• last updated 18 hours ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
perform proper cleanup after regressin test

use a different icon for mounting, reduced verbosity

xotcl-request-monitor Change site-node permissions after mount

This package might reveal internal information and should

not be public available per default.

bumped version number to 0.66

require login for version numbers, since this reveals internal information

added test for xotcl/version-numbers

Added state of "robots.txt" and "security.txt" to posture overview

Prettify subsite admin page

- Made explicit that "Administration" means "Subsite Administration"

(use the term consistently)

- Changed message key of acs-subsite.administration to "Subsite Administration"

- added icons to subsite admin index page (full set only for bootstrap icons)

Removed useless and hard to track ad_log messages in the forums:

Cannot determine package_id. Returning 0

use tag <i> for technical terms as on other places

increased timeout for checking requests on own site

fix over-eager renaming

delete global package parameter as for all other javascript libraries

Make managing of version numbers consistent.

For details, see: https://openacs.org/xowiki/external-javascript-packages

fixed package_id in ADP page

improved PostgreSQL version compatibility

fixed URLs

New pages for admins: Security and Privacy Posture Overview

As expressed as a wish from OpenACS users at the last OpenACS

conference, a "Security and Privacy Posture Overview" was added that

offers a quick overview of the state of the system and eases access to

the parameters scattered over different packages in the system.

The page offers:

- Quick overview

- Check of security and privacy relevant package parameters

- Permission and accessibility check of mounted packages

- Response header check

- External library check (CDN vs local usage, vulnerable or outdated libraries)

TODO: One should probably reconsider the permissions of some of the standard site nodes

(similar to what we did with the API browser some time ago).

file posture-overview.adp was initially added on branch oacs-5-10.

    • -0
    • +0
    /openacs-4/packages/acs-admin/www/posture-overview.adp
file widely-accessible-packages.tcl was initially added on branch oacs-5-10.

file widely-accessible-packages.adp was initially added on branch oacs-5-10.

file posture-overview.tcl was initially added on branch oacs-5-10.

    • -0
    • +0
    /openacs-4/packages/acs-admin/www/posture-overview.tcl
reduce verbosity in the system log

    • -1
    • +12
    /openacs-4/packages/forums/tcl/forums-procs.tcl
spell "site-wide" consistently with a dash

  1. … 20 more files in changeset.
improved the site-wide admin pages for external ja libraries

- add a sample for pinning the version number via the NaviServer configuration file

- privide a link to the requirements and background page explaining the implemented policies

add action link icon just to the immediate child of an action list

factored out vulerability check to make it reusable

- New proc ::util::resources::check_vulnerability

- bumped verison number to 5.10.1b7

    • -2
    • +2
    /openacs-4/packages/acs-tcl/acs-tcl.info
fixed typo

removed obsolete file

remove leftovers of the acs-core-ui, which does not exist anymore since at least 20 years

Implement for TinyMCE a trivial plugin integrating with the new feature in the attachments package

The plugin simply opens a window to the attachments UI. It uses its generic message passing mechanism to receive the content and inject it in the page.

See https://openacs.org/forums/message-view?message_id=5820909

file oacsAttachments.js was initially added on branch oacs-5-10.