on the resulting page

late in the layout process. When a message contains %-substitution

variables, at least these values have to be html-escaped.

The bug showed up e.g. on OpenACS.org in the forums, when

a subject line contained a double quote (e.g. in the .LRN Q&A forum,

message "My applet doesn't appear ...". Since the layout is produced

via

<a href="@messages.message_url@" title="#forums.goto_thread_subject#">

and the message key is defined as

Go to thread %messages.subject%

the HTML title attribute was terminated prematurely by the double

quote of the subject line and the remainder was invalid HTML.

- update documentation

- don't raise an error on missing substitution variables, but write an error to the error.log (otherwise, one can get recursive errors on missing variables)

- improve readability

- remove ignored sql statement

- use more precise data types

- strengthen page contracts

    • -4
    • +4
    /openacs-4/packages/search/www/search.tcl
- backport from head to ease using HEAD modules

- harden page contracts

- use export_vars for url-generation

- improve validity of HTML

    • -1
    • +1
    /openacs-4/packages/download/www/help.adp
- fix typos

- improve validity of HTML

- fix HTML validity of plsql-subprogram-one, proc-browse and tcl-proc-view

- strengthen page contracts

- use stored procedure sec_session_property__upsert

- add stored procedure sec_session_property__upsert to address concurrency problems with

updates in sec_session_properties; implementation for PostgreSQL and

Oracle are added, latter is not tested.

- bump version number to 5.9.0d4

- adjust return status information

- add function args missed by earlier upgrades

- bump version numbers

    • -2
    • +2
    /openacs-4/packages/forums/forums.info
- provide a friendly message in case the xowiki_form_instance_item_index was not setup correctly

    • -2
    • +9
    /openacs-4/packages/xowiki/tcl/xowiki-procs.tcl
- increase verbosity of upgrade script

- don't build db-stubs for trigger functions

- strengthen page-cpntracts

- add colon to the alloed characters of a token for page-contracts, to make it usable for api-browser

- fix bug, when "dfs" was specified

Example: http://openacs.org/search/search?q=Spam&dfs=m3

- fix for bug #3256

- provide a simple templated error page

- fix typo

- get rid of the pesky "MISSING FORMWIDGET: search:search:formbutton:ok" message

- protect against attacks against form:id

- protect against i18n message key substitution in ds_comments (in case the message i18n needs variables, this will fail anyhow)