Search · Index

Weblog

Showing 1 - 10 of 822 Postings (summary)

OpenACS TODO List

Created by Dave Bauer, last modified by Gustaf Neumann 08:01 PM, Sunday

Release Status

See openacs-release-status

Development is taking place in the oacs-5.9 branch.

OpenACS Version 5.9.1 agenda/wish list

  • Refactoring of rich-text editor integration
    • Driving force: Debian packaging
    • we have now the new packages
      • richtext-xinha
      • richtext-tinymce
      • richtext-ckedito4
  • SQL:
    • further cleanup of .xql files (like done for acs-subsite in 5.9.0)
      • so far, 36 files deleted
      • removed more than 100 obsolete named queries
      • stripped misleading SQL statements
    • mark redundant / uncalled sql functions as deprecated
    • simplify core sql functions by using defaults
      (content_item__new has 12 versions, content_revision__new has 7 versions in OpenACS 5.9.0 and earlier)
  • CR hygienics (reduce cr bloat)
    • provide means to avoid insert/update/delete operations in the search queue: OpenACS adds for every new revision often multiple entries to the search_queue, without providing any means to prevent this. This requires for busy sites very short intervals between queue sweeps (otherwise too many entries pile up). Another consequence is that this behavior keeps the PostgreSQL auto-vacuum daemons permanently active. Many of these operations are useless in cases where the content repository is used for content that should not be provided via search. The changed behavior should honors a publish-date set to the future, since it will not add any content with future publish dates to the search-queue.
    • insert into cr_child_rels just when needed. cr_child_rels provide only little benefit (allow to use roles in a child-rel), but the common operation is a well available in cr_items via the parent_id. cr_child_rels do not help for recursive queries either. One option would be to add an additional argument for content_item__new to omit child-rel creation (default is old behavior) and adapt the other cases.
  • Final cleanup of permissions:
    • Get rid of acs_object_context_index on pg: huge table,
    • expensive maintenance, used only in a few places,
    • used as well by Oracle (effort has to be determined)
  • Data bloat hygiene:
    • rethink package parameter and portlet parameter data models
  • say farewell to CVS

OpenACS Version 5.9.0 Agenda

  • Slimming pg SQL core:
     
    • Part 1: improve performance of object deletion
      • remove manual delete operations from acs_object__delete()
         
    • Part 2: content-repository - manual referential integrity management
      • handle referential integrity via pg's integrity constraints rather by functions cr_revision_del_ri_tr, cr_revision_ins_ri_tr, cr_revision_up_ri_tr, cr_revision_del_rev_ri_tr, and cr_revision_del_rev_ri_tr
      • fix broken/missing upgrade scripts from earlier updates
         
    • Part 3: content-repository - manual deletions and nulling
      • Removed manual nulling of live_revision and latest_revision
      • Removed manual deletion of old_revision and new_revision in cr_item_publish_audit
      • Removed manual deletion of item_id in cr_item_publish_audit, cr_release_periods, cr_item_template_map, and cr_item_keyword_map
      • Removed manual deletion of direct permissions
      • Added missing index for child_id to cr_child_rels.
         
    • Part 4: get rid of tree_sortkey in acs-objects
      • Check/fix dependencies in oacs-5-8 packages
      • Get rid of broken/uncalled functions using the column
      • Check/fix dependencies in other packages
      • Remove tree_sortkey and max_child_sortkey
  • Web interface:
    • Improve client performance
      • moving core.js from head to body
      • provide kernel parameter to control expiration date for /resources/
    • Protect against more XSS attacks
    • Improved HTML validity (see oacs-5-9-html-validity for the checklist)
    • Add lightweight support for ckeditor4 for templating::richtext widget (configurable via package parameter "RichTextEditor" of acs-templating. ckeditor4 supports mobile devices (such as iPad, ...).
    • New kernel parameter ResourcesExpireInterval to control expiration dates of resources
       
  • Templating:
    • Improve theme-ability
      • Move more information into theme packages in order to create responsive designs
      • Reduce hard-coding of paths, HTML etc.
    • Dimensional slider reform (ad_dimensional):
      • Remove hard-coded table layout from dimensional slider
      • Add backwards compatible templates
      • Move hard-coded styles into theme styling
      • Remove obsolete comments from ad_dimensional
    • Complete template variable controls (adding noi18n, addressing bug #2692):
      • @foo@: perform html quoting and internationalization
      • @foo;noquote@: perform internationalization
      • @foo;noi18n@: perform html quoting
      • @foo;literal@: perform neither html quoting nor internationalization
    • Improved Russian nationalization
    • Support of expiration dates and passwords for signed variables
       
  • Documentation:
    • Use ACS templating for the (static) OpenACS documentation to provide a more consistent layout and user experience.
    • Make pretty-naming of acs-core packages more consistent.
       
  • Misc improvements:
    • Mark unused functions of acs-tcl/tcl/table-display-procs.tcl as deprecated
    • Reduce number of muxtex locks by pre-request and per-thread caching
    • Improved development und debugging aids:
      • use "ad_log error|warning  .... " instead of "ns_log" to include information of request and callstack in error.log
      • ability to display ns_log entries caused by a request in ds-footer
      • ability to save delivered web pages in file-system for testing HTML validity (especially for admin pages, which are unaccessible for external validity testers)
    • More bug fixes
       
  • Version numbers:
    * require PG 9.0 (End Of Life of PostgreSQL 8.4 was July 2014)
    * require XOTcl 2.0 (presented at the Tcl conference in 2011).
     

OpenACS Version 5.8 Agenda

  • PostgreSQL 9.2+:
    • Get rid of nonstandard backslash escapes in function definitions
    • Change quote syntax in sql files (single quotes around the functions) to recommended PostgreSQL quoting using (recommended since pg8.0, jan 2005). li>Drop aliases in favor of named function arguments (recommended since pg8.0)
    • Fix wrong function_args, add missing function_args, align default semantics with the defaults in pg (providing "null" as default means the argument is optional)
    • Make OpenACS loadable without any tweaks in the pg config files
  • Use recursive queries for e.g. permission lookup to avoid performance problems in pg 8.4 and newer)
  • ADP: Use byte-compiled function wherever possible in compiled adp-code, support "@var;literal@" when neither quotes nor localization is needed in compiled adp-code
  • Improve support of NaviServer
  • Switch to Tcl 8.5 (TIP #143)
  • Improve scalability: Reduce mutex-stress on util-memoize cache and for cache maintenance in general
  • Code cleanup:
    • Get rid of calls to deprecated code (e.g. ad_tables, ad_parameter, ... in acs-core and main packages)
    • Improve awareness of usage of deprecated code (complain to error.log)
    • Use Tcl 8.5 idioms
    • cleanup of various http-client approaches and introduce a common implementation util::http::get and util::http::post; get rid of other usages, mark these as deprecated
    • page-contracts: Perform checking of all ids in acs-core and main packages to improve error messages and to improve security
  • OpenACS 5.8.1 should be released with main packages

OpenACS Version 5.7 Agenda

  • Support for object management in core 
  • Postgresql 9.0
  • TinyMCE update (fix for random JS injection issue, affecting Safari)
  • Fix for "remember me" issue
  • WCAG2-AA

OpenACS Version 5.6 Agenda

  • global parameters
  • package "embeds" 
  • fix search by package_id
  • core works on Postgresql 8.4

OpenACS Version 5.5 Agenda

  • DONE: Postgresql 8.3 support: especially regarding tsearch2
  • DONE: acs-authentication:
    • fix upgrade, add conditional logic into site wide tcl library so that you can login to perform the rest of the upgrade
  • DONE: tinymce:
    • upgrade to 3.1.1 + language packs
    • HTML Strict cleanup
    • create appropriate parameters for its config in acs-templating
  • acs-mail-lite:
    • DONE: cleanup duplicated procs (bounce)
    • review the parsing of bouncing messages (case user_id 0)
    • DONE: rollout support
  • Documentation improvements as discussed at the Guatemala conference:
    • Make current openacs.org/test-doc source for static files included in the release and provide ease means to achieve this for the release manager
      • DONE (CVS HEAD): Provide in XoWiki an alternative table of contents by nested UL/LI (without JavaScript) for static output
      • DONE (CVS HEAD): Provide in XoWiki a prototype page similar to "book" without edit-buttons etc., using the new table of contents
    • Update openacs.org/test-doc where necessary (incomplete list):
      • DONE: Fix the page ordering for the higher chapters (the original document  had no 3rd. level numbering)
      • update pages in /test-doc which are more recent in openacs/xowiki
      • bump version numbers of OpenACS, where appropriate (some places talk about openacs-5-0, others about openacs-5-1, oacs-5-2-3rc1 or 5-3) 
      • some version numbers of the required components are quite a mess. e.g. some parts say that Postgres 7.3 is required,  some examples talks about postgres 7.4.7 and 8.2.4 in the same listing.
      • also the dotlrn version numbers are old dotrln-2.0
      • Tcl version numbers should be 8.4.19
      • The install section for XOTcl is missing in II.3.4
      • remove ChangeLog from documentation
      • find some other prominent place for the ChangeLog
      • Fix indenting in examples  (e.g. in Rocael's robust web    development framework)
      • overthink Win2000 guidelines.  There are the native compiled packages from Maurizio, including everything from postgres, xotcl ....
    • It is desired to find a single person responsible for overworking the documentation, however, funding is unclear.

OpenACS Version 5.4 Agenda

  • DONE: HTML Strict (openacs core)
  • DONE: finish template::head (daveb)
  • DONE: test acs-mail-lite (complex send)
  • DONE: test notifications (complex send)
  • DONE: new XinHA release, get rid of RTE & HTMLarea, test on Safari
  • DONE: Form builder: add the ID attribute  to the form tag
  • DONE: acs-lang - keepLocalTranslationP to be removed
  • DONE search and intermedia-driver: move intermedia specific stuff to its package
  • DONE: acs-mail-lite - patch for mime::qp_encode bug

Future

  • Split Xinha and TinyMCE into seperate packages see: http://openacs.org/forums/message-view?message_id=2750958
  • Usability ("my account" page)
  • XHTML ?
  • Testing and documentation for recording automated tests using the firefox plugin and the upload feature for it new in automated testing. Probably needs some polishing and should be talked to with Quest who are getting into this.
  • Parameter Scope Patch http://openacs.org/bugtracker/openacs/patch?patch%5fnumber=845 
  • Remove obsolete master template stuff (default and site master template in openacs-4/www, acs-subsite's group-master, and related CSS and images).  Probably in the version which follows 5.5 (probably 5.6).  Also remove the compat master stuff at the same time.

Things to merge into this page

Old 5.0 Roadmap  discussion 

Roadmap discussion 1 

 [Ideas for Boston 2006 Future of OpenACS discussion]

My previous attempt at collaborative roadmap 

A .LRN Roadmap 

Another .LRN Roadmap discussion 

 

What's on this page?

This page should include work that is planned on and has someone comitted to working on it.

Windows-OpenACS

Created by OpenACS community, last modified by Maurizio Martignano 04 Feb 2016, at 05:19 PM

OpenACS can be installed as native Win64 applications for Windows 8.1, Windows 10, Windows Server 2012 R2 and Windows Server 2016 TP using the Windows-OpenACS distribution.

The current release is Windows-OpenACS version 3.0.2 (released February 2016).

For more details, http://www.spazioit.com/pages_en/sol_inf_en/windows-openacs_en/ .

OpenACS compatibility matrix

Created by Joel Aufrecht, last modified by Gustaf Neumann 29 Jan 2016, at 12:21 PM

OpenACS requires, at a minimum, an operating system, database, and web server to work. Many additional programs, such as a build environment, Mail Transport Agent, and source control system, are also needed for a fully effective installation.

Table 2.2. Version Compatibility Matrix

OpenACS Version 3.2.5 4.5 4.6 4.6.1 4.6.2 4.6.3 5.0 5.1 5.2 (core) 5.3 (core) 5.4 (core) 5.5 (core) 5.6 (core) 5.7 (core) 5.8 (core) 5.9 (core)
AOLserver 3 Yes No
3.3+ad13 Maybe Yes No
3.3oacs1 Maybe Yes No
3.4.4 No
3.4.4oacs1 Maybe Yes No
3.5.5 Maybe Yes No
4.0 Maybe Yes No
4.5 No Yes
NaviServer 4.99.4 - No Maybe Yes
Tcl 8.4 Yes No
8.5.4 - Maybe Yes
XOTcl 1.6 - Yes No
2.0 - No Yes
PostgreSQL 7.4 No Yes No
8.0 No Maybe Yes Maybe No
8.1 No Yes Maybe No
8.2 No tar: no, CVS: Yes Yes Maybe No
8.3 No Yes Maybe No
8.4 No Yes No
9.0 - 9.5 No Yes
Oracle 8.1.6 Maybe Yes Maybe
8.1.7 Maybe Yes Maybe
9i No Yes Maybe
10g No Yes Maybe
11g No Maybe

The value in the cells correspond to the last version of that release, and not necessarily to all minor releases. Empty cells denote an unknown status.

Upgrade to OpenACS 5.8

Created by Gustaf Neumann, last modified by Gustaf Neumann 22 Jan 2016, at 08:41 AM

OpenACS (5.8) works with PostgreSQL 9.1 or newer out of the box, no special configurations in postgresql.conf are needed like with previous versions.

To work with PostgreSQL 9, one has to use an actual postgres driver:

OpenACS core + commonly used packages (search, forums, xowiki, ...) have been tested with PostgreSQL 9.2.4

For new installs, OpenACS 5.8 works without further considerations. When upgrading the database to PostgreSQL 9.*, one has to keep in mind, that not only the sql-install scripts have to be SQL 9.* compatible, but as well the update scripts (migration scripts). During the work for making OpenACS compatible with PostgreSQL 9.*, we did not update (all) of the migration scripts (e.g. kernel upgrades) of earlier versions.

Therefore, the following upgrade steps are recommended: 

  • For users of PostgreSQL versions earlier than 8.4:  In case you run a version of OpenACS earlier than 5.5 then upgrade first your code to OpenACS 5.5 (oacs-5-5 branch from the CVS Repository), then dump your database and reload it into pg 8.4 (e.g. into pg 8.4.17, which is the oldest still supported version from postgres, end-of-life July 2014). Then continue with the next step below.
     
  • For users of PostgreSQL version 8.4 (or newer before 9): Make sure, you are running Tcl 8.5, then get OpenACS 5.8.0 (or newer) and upgrade OpenACS and your used packages (e.g. via acs-admin/apm + "install packages"). Then dump the database and restore it in pg 9.*.

 

Install OpenACS with NaviServer from Scratch

Created by Gustaf Neumann, last modified by Gustaf Neumann 22 Jan 2016, at 08:38 AM

This page describes how to install OpenACS with NaviServer on Unix-like systems (e.g. Linux, Mac OS X, Solaris, OmniOS) by compiling all but PostgreSQL from scratch, guided by script that collects the components from various sources, compiles it, etc.

The installation is done in two steps:

  • install-ns.sh : Install NaviServer and its components for a PostgreSQL installation from scratch by obtaining the relevant sources and compiling it. The script assumes PostgreSQL to be installed (or obtainable via package managers), but installs all other components by obtaining it from the source repositories and compiling it from scratch (e.g. Tcl, tcllib, tDOM, libthread, nsf/XOTcl 2).
     
  • install-oacs.sh : Install OpenACS from CVS/git. This script configures a (pre-installed) PostgreSQL installation for
    OpenACS, adds hstore, installs OpenACS core, basic OpenACS packages, xowiki, xowf and optionally dotlrn from CVS/git and generates a config file and startup files (for Ubuntu and Fedora Core). The script assumes a pre-existing NaviServer installation, installed e.g. via install-ns.sh

 These install scripts are frequently updated when now components are released or problems are detected (commit log ).

If you open the links above, use save-as in the browser to save the files. Alternatively, download the files as .zip file or clone the repository via GitHub .

   cd /usr/local/src
   git clone https://github.com/gustafn/install-ns
   cd install-ns

The scripts work under a typical Linux installation (e.g. Ubuntu, Fedora Core) as well as on Mac OS X or on OmniOS. The scripts are tested with PostgreSQL 9.1, 9.2, 9.3, 9.4 and 9.5 on Ubuntu 12.04, 13.04, 14.04, Fedora Core 18 and CentOS 7.

On a a fresh Ubuntu installation, you should be able to download the two scripts from this page and install OpenACS with NaviServer in the following steps:

   sudo bash

   bash install-ns.sh
   bash install-ns.sh build

   bash install-oacs.sh
   bash install-oacs.sh build

After running both scripts in the default configuration you will see e.g. on Ubuntu 14.04

Congratulations, you have installed OpenACS with NaviServer on your machine.
You might start the server manually with
    sudo /usr/local/ns/bin/nsd -t /usr/local/ns/config-oacs-5-9.tcl -u nsadmin -g nsadmin

or you can manage your installation with upstart (Ubuntu/Debian). In this case, you might use the following commands

    initctl status oacs-5-9
    initctl start oacs-5-9
    initctl stop oacs-5-9

To use OpenACS, point your browser to http://localhost:8000/ The configuration file is /usr/local/ns/config-oacs-5-9.tcl and might be tailored to your needs. The generated startup file is in /etc/init/oacs-5-9.conf. The access.log and error.log of this instance are in /var/www/oacs-5-9/log

On Fedora, the startup commands for systemd are

    systemctl status oacs-5-9
    systemctl start oacs-5-9
    systemctl stop oacs-5-9

The generated startup file for RedHat/Fedora is in /lib/systemd/system/oacs-5-9.service

Installing OpenACS on Arch Linux

Created by Markus Moser, last modified by Markus Moser 13 Jan 2016, at 03:17 PM

Prerequisites

Make sure the Arch User Repository is set up correctly. On a fresh installation, follow the instructions as described here: https://wiki.archlinux.org/index.php/yaourt

or, in greater detail, here: https://www.digitalocean.com/community/tutorials/how-to-use-yaourt-to-easily-download-arch-linux-community-packages

 

Installation

Let's start with installing postgres. Theoretically, you could skip this step, since postgres is automatically pulled in as a dependency of openacs. In case anything goes wrong with your postgres installation, OpenACS will run into errors when trying to setup the database after installation.

➤  sudo pacman -S postgresql

Let's start the service and check if it runs correctly.

➤  sudo systemctl start postgresql      
➤  sudo systemctl status postgresql                                                                                                                               
● postgresql.service - PostgreSQL database server
   Loaded: loaded (/usr/lib/systemd/system/postgresql.service; disabled; vendor preset: disabled)
   Active: active (running) since ....
 

Now let's install OpenACS.

➤  yaourt -S openacs

 

After the installation we can start it conveniently with systemd:

➤  sudo systemctl start openacs

➤  sudo systemctl status openacs

 

 

Installing OpenACS

Created by OpenACS community, last modified by Markus Moser 13 Jan 2016, at 03:14 PM

There are many ways to get OpenACS working for you quickly and/or easily. See Try OpenACS for demonstrations and hosting solutions.

Packaged installations

For platforms like Linux/Ubuntu, Linux/Debian, FreeBSD or Windows, one can use the packaged solutions:

Generic installation scripts

For many Linux platforms (e.g. Ubuntu, Debian, Fedora), one can use the generic installer that compiles all base components (using Naviserver) and creates users/groups as needed; which works with Postgres 9.2 or newer. These install scripts can be as well used on Mac OS X, when MacPorts  are installed. These installer scripts are regularly updated.

The following alternative script installs aolserver and the contained modules from sources. It assumes, that PostgreSQL is already installed:

  1. Install AOLserver: http://openacs.org/storage/view/aolserver/install.tgz 
  2. Install OpenACS: en:openacs-subsystem-install

Manually installing OpenACS:

These are the steps involved in setting up OpenACS. Before beginning, read about ways of getting help (en:docs-admin-help) during installation. Also, read the documentation completely before beginning, to minimize the chance of any surprises during installation.

  1. Prerequisites to installing OpenACS
  2. OpenACS reference platform
  3. Install a *nix based operating system
  4. Get the code
  5. Install Oracle
  6. Install PostgreSQL
  7. Install Tcl
  8. Install AOLserver
  9. Install OpenACS distribution

These pages contain notes where installing OpenACS on a specific OS different from the *nix standard installation instructions (above).  These notes also refer to helper scripts and automated installers that can really simplify installation:

Tcl Procs

Created by Rocael Hernández Rizzardini, last modified by Gustaf Neumann 24 Dec 2015, at 11:06 AM

  • Use namespace

    Define your procs with with a namespace like mypackage::foo_proc. Here is a dicussion about this. Check many examples in the code, example:

    namespace eval auth {} 
    
    ad_proc -public auth::require_login { 
         {-level ok} 
         {-account_status ok} 
      } { 
         doc...  
         @return something 
         @see ad_script_abort 
      } { 
      ... proc body 
    }
    
  • Use procs safely and their safer variations to help keep code robust and avoid security issues.

    Particularly in cases, where user_input is processed, be sure to avoid executing unwanted code. Use the Tcl expand operator {*} instead of eval. Use
        {*}$cmd
    instead of
        eval $cmd
    For legacy code, you might use  util::safe_eval instead of eval in such cases; subst_safe precedes meta characters with backslashes.

  • Use named parameters whenever possible 

    Define named parameters on your procs so parameters will not be mixed up if somebody makes a mistake on passing the order of parameters. Also this makes the proc easier to add additional parameters in the future if needed.

    Use:

       ad_proc proc_name { {-parent_id pid} {-child_id cid} } ...

    and not

       ad_proc proc_name {pid cid} ...

    This way developers will need to call proc stating explicitly which parameter are passed. This is especially useful when some parameters are optional.

    Also, when calling a proc in your tcl script, is recommended to write one parameter per line like this:

       set my_var [proc_name  \ 
                        -parent_id $pid \ 
                        -child_id $cid]

    Rather than:

       set my_var [proc_name -parent_id $pid -child_id cid]

    Again, this helps to make the code more clean and readable.


  • Use ad_proc to define your Tcl procs

    Make use of ad_proc. And make use of the self documentation facility of ad_proc.

    	ad_proc foo {}
    	   Use this area to document
    	} 
    	   # .... your implementation of proc foo
    	}
    
  • This way the API browser will pick up your documentation automatically. Is encouraged to use automatic api-doc documentation that ad_provides, such as: @author, @return, @see

  • Avoid using upvar

    Try to avoid using upvar. If needed pass in a parameter that specifies the upvar name. This way the one using your proc has option to name his/her variable. Ex.

        ad_proc upvaring {-upvar_name:required} {
            upvar $upvar_name local_var
        }
    
  • Use modern Tcl idioms

    Do not use "==" in comparing strings. Using "if {$string == "foo"}" tries to make a numeric comparison first. Instead make use of "if {"foo" eq $string}" or if you need the negation "if {"foo" ne $string}".

    Do not use "if {[lsearch -exact $list $element] > -1}", but use "if {$element in $list}" instead, or "if {$element ni $list}" in case a "not in" test is required.

  • Always "Return" at the end of your proc

    And if you have to return more than one variable, use associative arrays, which can be extended by additional fields without breaking code

    So instead of this:

       ad_proc ... {
          ..... 
          return [list $creation_status $creation_message ...]
       } 
    use key/value pairs or Tcl arrays to group related information:
       ad_proc ... {     
          array set creation_info {
                     creation_status {}
                     creation_message {}
                     element_messages {}
                     account_status {}
                     account_message {}              
          } 
          .....     
          return [array get creation_info] 
       } 
  • ... or even better: use Tcl dicts
       ad_proc proc ... {} {
    	  set creation_info [dict create  \
    	               creation_status {}   \
    	               creation_message {}  \
    	               element_messages {}  \
    	               account_status {}    \
    	               account_message {}   ]
    	  ....     
          return $creation_info 
      }
    
    
  • Read the Tcl Style guide

    This is the Tcl styleguide (PDF), try to apply relevant guidelines. In particular chapter 4,5 and 7

Tcl pages

Created by Rocael Hernández Rizzardini, last modified by Gustaf Neumann 24 Dec 2015, at 10:48 AM

  • Always use Page Contracts:


    All Tcl-implemented pages should use page contracts such as e.g.:

    ad_page_contract {
        ... purpose ...
        @author ...
        @creation-date ...
    } {
        object_id:naturalnum,notnull
        {verbose:boolean false}
        {color:word ""}
    }
    
  • Constrain arguments passed via query or form variables as strong as possible


    All user provide content is potentially a security thread, since these values might lead to SQL-injection or XSS attacks. Therefore constrain the passed arguments as far as possible (see above), and validate the values further if necesary.

  • Avoid putting in HTML in Tcl scripts


    Try to make use of OpenACS Templating  or http://your.openacs/doc/acs-templating/. If you can't avoid it try to isolate the HTML into a proc so editing the layout will be easier.

  • Avoid Quoting Hell


    If programmatic HTML-code generation is required, make sure that everything is quoted sufficiently and use the Tcl command subst to improve readability:

    set href [export_vars -base admin/index -vars {foo bar]
    set html [subst {
       <a href="[ns_quotehtml $href]">Hello world</a>
    }]
    
  • Read the Tcl Style guide


    This is the Tcl styleguide (PDF), try to apply relevant guidelines. In particular chapter 4,5 and 7.

ADP Files

Created by Rocael Hernández Rizzardini, last modified by Gustaf Neumann 24 Dec 2015, at 10:12 AM

  • Avoid putting in Tcl code on ADP pages if possible

    Although AOLserver/NaviServer ADP supports this try to make use of OpenACS Templating or http://your.openacs/doc/acs-templating/ 

     

  • Quote in the master, pass "properties" literally from slave adp files

    when variables are used in templates without modifiers (marked with a ";") then the values of the variables are internationalized and html-quoted. The substitutions should be done at the place, where the variables are actually used, which is for "properties" in the master templates. That the places, where the variable values are just passed on, the modifier ";literal" should be used to prevent quoting and internationalization.

    Master:
       <head> 
       <title>@doc.title@</title>
       </head> 
       <body bgcolor="#ffffff"> 
       <h1>@heading@</h1> 
       <slave> 
       </body>
    Slave:
       <master> 
       <property name="doc(title)">@title;literal@</property> 
       <property name="heading">@title;literal@</property> 
       ...
    Passing arguments to ADP includes:
       <include src="name-of-included-adp" ... var="@value;literal@" ...>
    
    or one can pass variables via reference to the include
       <include src="name-of-included-adp" ... &="varName" ...> 
  • Pass always the "context" and "doc(title)" properties to the site master template
    Example:
       <property name="doc(title)">@title;literal@</property>
       <property name="context">@context;literal@</property>
  • Quote HTML attributes

    Quoting HTML attribute values improves the safety against XSS attacks, especially when the attribute values are variables. Double quotes are preferred over single quotes, both are fine.

Next Page
Previous Month February 2016
Sun Mon Tue Wed Thu Fri Sat
31 1 2 3 (1) 4 5 6
(1) 7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 1 2 3 4 5

Popular tags

ad_form , ADP , ajax , aolserver , asynchronous , bgdelivery , bugtracker , CentOS , COMET , cvs , debian , emacs , fedora , FreeBSD , hstore , includelets , install , installation , installers , install-ns , javascript , libthread , linux , monitoring , munin , NaviServer , nginx , nx , oacs-5-8 , OmniOS
No registered users in community xowiki
in last 30 minutes
Contributors

OpenACS.org