Today's update (146d133) brings with it the follow changes:

Security issues

• Allow site administrators to set the CORS Access-Control-Allow-Origin HTTP header, allowing JavaScript applications on other sites access to data in Portfolio. The site configuration variable in question is named http_access_control_allow_origin. This was requested by the d-bok project.

Performance improvements

• The implementation of HTTP range requests for binary content allow the video and audio player to skip ahead in the stream, saving some bandwidth when users are only interested in a specific portion of the stream.

New features

• Support for HTTP range requests (RFC 7233) was added to all binary content served by Portfolio. The thumbnail, watermark and wav2mp3 HTTP request handlers have ranged requests disabled, because the content is dynamically generated. This also means that normal voice recordings performed in the WAV format does not support range requests during playback, because it internally uses the wav2mp3 request handler. This is because some browsers don't support playback of WAV files using HTML5.
• Additional API documentation. All template handlers should now be documented. A significant portion of the HTTP request handlers have also been documented.

Enhancements

• Binary HTTP responses from Portfolio was refactored, which should give more consistent response in terms of caching behavior.
• Improved the readability of the legend text in the CEFR placement test usage report.

Bugfixes

• Google Chrome users were unable to seek in MP4 video files before the entire video file was cached locally and the page was reloaded. This should now work as expected.

Today's update (2ef4099) brings with it the following changes:

New features

• A report showing how many CEFR placement tests have been completed has been added. The report is only available to global administrators and owners of the specified groups. The groups included in the report is specified in the global configuration value placement_test_usage_report_groups.
• Added back-end tool take_ownership. With this tool ownership on institutions, groups, courses, containers and objects can be quickly changed recursively.
• Added region-agnostic Arabic user-interface language with locale code ar_001 to replace the region-specific code ar_001. The code ar_001 has been demoted to a content language. When rendered in HTML markup, the new code ar_001 will show up as a lang="ar" attribute. As this locale has no region associated with it, a white flag is used where required.

Enhancements

• Updated video player to mediaelement.js 2.18.1 for better compatibility with newer browsers.
• Extended database to handle locale codes longer than 5 characters. This was required by the Arabic change mentioned above.

Bugfixes

• Fixed issue where JSON response text sometimes would return garbled Unicode text (Mojibake) and the wrong content length. Returning the wrong Content-Length HTTP header would cause all sorts of hard-to-debug issues, usually related to keep-alive connections and invalid byte boundaries. All use-cases where encode_json() was used have been reviewed and fixed.
• When a user was removed from an institution, they might not have their student/supervisor relationship revoked. This bug should now be fixed.

Feature removals / deprecations

• The user-interface language ar_001 has been demoted into a content language. You should use the locale code ar_001 instead for setting UI language.

A small hotpatch (c0e693f) was applied today to fix a few issues from yesterday's update.

Several sites had issues because the page wrapper for all request handlers wasn't named properly, causing several styles and scripts to misbehave. The sites were issues were reported were Klart det and Los geht's. The file uploader and the move feature in the file manager were also reported as broken. All of these issues were solved by naming the page wrapper properly.

It was noticed that localized titles were broken in many places, because of invalid XML LOM data. The error handling was improved to show a flash error message to the end-user instead of just logging in the server log. This should enable us to fix the issue more quickly in the future.

Today's update (631f59d) brings with it the following changes:

New features

• A new feature was added, making it possible to add a unique text to each downloaded PDF file. This feature is enabled by adding add_watermark=1 to an object's custom_init variables. PDFs available to anonymous users will never have a watermark added.

Enhancements

• Completely refactor code used to generate HTTP responses for text content because of inconsistent text encoding semantics.
• Centralize the generation of the Content-Disposition HTTP header to ensure standard compliance.
• Improved the error message if no content was generated from a request handler.
• Added flash error message if script objects throw exceptions. Also removed old method of conveying errors.
• Default content type used by textual content in read request handler changed to be text/plain instead of application/octet-stream.

Bugfixes

• The thumbnail request handler would sometimes return the wrong Content-Length if client had already cached content.
• Fixed internal server error if SVG with broken XML markup was displayed. Now the correct error message is shown.
• Fixed several situations where we could be causing mojibake (garbled text) because of broken text encoding:
  • Object type link with non-ASCII text in URL.
  • Objects with use_resolve_path=1 in custom_init and a non-ASCII file name.

Feature removals / deprecations

• Several XSL files not used in built-in code were removed.

Today's update (0b2075d) brings with it the following changes:

New features

• The voice recorder now utilizes HTML5 Web Audio support if your browser is capable. If you use a browser with HTML5 Web Audio support you're also able to pause and resume your recording.
• A new template function, gen_uuid(), was added to generate unique identifiers inside templates.

Enhancements

• It's now possible to debug how the Flash/HTML5-based voice recorder is behaving. Set the configuration variable debug_app_recorder to a true value if you need it. It is disabled by default. It can be used on all configuration levels.
• More API documentation for template functions were added. Also slightly improved layout of code snippets.

Bugfixes

• Some SVG files were not detected properly. This has now been fixed. SVG dimension detection has also been improved.
• If your user-interface language was set to Danish, all enhanced tables didn't render properly. This has been fixed.
• Native Portfolio popups didn't disable default click behavior (bubbling). It should now.
• If multiple voice recorder instances with different configurations were present on a single page, then the on-upload-behavior would always come from the last instance's configuration. This has now been fixed.