• last updated 4 hours ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
improve validation

Gradually improve usability and security of the calendar item new/edit form by adding additonal input validations. Prefer built-in input validation over custom validation. Also make sure all needed Javascript is in place.

    • -23
    • +29
    /openacs-4/packages/calendar/www/cal-item-new.tcl
Fix typo

not necessary to check if format is a list

move the check for the provided format on richtext level

Fix typo

Make ::xo::db::require package a shorthand for ::xo::library require, which will remember the dependency

This will also make sure that dependent files are reloaded when a dependency is reloaded

Depend specifically on the form-field-procs from xowiki

tighten page contract

Depend specifically from the form-field-procs file to support the case of reloads

Don't require the whole xowiki, as it is already a dependency

    • -1
    • +0
    /openacs-4/packages/xowf/tcl/xowf-procs.tcl
Make xowf an explicit dependency, so that we don't need to require xowf and xowiki in the tcl files

increase robustness

New feature: cookie namespaces

So far, all OpenACS versions used "ad_" as a prefix for cookies (such

as ad_login, ad_session_id, ...). In certain situations this can lead

to confusion, since cookies are managed by browsers via domain names,

and running multiple OpenACS instances in the same domain will cause

overwriting of such cookies by these instances. The can happen e.g.

when running multiple instances on the same machine, or using

port-forwarding to virtual machines/containers, using reverse proxies,

etc. Note that the cookie overwriting problem does not exist for

host-node-mapped subsites, since host-node-mapping depends on domain

names.

One could consider using the port in the cookie name (as

sometimes noted as an option), but this would not work, in case the

same server should be reachable over multiple ports.

Therefore, one can now specify a "CookieNamespace" in the OpenACS

configuration file, which is per default "ad_", which is sufficient

for the majority of installations. In cases, where it is needed, a

different CookieNamespace can now be configured.

To manage the cookie names internally, OpenACS provides a new API call

security::cookie_name to derive the namespaced cookie name from a stem.

Snippet of the OpenACS configuration file for setting the CookieNamespace

#---------------------------------------------------------------------

# OpenACS specific settings (per server)

#---------------------------------------------------------------------

ns_section ns/server/${server}/acs {

ns_param CookieNamespace "ad_"

...

}

cleanup: the updated version of the site-note code is appartently stable enough also for bootstrap situations

    • -16
    • +9
    /openacs-4/packages/acs-tcl/tcl/cluster-init.tcl
remove commented out coude

Provide better debug info in case "ns_parseurl" fails inside util::split_location

Factor our private function "util::ns_set_pretty_print" which might be

used also on other occasions.

use bootstrap button classes for print button in the exam protocol (many thanks to Monika Andergassen for the suggestion)

replace non-existing class "btn-small" (for bootstrap3) by non-existing class "btn-secondary", which shows in the right color and is future proof (introduced by bootstrap 4).

prevent double-sorting

some more fine-tuning

Make use of extended functionality of OrderedComposite->orderby with -type argument

bumped version number to 0.64

Perform stricter checking of parent_ids

bump version number of xowf to 5.10.1d34

    • -1
    • +1
    /openacs-4/packages/xowf/tcl/xowf-procs.tcl
use preferred idioms to use btn-default/btn-secondary for bootstrap3/bootstrap5

further tighten value checker

Perform stricter checking of parent_ids

bump version number of xowiki to 5.10.1d22

    • -3
    • +3
    /openacs-4/packages/xowiki/xowiki.info
    • -6
    • +8
    /openacs-4/packages/xowiki/tcl/package-procs.tcl
Added NSF value-checker "cr_item_of_package" for quick checks for valid parameters

This checker is especially useful when processing external values

(query-parameters etc). Since the check involves a DB lookup, it is

no suited inside busy loops.

bumped version number of xotcl-core to 5.10.1d6

whitespace changes

Prefer "... orderby ... -type ..." over mixin for sorting

Make use of extended functionality of OrderedComposite->orderby

- use integer comparison for "seconds" in participants table

- bumped version number to 5.10.1d33