Activity OpenACS/

10:37 am

gustafn

Minor CSP improvements

- provided ability to add "trusted-types" and "require-trusted-types-for"

directives (Trusted Types policies)

For details, see:

https://blog.bitsrc.io/trusted-types-api-for-javascript-dom-security-fcdafa927e73

- changed default "object-src" from 'self' to 'none'

- -5
- +8
/openacs-4/packages/acs-tcl/tcl/security-procs.tcl
- History
- Source
- Diff
/openacs-4/packages/.../security-procs.tcl

6:11 am

raulr

improve Oracle compatibility

- -8
- +18
/openacs-4/packages/acs-tcl/tcl/security-procs.tcl
- History
- Source
- Diff
/openacs-4/packages/.../security-procs.tcl

6:12 pm

gustafn

register URN for highcharts from CDN only, when highcharts package is not installed

- -3
- +5
/openacs-4/packages/xowiki/tcl/resource-init.tcl
- History
- Source
- Diff
/openacs-4/packages/.../tcl/resource-init.tcl

6:05 pm

gustafn

More
MAIN:gustafn:20221112170524
deleted 1 file
MAIN

file jquery.ui.touch-punch-0.2.3.js was initially added on branch oacs-5-10.

- -0
- +0
/openacs-4/packages/xowiki/www/resources/jquery/jquery.ui.touch-punch-0.2.3.js
- History
- Source
/openacs-4/.../jquery.ui.touch-punch-0.2.3.js

6:05 pm

gustafn

Added support for drag&drop on reorder items for mobile devices

Additionally, provided a minimal width for drag items (there is probably a better solution for this)

- -2
- +5
/openacs-4/packages/xowiki/tcl/form-field-procs.tcl
- History
- Source
- Diff
/openacs-4/packages/.../form-field-procs.tcl
- -0
- +2
/openacs-4/packages/xowiki/tcl/resource-init.tcl
- History
- Source
- Diff
/openacs-4/packages/.../tcl/resource-init.tcl
- -0
- +180
/openacs-4/packages/xowiki/www/resources/jquery/jquery.ui.touch-punch-0.2.3.js
- History
- Source
- Diff
/openacs-4/.../jquery.ui.touch-punch-0.2.3.js

5:16 pm

gustafn

fix icon for boostrap5 (CSS value)

- -0
- +10
/openacs-4/packages/xowiki/www/resources/xowiki-bootstrap3-specific.css
- History
- Source
- Diff
/openacs-4/.../xowiki-bootstrap3-specific.css
- -0
- +11
/openacs-4/packages/xowiki/www/resources/xowiki-bootstrap5-specific.css
- History
- Source
- Diff
/openacs-4/.../xowiki-bootstrap5-specific.css
- -10
- +0
/openacs-4/packages/xowiki/www/resources/xowiki.css
- History
- Source
- Diff
/openacs-4/packages/.../resources/xowiki.css

10:26 am

trenner

change datatype to file to ensure template::data::validate::file is executed

- -2
- +2
/openacs-4/packages/acs-subsite/www/user/portrait/upload.tcl
- History
- Source
- Diff
/openacs-4/packages/.../portrait/upload.tcl

2:15 pm

trenner

register javascript click event for adding a calender entry only once for each day

before javascript event was registered multiple times: for each day and for each calender event

javascript click event for adding a calender entry was also fired when a calender event was viewed

- -11
- +3
/openacs-4/packages/calendar/www/view-month-display.tcl
- History
- Source
- Diff
/openacs-4/.../view-month-display.tcl

7:04 pm

gustafn

Deescalation: the usage of the pairs in export_vars is not so dangerous as it looked at first sight.

The problem case was originating from the call

lappend __vars [lindex $_var 0] [uplevel subst [lindex $_var 1]]

which calls Tcl's "uplevel" with two arguments. In this case, the arguments

are concatenated and the evaluated in the caller's frame. There is a substitution

before the evaluation. When just one argument is passed in, this problem there

is only one evaluation:

lappend __vars [lindex $_var 0] [uplevel [list subst [lindex $_var 1]]]

- -5
- +5
/openacs-4/packages/acs-tcl/tcl/utilities-procs.tcl
- History
- Source
- Diff
/openacs-4/packages/.../utilities-procs.tcl
- -6
- +8
/openacs-4/packages/xotcl-core/tcl/06-package-procs.tcl
- History
- Source
- Diff
/openacs-4/packages/.../06-package-procs.tcl

3:20 pm

gustafn

More
MAIN:gustafn:20221108142044
changed 1 file
MAIN

avoid subst in export_vars when not necessary

- -3
- +3
/openacs-4/packages/bug-tracker/lib/nav-bar.tcl
- History
- Source
- Diff
/openacs-4/packages/.../lib/nav-bar.tcl

3:19 pm

gustafn

avoid subst in export_vars when not necessary

- -2
- +3
/openacs-4/packages/forums/www/forum-view.tcl
- History
- Source
- Diff
/openacs-4/packages/.../www/forum-view.tcl
- -2
- +3
/openacs-4/packages/acs-api-browser/www/proc-view.tcl
- History
- Source
- Diff
/openacs-4/packages/.../www/proc-view.tcl

3:02 pm

gustafn

avoided subst in export_vars when not necessary

- -1
- +2
/openacs-4/packages/acs-admin/lib/service-parameters.tcl
- History
- Source
- Diff
/openacs-4/.../service-parameters.tcl
- -2
- +6
/openacs-4/packages/acs-subsite/lib/applications.tcl
- History
- Source
- Diff
/openacs-4/packages/.../lib/applications.tcl

2:59 pm

gustafn

added warning to export_vars

- -1
- +8
/openacs-4/packages/acs-tcl/tcl/utilities-procs.tcl
- History
- Source
- Diff
/openacs-4/packages/.../utilities-procs.tcl

2:24 pm

gustafn

Added support for passing parameter_name:value_constraint to xowiki::Package->get_parameter

- The get_parameter method can get values from query-parameters, therefore

we have to validate these.

- Use the new feature at several places (especially for boolean values)

- Still, more places should be checked

- bumped xowiki to 5.10.1d37

- bumped xotcl-core to 5.10.1d14

- -2
- +2
/openacs-4/packages/xotcl-core/xotcl-core.info
- History
- Source
- Diff
/openacs-4/packages/.../xotcl-core.info
- -26
- +4
/openacs-4/packages/xotcl-core/tcl/06-package-procs.tcl
- History
- Source
- Diff
/openacs-4/packages/.../06-package-procs.tcl
- -29
- +52
/openacs-4/packages/xotcl-core/tcl/context-procs.tcl
- History
- Source
- Diff
/openacs-4/packages/.../tcl/context-procs.tcl
- -3
- +3
/openacs-4/packages/xowiki/xowiki.info
- History
- Source
- Diff
/openacs-4/packages/xowiki/xowiki.info
- -1
- +1
/openacs-4/packages/xowiki/tcl/folder-procs.tcl
- History
- Source
- Diff
/openacs-4/packages/.../tcl/folder-procs.tcl
- -2
- +2
/openacs-4/packages/xowiki/tcl/form-field-procs.tcl
- History
- Source
- Diff
/openacs-4/packages/.../form-field-procs.tcl
- -2
- +2
/openacs-4/packages/xowiki/tcl/menu-procs.tcl
- History
- Source
- Diff
/openacs-4/packages/.../tcl/menu-procs.tcl
- -12
- +29
/openacs-4/packages/xowiki/tcl/package-procs.tcl
- History
- Source
- Diff
/openacs-4/packages/.../tcl/package-procs.tcl
- -13
- +13
/openacs-4/packages/xowiki/tcl/xowiki-procs.tcl
- History
- Source
- Diff
/openacs-4/packages/.../tcl/xowiki-procs.tcl
- -6
- +6
/openacs-4/packages/xowiki/tcl/xowiki-utility-procs.tcl
- History
- Source
- Diff
/openacs-4/.../xowiki-utility-procs.tcl
- -10
- +10
/openacs-4/packages/xowiki/tcl/xowiki-www-procs.tcl
- History
- Source
- Diff
/openacs-4/packages/.../xowiki-www-procs.tcl

1:47 pm

trenner

add missing brackets

- -2
- +2
/openacs-4/packages/xotcl-core/tcl/06-package-procs.tcl
- History
- Source
- Diff
/openacs-4/packages/.../06-package-procs.tcl

1:45 pm

gustafn

added optional parameter "-timeout" to "CACHE eval ..." method

- -8
- +12
/openacs-4/packages/acs-tcl/tcl/acs-cache-procs.tcl
- History
- Source
- Diff
/openacs-4/packages/.../acs-cache-procs.tcl

10:55 am

trenner

make ad_sanitize_filename more robust to filenames with parentheses + extend automated tests

- -4
- +7
/openacs-4/packages/acs-tcl/tcl/utilities-procs.tcl
- History
- Source
- Diff
/openacs-4/packages/.../utilities-procs.tcl
- -0
- +4
/openacs-4/packages/acs-tcl/tcl/test/utilities-procs.tcl
- History
- Source
- Diff
/openacs-4/packages/.../utilities-procs.tcl

2:38 pm

trenner

ensure year has only 4 digits

- -2
- +2
/openacs-4/packages/acs-templating/acs-templating.info
- History
- Source
- Diff
/openacs-4/packages/.../acs-templating.info
- -0
- +1
/openacs-4/packages/acs-templating/catalog/acs-templating.de_DE.ISO-8859-1.xml
- History
- Source
- Diff
/openacs-4/.../acs-templating.de_DE.ISO-8859-1.xml
- -0
- +1
/openacs-4/packages/acs-templating/catalog/acs-templating.en_US.ISO-8859-1.xml
- History
- Source
- Diff
/openacs-4/.../acs-templating.en_US.ISO-8859-1.xml
- -3
- +3
/openacs-4/packages/acs-templating/tcl/date-procs.tcl
- History
- Source
- Diff
/openacs-4/packages/.../tcl/date-procs.tcl

2:34 pm

gustafn

new API call util::potentially_unsafe_eval_p

Check content of the string to identify potentially unsafe content

in the provided string. The content is unsafe, when it contains

externally provided content, which might be provided e.g. via

query variables, or via user values stored in the database. When

such content contains square braces, a "subst" command on

theses can evaluate arbitrary commands, which is dangerous.

The new API call is used in "::xo::Package->return_page", where the

"subst" command stripped from its command substitution capabilities.

In case, command subsitution is needed, perform this prior this call.

bumped acs-tcl to 5.10.1d23

bumped xotcl-core to 5.10.1d13

- -2
- +2
/openacs-4/packages/acs-tcl/acs-tcl.info
- History
- Source
- Diff
/openacs-4/packages/acs-tcl/acs-tcl.info
- -1
- +40
/openacs-4/packages/acs-tcl/tcl/utilities-procs.tcl
- History
- Source
- Diff
/openacs-4/packages/.../utilities-procs.tcl
- -3
- +3
/openacs-4/packages/xotcl-core/xotcl-core.info
- History
- Source
- Diff
/openacs-4/packages/.../xotcl-core.info
- -2
- +5
/openacs-4/packages/xotcl-core/tcl/06-package-procs.tcl
- History
- Source
- Diff
/openacs-4/packages/.../06-package-procs.tcl

9:21 pm

gustafn

check queuing situation for every connection pool

- -13
- +28
/openacs-4/packages/xotcl-request-monitor/tcl/throttle_mod-procs.tcl
- History
- Source
- Diff
/openacs-4/.../throttle_mod-procs.tcl

6:33 pm

gustafn

Allow to deactivate client-side double click prevention by setting DefaultPreventDoubleClickTimeoutMs to 0

- -4
- +4
/openacs-4/packages/acs-templating/acs-templating.info
- History
- Source
- Diff
/openacs-4/packages/.../acs-templating.info
- -0
- +3
/openacs-4/packages/acs-templating/tcl/head-procs.tcl
- History
- Source
- Diff
/openacs-4/packages/.../tcl/head-procs.tcl

2:50 pm

hectorr

Add vtt mime type to CR

- -2
- +2
/openacs-4/packages/acs-content-repository/acs-content-repository.info
- History
- Source
- Diff
/openacs-4/.../acs-content-repository.info
- -1
- +2
/openacs-4/packages/acs-content-repository/sql/common/mime-type-data.sql
- History
- Source
- Diff
/openacs-4/packages/.../mime-type-data.sql
- -0
- +45
/openacs-4/packages/acs-content-repository/sql/oracle/upgrade/upgrade-5.10.1d4-5.10.1d5.sql
- History
- Source
- Diff
/openacs-4/.../upgrade-5.10.1d4-5.10.1d5.sql
- -0
- +38
/openacs-4/packages/acs-content-repository/sql/postgresql/upgrade/upgrade-5.10.1d4-5.10.1d5.sql
- History
- Source
- Diff
/openacs-4/.../upgrade-5.10.1d4-5.10.1d5.sql

2:50 pm

hectorr

More
MAIN:hectorr:20221103135008
deleted 2 files
MAIN

file upgrade-5.10.1d4-5.10.1d5.sql was initially added on branch oacs-5-10.

- -0
- +0
/openacs-4/packages/acs-content-repository/sql/oracle/upgrade/upgrade-5.10.1d4-5.10.1d5.sql
- History
- Source
/openacs-4/.../upgrade-5.10.1d4-5.10.1d5.sql
- -0
- +0
/openacs-4/packages/acs-content-repository/sql/postgresql/upgrade/upgrade-5.10.1d4-5.10.1d5.sql
- History
- Source
/openacs-4/.../upgrade-5.10.1d4-5.10.1d5.sql

10:08 am

gustafn

generalize handling of premature ends of request processing at client side

- -12
- +17
/openacs-4/packages/boomerang/tcl/boomerang-procs.tcl
- History
- Source
- Diff
/openacs-4/packages/.../boomerang-procs.tcl

6:04 pm

gustafn

added package parameter DefaultPreventDoubleClickTimeoutMs for default timeout of double click handler

- -2
- +4
/openacs-4/packages/acs-templating/acs-templating.info
- History
- Source
- Diff
/openacs-4/packages/.../acs-templating.info
- -3
- +7
/openacs-4/packages/acs-templating/tcl/head-procs.tcl
- History
- Source
- Diff
/openacs-4/packages/.../tcl/head-procs.tcl

5:08 pm

gustafn

added double-click prevention class to submit widget

- -3
- +3
/openacs-4/packages/acs-templating/tcl/widget-procs.tcl
- History
- Source
- Diff
/openacs-4/packages/.../tcl/widget-procs.tcl

2:20 pm

gustafn

allow passing of template variables as icon name (which are resolved later)

- -2
- +3
/openacs-4/packages/acs-templating/tcl/style-procs.tcl
- History
- Source
- Diff
/openacs-4/packages/.../tcl/style-procs.tcl

10:51 am

gustafn

more beautification of admin pages, make interface more consistent

- -1
- +1
/openacs-4/packages/acs-lang/www/admin/edit-history.adp
- History
- Source
- Diff
/openacs-4/packages/.../edit-history.adp
- -1
- +1
/openacs-4/packages/acs-lang/www/admin/edit-history.tcl
- History
- Source
- Diff
/openacs-4/packages/.../edit-history.tcl
- -1
- +2
/openacs-4/packages/acs-lang/www/admin/index.tcl
- History
- Source
- Diff
/openacs-4/packages/.../admin/index.tcl
- -18
- +19
/openacs-4/packages/acs-subsite/www/admin/applications/index.tcl
- History
- Source
- Diff
/openacs-4/packages/.../index.tcl

9:38 am

trenner

There is no year zero in the Gregorian calendar

- -2
- +2
/openacs-4/packages/acs-templating/tcl/date-procs.tcl
- History
- Source
- Diff
/openacs-4/packages/.../tcl/date-procs.tcl

5:17 pm

gustafn

prefer dict over anonymous array

- -2
- +6
/openacs-4/packages/xooauth/tcl/oauth-procs.tcl
- History
- Source
- Diff
/openacs-4/packages/.../tcl/oauth-procs.tcl
- -2
- +2
/openacs-4/packages/xooauth/tcl/oauth-server-procs.tcl
- History
- Source
- Diff
/openacs-4/.../oauth-server-procs.tcl

OpenACS

Line History

Stats

Commits this week: 11

Commit Activity

52 week commits volume

Commits by day

Commits by hour

Commit calendar

Most active committers (90 days)

gustafn

raulr

gustafn

gustafn

gustafn

gustafn

trenner

trenner

gustafn

gustafn

gustafn

gustafn

gustafn

gustafn

trenner

gustafn

trenner

trenner

gustafn

gustafn

gustafn

hectorr

hectorr

gustafn

gustafn

gustafn

gustafn

gustafn

trenner

gustafn