• last updated 41 mins ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
This change intruduces <adp:button>, which avoids adp:* markup inside

HTML attribute values, which we had before. One can now use

<adp:button type="submit" class="btn btn-outline-secondary">Filter</adp:button>

instead of

<button type="submit" class="btn <adp:class name='btn-outline-secondary'>">Filter</button>

One should probably provide in the future more adp:* tags for

providing a clean mapping of CSS class attributes.

<adp:class> was deactivated for the time being

  1. … 3 more files in changeset.
Move functionality of xowiki::CSS to tempate::CSS

template CSS provides an abstraction for CSS class names and other

styling elements depending on user preferences or on the current theme

Backwards compatibility for xowiki::CSS was provided via a stub function

  1. … 22 more files in changeset.
Added code to skip suspicious looking query variables

On openacs.org, we are experiencing numerous requests with

multiply very long and strange query variables like in the example

below. So far, it is not clear, whether these requests are the

consequence of a double encoding or a deliberate attack. Many (most)

of the requests contain the query variable names containing the

(decoded) pattern "*amp;*".

This is a relatively new phenomenon. I cannot exclude that this is a

bug introduced lately in OpenACS, or a bug in an external bot, or

whatever. The problem with these query variables is that OpenACS

propagates these further, e.g., when updating query variables in

ad_dimensional, via export_vars, or return_urls.

Since OpenACS never uses these query-variables, these can be safely

skipped, without loosing functionality in OpenACS. It is possible to

construct examples, where skipping such variables can change the

semantics. Therefore, the change introduces a single function

util::suspicious_query_variable where in case of problems, the

skipping feature can be deactivated.

GET /api-doc/proc-browse?amp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3btype=All&amp;amp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3borderby=name&amp;type=All&amp;amp%3btype=All&amp;amp%3bamp%3btype=All&amp;amp%3bamp%3bamp%3btype=All&amp;amp%3bamp%3bamp%3bamp%3btype=All&amp;amp%3bamp%3bamp%3bamp%3bamp%3btype=All&amp;amp%3bamp%3bamp%3bamp%3bamp%3bamp%3btype=All&amp;amp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3btype=All&amp;amp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3btype=All&amp;amp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3borderby=name&amp;amp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3btype=Private&amp;amp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3btype=All&amp;amp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3btype=All&amp;amp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3btype=All&amp;amp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3borderby=name&amp;amp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3bamp%3btype=All HTTP/1.1" 200 62378 "" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/605.1.15 (KHTML, like Gecko; compatible; FriendlyCrawler/1.0) Chrome/120.0.6099.216 Safari/605.1.15" "1729029614.331581 0.109805 0.000434 0.004026 0.215927

  1. … 6 more files in changeset.
merge from oacs-5-10

  1. … 8099 more files in changeset.
bumped version number from development version to release version

  1. … 93 more files in changeset.
Removed dependency on file-storage

- there was a "silent" dependency of acs-templating to the file-storage, since it

used many message keys from there.

- The message keys went to acs-content-repository

  1. … 2 more files in changeset.
removed indirect recurive dependencies

  1. … 1 more file in changeset.
silences log entries during regression test

  1. … 2 more files in changeset.
added generic icon for "mount" operations

  1. … 1 more file in changeset.
Update italian localization

  1. … 7 more files in changeset.
bumped version numbers to 5.10.1b1

  1. … 85 more files in changeset.
ensure year has only 4 digits

  1. … 3 more files in changeset.
Allow to deactivate client-side double click prevention by setting DefaultPreventDoubleClickTimeoutMs to 0

  1. … 1 more file in changeset.
added package parameter DefaultPreventDoubleClickTimeoutMs for default timeout of double click handler

  1. … 1 more file in changeset.
bumped version numbers to reflect dependency on sitemap icon

  1. … 2 more files in changeset.
extended adp:icon

- added the feature "invisible" to <adp:icon....>

- added generic names "admin", "cog", "folder-add", "permissions", "search", and "unmount"

- added an overview page of adp-icons to the sitewide admin page

- bumped version to 5.10.1d22

  1. … 4 more files in changeset.
UI improvements

- fixed link for reloading on apm/version-view page

- added generic icon name "check" (common icon name for checkmark)

- bumped version of acs-templating to 5.10.1d21

- bumped version of acs-admin to 5.10.1d3

  1. … 5 more files in changeset.
improved adp:icon support

- added images for arrow left and arrow right

- added arrow-left and arrow-right to the list of all supported icon sets

  1. … 5 more files in changeset.
registered-urns: new adp-include for listing registered URNs

This function is useful e.g. for the packages using optionally

CDN or local resources. It helps an admin for testing the

registered resources (e.g. via sitewide-admin pages).

Bump version number to 5.10.1d19.

  1. … 2 more files in changeset.
provided a helper proc to query the mapping of a generic icon name to a concrete

This function is necessary in boundary cases, where e.g. a display_template passes the generic

name of the icon via template variables which have to be

@-substituted before adp-tag resolution, which performs the

regular icon name mapping (otherwise, the tag resolver receives

e.g. ...name=@icon@...)

  1. … 3 more files in changeset.
adp:icon: extended list of generic names and support reloading

- adp:icon: added "next" and "previous" to generic names

- moved variable ::template::icon::map from *init.tcl to style-procs.tcl

to support changes via dynamic reloading via package manager

- bumped version number to 5.10.1d17

  1. … 2 more files in changeset.
Update italian localization

  1. … 1 more file in changeset.
Make also sure the tmpfile from the widget exists beforehand, when validating: we don't want users to "explore" our tmpdir with bogus values that just look sane

  1. … 2 more files in changeset.
Revert to previous template::widget::file behavior of accepting input in a form of a list of 3 elements (e.g. without a .tmpfile in the request), but introduce validation so that we enforce all widget values to be in the proper format and the files to be "safe"

  1. … 4 more files in changeset.
extended adp:icon handling

Added support for multiple classes,

Added more potentially reusabel icon names,

bumped version to 5.10.1d13

  1. … 2 more files in changeset.
Cleanup message keys that do not exist in the english locale (they do exist in their "_time" variant, e.g. Time_must_be_after_min_time, already translated in spanish)

  1. … 1 more file in changeset.
Bump version number after catalog change

added filetype-csv to generic icon names

  1. … 1 more file in changeset.
Added support for fa-icons to the generic names for adp:icon

Added new options "iconset" and "alt" to adp:icon, updated

documentation in API browser

Bumped version to 5.10.1d9

  1. … 2 more files in changeset.
Generalized ADP compilation caching, simplified handling of ad_init

Generalized adp-compilation caching

* since the result of ADP compilation can depend on the icon set

(and maybe more factors in the future), and the icon set

can be switched freely, either one needs more ADP compilation

at runtime (page rendering time) or caching had to be generalized.

* generalization of caching leads to better scalability, and

since the number of icon sets concurrently active at one

site is limited, this option seems favorable.

* The only potential incompatibility might be from installations

doing "manual" incantations of "template::adp_init" followed by

direct calls of the stub. The only packages (out of the 365

packages in CVS) effected by this are "diagram" and

"workflow". Both have been fixed in the repository. This

incantation can be simplified as followed.

Simplified handling of adp_init

* old:

template::adp_init adp $file_stub

template::code::adp::$file_stub

* new

[template::adp_init adp $file_stub]

Bumped version to 5.10.1d8

  1. … 3 more files in changeset.