Product news and other information from the developers of Portfolio.
Showing 26 - 30 of 101
  • IP address session protection changed and multiple bugfixes

    Posted by: Robin Smidsrød 14. Jun 2016 17:10

    Today's update (ce51eda) brings with it the following changes:

    Security issues

    • Session hijacking was previously mitigated by ensuring the IP address always matched. When you're using HTTPS this is no longer needed, so it's no longer verified. Roaming between different networks (e.g. with a laptop or tablet) should now work without being logged out.


    • The CEFR final report could in some situations include voice recordings for competence levels other than the one the student self-evaluated as. This has been fixed.
    • Using the back browser button and answering a CEFR document again would skip over a document in the workflow. This should now be fixed.
    • The page activity timer is no longer restarted if you use the back/forward browser buttons to navigate to a page.
    • The wav2mp3 request handler had a race condition when dealing with ADPCM WAV files from the Java-based voice recorder. This should now be fixed.
    • Some broken HTML markup in my configuration and other reports was fixed.
    You must be logged in to read or post comments
  • SASS stylesheet rendering, page timeout, timers and more improvements

    Posted by: Robin Smidsrød 11. May 2016 18:24

    Today's update (7601a42) brings with it the following changes:

    Security issues

    • A new template function called explain() was added, used to dump the contents of variables used in templates with proper color and indentation. The use of Dumper.dump() caused sensitive data to be made available. The old Dumper.dump() method will still work, but restricted attribute values will be trimmed, just like explain() does.

    Performance improvements

    • All HTTP request handlers and backend cron jobs now has a timeout value. The default timeout for a request handlers is now 2 minutes. The developer resource that lists request handlers now also includes information about the timeout for each handler. This should ensure that runaway processes no longer cause worker process resource starvation.
    • When PORTFOLIO.create_search_form() is executed, it will no longer perform the XmlHttpRequest call if the DOM element it should be rendered into is not present.

    New features

    • It's now possible to compile SASS stylesheets into CSS on the fly. A new menu item for creating a SASS stylesheet has been added. Text files with the extension .sass or .scss will be detected as SASS/SCSS stylesheets during upload. The libsass C++ engine is used for the compilation. @import statements are supported, and resolve relative to the object that is being rendered. The prefix _ and the extension (.sass/.scss) is automatically appended if not specified to support the same behavior as the Ruby implementation.
    • The resolve_path() template function is finally available. It works just like the resolve_path request handler, and must start with a container identifier. They both just verify permission on the final object/container in the path, just like before.
    • The current_site template function can now be used. Some of the other site_XXX template variables are now redundant. Using current_site.container_data.resolve_path("path/to/file") is a good way of getting access to content below the site root without resorting to hard-coded container identifiers.
    • It's now possible to start and stop timers during template rendering. This allows more detailed timing information about page rendering to be displayed as an HTML comment at the end of the page if the enable_timing_report configuration variable is set. The report will also include how much time is spent in each template function, each template and the total time spent on generating the HTML.


    • Added new parameter render_mode to the embed() template function. You can set the value to either inline, raw or the default empty value. Inline mode will render the JavaScript and CSS inside the HTML instead of linking to external file (which is the default). Using the raw response mode is practical if you want to use a page object to bundle all CSS or JavaScript into a single HTTP request.
    • When a stylesheet is viewed directly instead of embedded, the actual CSS text is now rendered, so it is easier to know what you're working with.
    • Stylesheet objects are no longer forced to text/css mimetype regardless of which mimetype was set. It is now only used as a default.
    • The e-portal single-sign-on and push message handling now use the standard timeout feature, giving more consistency.
    • Improved code layout in read request handler, enabling proper filename when downloading content in more situations.
    • The generic error pages which are shown when the application doesn't respond properly have been improved. The language should be more user-friendly.


    • Fix an internal server error when trying to upload a zero-length file. Now it shows the correct error message.
    • An unhandled exception when generating thumbnails is now handled, returning a proper error message instead.
    • Browsers have changed behavior with how they handle strong ETag cache validation tokens. Browsers now return a weak validator token even though we send a strong one. Ignore the weak ETag classifier so HTTP 304 NOT MODIFIED responses are generated when they should.
    • The word occured was consistently mistyped. Now it has been changed to the correct occurred in all strings.

    Feature removals / deprecations

    • The page_timer template function no longer returns the timer value for the entire page. It now returns a timer instance you can use to start, stop and report timing information. This changes the API, so documentation has been updated to match the new behavior.
    • The request.filename local template variable was not used anywhere and was removed.
    You must be logged in to read or post comments
  • Fixed regressions in MP3 audio player

    Posted by: Robin Smidsrød 15. Mar 2016 17:22

    Today's hotpatch (5806a47) fixes the following regressions:


    • The MP3 audio player was eating DOM elements, causing lots of different kinds of errors. This should now be fixed.
    You must be logged in to read or post comments
  • Enabled sending links to any objects and some bugfixes

    Posted by: Robin Smidsrød 14. Mar 2016 17:48

    Today's hotpatch (08fd291) has the following changes:


    • It's now possible to send links to objects you don't have access to, making it possible for teachers to easily send a link to a student asking them for permissions.


    • The recipient in the To column in the outbox was not shown. The sender's name was shown instead. This has now been fixed.
    • It was previously possible to iterate through containers forever by specifying an ever-increasing list_start value to the read_container request handler. This should now emit an error.
    You must be logged in to read or post comments
  • Hotpatch to address bugs since last update

    Posted by: Robin Smidsrød 11. Mar 2016 07:04

    Today's hotpatch (3e3544b) brings with it the following changes:

    Performance improvements

    • The poor performance of the My students report since last update has been fixed. It should now render in less than a second for most users.
    • The My contacts sidebar should render somewhat faster.
    You must be logged in to read or post comments
Showing 26-30 of 101
First Previous Next Last