Product news and other information from the developers of Portfolio.
Showing 76 - 80 of 132
  • Session security and language improvements

    Posted by: Fagbokforlaget admin 29. May 2018 15:46

    This update (65f3052) brings with it the following changes:

    Security issues

    • If a user is logged out because their IP address changed, inform them about it.
    • Disable use of the X-Forwarded-For HTTP header as the source of the client IP address. It can be forged. Only approved reverse proxy servers are now allowed.


    • Added Burmese, Sorani (Central Kurdish) and Kurmanji (Northern Kurdish) translation languages.
    • Added new user interface languages Greek and Romanian. If a user selects this language the messages will come in English, as the language has not yet been translated.
    • Upgraded the languages Arabic, German and Turkish to user interface languages. Same note as above applies.
    • Improved the names of both Norwegian languages and Pashto.
    You must be logged in to read or post comments
  • Session variables, flash messages, performance improvements and more

    Posted by: Fagbokforlaget admin 29. May 2018 15:46

    This update (c47d0e4) brings with it the following improvements:

    New features

    • Session variables can now be used to store information for anonymous users. Only pre-approved variables can be used, and they have very limited size.
    • Whenever you perform an activity that stores some kind of information, you will now get a flash message about what happened when the page redirects. This message was not displayed earlier. Flash messages can have three severities: info, warning and error.
    • Anonymous users can now set their language preference using the manage_language() template function. This is not available in the default template, but sites can choose to use this feature as required. All three language settings can be set.

    Performance improvements

    • Session authentication and information is now stored in a Redis database that should allow much higher concurrency than our old solution.
    • Avoid logging a lot of event information that is never displayed anywhere. Also removed 34 million old events which are no longer needed.

    Security improvements

    • The session ID is no longer logged with the login event, which could be used by certain privileged users to hijack sessions. This is no longer possible.
    • The online request handler now shows the IP addresses associated with the sessions if you're logged in as a global administrator. Guests are also displayed in the table.


    • Whenever you hide or show the left/right panels or the message of the day, this is now stored in a session variable instead of a cookie.
    • The user panel (right side of the screen) now stores in a session variable which section is open on page refresh.
    • When you close the file browser, the last folder you were in is stored in a session variable and the next time you open it without a specific location you should be back where you were.
    • Whenever the message of the day is added or changed the users that have hidden it will see it again.
    • Flash messages are now used on CEFR sites to inform about report sent. This allows users to return to the report after sending it.
    • When storing an object using JSON response mode, the serialized object is now returned to the caller.


    • Fix a partially hidden logout button issue in Google Chrome.
    • Fix a bug where the value 0 is not considered a valid label.
    • Make multi-select in the inbox and outbox more consistent with normal UI behavior.


    • The old time log request handler which was replaced with the page views report has now finally been removed. It's not been usable since February 2014.
    You must be logged in to read or post comments
  • Update to Google Universal Analytics and fix multiple character encoding issues

    Posted by: Fagbokforlaget admin 29. May 2018 15:46

    This update (0e904af) brings with it the following changes:


    • Fix character encoding issues when doing the following:
      • adding configuration set values
      • modifying configuration values
      • modifying site names
      • storing assignment scores
      • creating message box tags
      • creating objects
      • creating containers
      • modifying glossary entries
    • Avoid a database error if an invalid number is specified when storing or updating an object or container.


    • Updated to Google Universal Analytics for better user behavior insight.
    You must be logged in to read or post comments
  • Bugfix for missing send button on Java-based voice recorder

    Posted by: Fagbokforlaget admin 29. May 2018 15:46

    This update (d89c9f5) brings with it the following changes:


    • Fix problem with character set encoding when editing course name.
    • Ensure the send button on the Java-base voice recorder is available.
    You must be logged in to read or post comments
  • Server upgrades, feature additions and lots of improvements

    Posted by: Fagbokforlaget admin 29. May 2018 15:46

    This update (a8682bc) brings with it the following changes:

    Terminology changes:

    • What was earlier known as a PIN code is now called an access key.
    • PIN code series are now known as access key collections.

    New features:

    • The access keys associated with a user is displayed on the user profile page.
      • Administrative buttons to remove access keys have been added in case confusing privileges have been assigned.
      • Access keys can now be invalidated, which is done when they are removed from a user on their profile page.
    • Access given by access keys are now validated during login, which should ensure they are always current.
      • If a user logs in via e-Portal, but they have an expired access key that has not been invalidated, they will be given access via e-Portal, but immediately lose access because of the expired access key. By logging in again the privileges associated with the e-Portal login should be enabled, as the access key expiration will not be performed multiple times.
      • If a user loses access and is immediately given new access, their role in the institution and course will be reset to student. Because of this behavior, access keys with expiration dates should not be used to give supervisors access.
    • Allow the recorder() template function to set soft and hard time limits. This can be used to specify the maximum length of a recording. Only the Flash-based recorder implements this feature.
    • Voice comments can be directly recorded from the commenting user interface.
    • A new template function called quiz_aggregate() has been made available, which is used to perform aggregate calculations on the quiz score of multiple objects for the current user. This should make it possible to create quiz summary documents more easily.
    • It is now possible to parse CSV files directly in templates using the parse_csv() function. It returns an iterator object that can be used in different ways.
      • The CSV column separator should be specified in the object custom_init variable csv_sep_char. If it is not specified it defaults to a comma. You can only use a single character as the separator.
      • You can also specify a flag to indicate that the CSV file has a header in the first line. If csv_has_header=1 is specified in the object's custom_init, the first line will be used as the column names. This will also make the iterator return hashes instead of arrays.
    • A new generic CSV request handler was implemented, with one action that sends email to a recipient specified in the CSV file using a custom email template. When using this feature the current user will always receive a copy of the email.
    • A generic decode_json() template function that can be used to convert e.g. config variables in JSON format to a data structure usable by templates.
    • A template function called inflate_users_by_config() has been added that allow users to be fetched that have a specific config variable set.

    Performance improvements:

    • Upgraded web server to Ubuntu 14.04 LTS.
    • Upgraded database server to PostgreSQL 9.3.
    • Upgraded Perl to 5.18.
    • Improved object accessor method performance. This should give an all-round speed boost.
    • Significantly improved the speed of the institution user overview report. Now it should be able to display a list of 7000 users in about 5-10 seconds.
    • Only load JavaScript-based translations for the active language instead of all languages. Should increase page
    • rendering/parsing time.


    • The read_account (user profile) request handler has been rewritten. Some variables have been renamed: manage_account => can_manage, config => user_config_map.
    • When activating an access key a user is automatically logged in again to ensure the access the key gives is activated.
    • The recorder() template function now has a recipient parameter which allows sending the recording to a user.
    • The config() template function can now fetch information about other users, but only if you're part of a group that has a particular permission. Not even global administrators have this permission by default. If you've got this permission you can only view information on users that are part of the same institution as the group that gave you the permission.

    Security issues:

    • Remove access to a user's password in the element_comments template.
    • Ensure sensitive user details are not logged backend.


    • Ensure login panel is always visible for anonymous users, regardless of browser session preference.
    • Institution roles on user profile pages belonged to the logged-in user, not the user being viewed.
    • Fix usability issue in comment editing user interface.
    • Ensure two ping requests being sent at the same time do not generate database error but a normal error message instead.
    • Avoid database error (race condition) when storing quiz score and scoring hand-in assignments.
    • Fix margin issue on radio quiz types when used with right-to-left languages.
    • Add a polyfill for missing Function.prototype.bind JavaScript feature in IE8.

    Feature removals / deprecations:

    • It is no longer possible to limit a user from login in using date ranges. This feature caused a lot of support issues and has been rewritten to only affect permissions and membership instead of the ability to login.
    • The message_system() template function is now completely redundant, now that we have the new recorder. It is still functional and works as it did previously, but it is now using the new recorder instead of a popup window.
      • message_system() will also check if the current supervisor is actually set to something and give you an error if it isn't, to avoid some unexpected behavior if a user is not in a course or doesn't have a supervisor.
    You must be logged in to read or post comments
Showing 76-80 of 132
First Previous Next Last