• last updated 16 hours ago
Constraints: committers
Constraints: files
Constraints: dates
Fallback to the editor from parameter in the generic api, rather than the widget, so fallback will work also outside of ad_form

Introduce for richtext editors the concept of "preset"

A preset is an abstract set configurations designed to address a specific use case.

An example could be a preset for a "minimal" richtext editor, used in those forms where we want to limit the features a user should have access to. Other presets could address specific usages or applications.

Downstream developers can provide a set of ::richtext::$editor::preset::$preset procs, returning an options dict. This set of options will be merged other local configurations.

The same approach works in ad_forms and xowiki forms.

This also enables the use-case of switching to a different editor maintaining the existing application-specific configurations consistent.

Drop the old approacs based on ::acs_blank_master__htmlareas and use explicit id configuration

TinyMCE XoWiki formfield integration

We introduce a new richtext mixin richtext::tinymce, requiring the richtext-tinymce package, currently integrating TinyMCE editor 7.0.1.

This implementation has been tested with regular, repeat, compound and repeatedcompound fields.

Downstream implementations based on this formfield can customize the editor configuration further, e.g. provide custom plugins via the api parameters.

    • -3
    • +3
Move hardcoded configuration out of the default (can be overridden by parameter in case), add image and code plugins in the default, set branding to false by default

Add a richtext to the test formfields specifications

Move back richtext formfield implementations in form-field-procs

Moving to a different file may affect dependencies defined on form-field-procs that also expect the richtext editor to be loaded. As breaking changes are not desirable now, we revert this reform.

Add minimal styling to inline editors

file style.css was initially added on branch oacs-5-10.

Allow to serialize also object options, allow to only include the header stuff

Cleanup leftover code from successful reform in December 2016

Since then, we have been long using dynamic repeat fields on production

    • -15
    • +5
Move the specific richtext-editor implementations into an own file

file richtext-procs.tcl was initially added on branch oacs-5-10.

    • -0
    • +0
Rework the add_editor api so that it won't rely on global templating variables and fix both configuration from defaults and local

Harden the page contract and ensure that:

- for chat rooms in the chat package, only the chat class enforcing permissions is used

- for other chat ids, either the id is an object the user can read, or the user can at least read on the current connection package

Cleanup old parameter on upgraded installations

file apm-callback-procs.tcl was initially added on branch oacs-5-10.

    • -0
    • +0
file download.tcl was initially added on branch oacs-5-10.

file index.tcl was initially added on branch oacs-5-10.

file index.adp was initially added on branch oacs-5-10.

TinyMCE 7.0.1 integration

We reboot TinyMCE richtext-editor integration to support newest version 7.0.1.

Editor can be served from CDN (requires an API key) or locally, by downloading a distribution via the site-wide admin page of the package.

Editor can be configured either per-website or per-usage, as we do with other editors.

At present, no OpenACS specific features, such as image upload, are provided. Custom plugins from previous versions of this package have also been discontinued.

Notable differences with similar integrations:

- editor configuration is specified as a dict, rather than a list of lists

- current package parameters are global, rather than de-facto global instance parameters

- deprecated configuration from acs-templating is not supported anymore

  1. … 1804 more files in changeset.
harden page_contract

    • -2
    • +2
Make test more robust in setups where we cache permissions

Cleanup commented code

Only allow valid privileges in the privs parameter

restrict substitution in string

Implement a package-specific page contract filter to collect current (and future) security fixes

Reject frames and iframes in the content

Prevent sneaking symlinks in the content repository

Many thanks to Thomas Rennner and Günter Ernst for analyzing the issue

cr_write_content reform

when serving files, do not trust the content information, as the absolute path to the file can be determined programmatically in this case.

This also reduce divergency between Oracle and Postgres