This update (4bed6c98f) brings with it the following changes:

Security issues

• Unicode control characters are now stripped from plain-text input fields to protect against certain types of injection attacks.

Performance improvements

• The text-to-speech (TTS) feature now uses iterative tree traversal instead of recursion to mark all the words in the page. This should make it more performant because it avoids certain hard-to-optimize JavaScript features (arguments.callee).

New features

• Added script used to transcode all RIFF WAVE objects to MP3. This script will run regularly to ensure uploaded wave files don't take up too much space.

Enhancements

• Our TinyMCE plugins, the object/container selector and quiz editor, have been refactored extensively.
  • The code is now much more understandable and layout has been cleaned up quite a lot.
  • Various unimplemented behavior has been removed.
  • The template code parser has been made much more robust and simpler, allowing for further improvements in the future. It has also been separated out into a separate TinyMCE plugin.
  • Resizing of the dialog windows now expand the appropriate sections properly.
  • Popup windows now show up on the same monitor as the main window in multi-monitor setups.
  • Styles for these two dialog windows are in the behavior stylesheet, so that they are always available and consistent on any site.
  • User interfaces for the plugins are now implemented in the request_selector and request_quiz_editor templates, allowing for better localization and more.
  • TinyMCE language packs are no longer needed, allowing for somewhat faster loading.
• Quiz editor playback language now defaults to current content language.
• Quiz editor preview feature is now located on the quiz type image instead of a separate button.
• Object selector preview thumbnail no longer generate invalid size warnings because of CSS units.
• The existing HTML5 uploader is used in the object selector which enables drag-n-drop uploading, progress indicator and multiple file upload during file selection.
• The object/container selector is now easier to use from other code. The metadata for the selected element in the selector can now be dispatched to a user-supplied callback function.
• It is now possible to navigate in the object/container selector using the keyboard. Arrow keys, Up/Down, Home/End and Enter/Backspace can be used to navigate the tree with ease.
• The tab pages in the object selector now uses jQuery UI tabs instead of TinyMCE tabs.
• Object selector now uses browser-native color selector.
• There is still an issue in the object/container selector where double-click events are not properly handled on mobile devices. They trigger page zoom instead. This is not a new issue introduced by the refactoring.
• Simplified code in PORTFOLIO.is_uuid() and PORTFOLIO.is_integer().
• Disabling/enabling DOM elements is now done using jQuery .prop() method.
• The selector request handler now has a boolean variable called tinymce_mode which is set to true when called from the TinyMCE plugin.
• The list_log request handler has been converted to use jQuery DataTables plugin, more consistent with other user interfaces. Now allows sorting on date.
• Improved talkbook feature to not require sound files to be present on web worker nodes, simplifying deployment. The talkbook feature can now be automatically tested. Multiple variants of the same word is now made available to code that uses it instead of just the first variant.
• The login page displayed when the anonymous user doesn't have access now always contain a link to the forgotten password page, allowing for easier password recovery.

Bugfixes

• Fixed invalid CSS border shorthand syntax.
• An obscure bug when using TT BLOCK constructs together with process_template() TT function has been fixed.
• Fixed a long-standing layout issue with the element_nav_course template.
• Adjustment functions that work with the standard layout exit early if DOM elements are not present in the page.
• Added support for Spanish user-interface language properly. It impacted CEFR sites.
• Tables rendered using jQuery DataTables now support Spanish language.
• Tightened the valid email regular expression, avoiding some forms of invalid emails, minimizing mail server errors.

Feature removals / deprecations

• The WebFX ColumnList library is no longer used anywhere, so it was removed.
• The pf_ordbok TinyMCE plugin was no longer used anywhere. It has been removed.
• Renamed use of tinyMCE global JavaScript variable to tinymce. This should've been done when migrating from TinyMCE version 2 to version 3.
• The object/container selector UI is no longer implemented using an XSL template. The list_element XSL template was removed.
• The update metadata on server and create folder features in the object/container selector has been removed. They never did anything.

There was a small issue with formatting of timestamps coming from the database that was not fixed in the update that was deployed yesterday. This should now be fixed with release cde6b8e.

Today's update (0863168) brings with it the following changes:

Security issues

• The HTTP request handler read_config is now accessible by anonymous users when you're fetching global or site configuration. This fixes an issue with DrillPro apps on Servus.
• Talkbook sounds were previously not available to d-bok reader because of a HTTP CORS issue. This should now be fixed.
• All Unicode text input should now be normalized to the NFC form to avoid hard-to-notice comparison bugs.

New features

• A new template handler, current_timezone is available, which includes the time zone value from the browser (or a default value if not yet set). The default time zone can be set with the global configuration variable timezone.
• The test suite can now test job queue and web worker behavior better, allowing for improved code coverage.

Enhancements

• Timestamps are now shown in the time zone the user expects. This is implemented in the template handler human_date, which is used in most situations to display timestamps. Timestamps generated before this update will show up in the UTC time zone, regardless of what time zone the user uses. The current time zone is now shown in the standard footer template, allowing for easier time zone debugging.
• The sort_object template handler now supports locale-aware sorting.
• The unpack HTTP request handler now always dispatches to an async job.
• The job queue has been reimplemented using Redis queue and distributed locking primitives.
• PORTFOLIO.session_set_var JavaScript function now supports async operation.

Feature removals / deprecations

• The job queue is no longer implemented using Beanstalk, so it has been completely removed.
• The unpack HTTP request handler no longer supports unpacking archives without using async job.

Today's update (e9988b9) brings with it the following changes:

New features

• New request handler for images was added that make it possible to quickly measure the dimensions of a rectangle in an image which can be used directly in the findinpicture app. This handler is available in the edit top menu. A copy-to-clipboard button is also available which is focused after a selection is done. Some SVG images are not compatible with this rendering method and can't be properly measured. This issue might be fixed in a later update.
• Added user client-side event tracking using HeapAnalytics.com. This can be selectively enabled for a site by setting the heap_analytics_id configuration variable.
• When you're creating exercises (app-input objects) it is now possible to quickly look up the app you want to use with the app selector located next to the custom_init input box in the object editor.

Enhancements

• The list_config request handler has been completely rewritten to use the new list_config template function.

Bugfixes

• When new objects were created a warning about broken default permissions was shown. This should no longer happen if no default permissions are set.

Feature removals / deprecations

• The object attributes structure, version and aggregation_level was removed, along with their backing database columns. They have never been used for anything useful. They were removed to save space and decrease user interface complexity.

Today's update (a1a3d64) brings with it the following changes:

New features

• It's now possible to save a set of default permissions which will be applied whenever you create new objects or containers.
  • These permissions are also applied when you unpack zip files or upload files directly.
  • When you create voice recordings using the recorder app these default permissions are not applied.
  • If you unpack a zip file over existing content the permissions of the existing content will not be modified, although the content will be.
• A button has been added to the metadata tab of the container and object editor to allow for generation of the LOM XML content. This should make it easier to add additional titles in other languages.
• A help feature has been added to the CodeMirror editor. Press F1 while the cursor is inside the editor to access the help feature.
• It's now possible to randomize and sort lines in the CodeMirror editor. You use the keys F8 and F9 respectively to perform these actions.

Enhancements

• The current_timestamp template function now returns a DateTime instance instead of a string, allowing for more date math and other behavior. The returned timestamp always has the timezone set to UTC, instead of using local timezone. This does mean that users will see timestamps with an offset from what they're used to, but this can't be improved unless we have some way of gathering the time zone from the browser and storing it in the session (or cookies).
• A lot of the behavior around adding and removing permissions to containers and objects has been changed. It should now be more consistent all over.
• Some strings in the Spanish translation was updated.

Bugfixes

• When the create_response template function was used and the CodeMirror editor was used, saving and sending in content was impossible. This has now been fixed.
• HTTP redirects didn't include a CORS header, even if one was specified for the site. This has been fixed.

Feature removals / deprecations

• Removed the old and unused get_isbn HTTP request handler.