• last updated 3 hours ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
use 'self' for "security::csp::require object-src" instead of 'none' since the latter is non-incremental

don't create a cache, which is not needed

Fix proc name

Do not improperly rely on apm_version_names_compare to check for NaviServer version number, use a more reliable capability check instead

Change the regexp so that we catch multiple kinds of error pattern indicating the subcommand does not exist: NaviServer and Tcl return sligthly different error messages

Extend test to expose that we need a better idiom to detect also NaviServer commands

Use a different idiom to detect if a command supports a subcommand, fixing acs-tcl.acs__command_has_subcommand automated test

Fix wording

New test for acs::cmd_has_subcommand exposing how flags at the beginning and end of the error message are not properly recognized

file 00-icanuse-procs.tcl was initially added on branch oacs-5-10.

    • -0
    • +0
    /openacs-4/packages/acs-tcl/tcl/test/00-icanuse-procs.tcl
ensure, that the minimal set of controls is provided, also, when there are hidden form fields

improve spelling

since the form-field "file" supports the file multiple attribute, the internal representation is as well a list.

this change takes now as file-name for the local renderer as well the first file name list element.

add the original filename to the generated url, so that it is also delivered to the user

Keep supporting the previous proc signature, throwing a warning

util::http should provide enough fallback via curl already without targeting specific Naviserver versions, use other fallbacks only when no implementation is available

Fix webserver version check using 'apm_version_names_compare' for rc versions.

Between 4.99.6 and 4.99.20rc1, for example, 'apm_version_names_compare' will consider the latter to be the lowest.

As this is not the expected behavior for webserver version check, this patch just removes the rc part of the version before comparing in the few cases where this is done, and should be removed if the behavior changes in the future.

Fix version check

Tear down a lot of boilerplate used to support native HTTP api on Naviserver versions < 4.99.15, which will now fallback to curl

    • -245
    • +40
    /openacs-4/packages/acs-tcl/tcl/http-client-procs.tcl
Doc formatting changes

    • -330
    • +406
    /openacs-4/packages/acs-tcl/tcl/http-client-procs.tcl
Avoid markup in documentation

Reduce people expectations

Fix acs-tcl.logout_from_everywhere test case and support again invalidating of all existing user logins, useful e.g. to make sure no device still holds a valid login when we change our password on a device

Test the use case supposedly supported by sec_change_user_auth_token: invalidate all existing login cookies (e.g. when the users change their password) so that all devices need to log in again

the test exposes a long standing regression (~17 years) where this was broken in order to support persistent login. See e.g. https://openacs.org/forums/message-view?message_id=1691183#msg_1691183

file security-procs.tcl was initially added on branch oacs-5-10.

    • -0
    • +0
    /openacs-4/packages/acs-tcl/tcl/test/security-procs.tcl
improve documentation

use proper user_id

    • -1
    • +1
    /openacs-4/packages/xowf/lib/inclass-exam.wf
Added text-attachment

Ny using text-attachments, a lecturer can attach files to the exercise

text for the student to download when solving the exercise.

    • -1
    • +1
    /openacs-4/packages/xowf/tcl/xowf-procs.tcl
improved comments

enable question-form resolving again.