Skip to content

Merge27 to28#10440

Merged
driusan merged 11 commits intoaces:28.0-releasefrom
driusan:Merge27To28
Apr 8, 2026
Merged

Merge27 to28#10440
driusan merged 11 commits intoaces:28.0-releasefrom
driusan:Merge27To28

Conversation

@driusan
Copy link
Copy Markdown
Collaborator

@driusan driusan commented Apr 8, 2026

Merge fixes from 27.0 release branch into 28 branch.

DO NOT SQUASH.

cmadjar and others added 11 commits March 26, 2026 14:10
@cmadjar
Merge commit from fork
ae4c29e 
* remove buildWhere with the SQL injection

* remove buildWhere with the SQL injection
@driusan
Merge commit from fork
c7b21bb 
to escape the configured path.

Also wrap error message in htmlspecialchars.

Co-authored-by: Dave MacFarlane <dave.macfarlane@mcin.ca>
@driusan
Copy both production and dev react to htdocs (aces#10427)
8c7c887 
The webpack config is incorrectly only copying one (production or dev)
version of react to htdocs. This causes the login page to stop loading
based on the sandbox flag, which may be trying to load one or the other.

The decision to copy or not in webpack is based on a NODE_ENV
environment variable which is not used or documented anywhere in LORIS,
and LORIS may dynamically choose one or the other based on the
configuration variable which can be changed without recompiling.

Go back to copying both so that LORIS will load regardless of the
sandbox flag.

Fixes aces#10425
Fixes aces#10400
@racostas
Merge commit from fork
ab11fc4 
* [security- document_repository] Adds BackEnd per site validation to match FrontEnd.

* Keeps 27 and 28 release compatibility.

---------

Co-authored-by: lorisadmin <rolando.acosta@mcin.ca>
@jeffersoncasimir
Merge commit from fork
ee3faf3 
* Fix help content output

* Set content-type: json to ajax help response

* Remove extra line

* Add file_exists check
@racostas
Merge commit from fork
8978dd6 
* [security - publication] Takes loris URL from server side, not from the form POST.

* Takes out the reference to the direct link from templates.

---------

Co-authored-by: lorisadmin <rolando.acosta@mcin.ca>
@skarya22
Merge commit from fork
e7d12f9 
* [media] Permissions fix

* Revert "Delete modules/media directory"

This reverts commit c009e9f8275db6f2777a8d3937d58e2d65e8b6f6.
@cmadjar
Merge commit from fork
5b5f70f
@driusan
Merge commit from fork
e01bcef 
Co-authored-by: Dave MacFarlane <dave.macfarlane@mcin.ca>
@regisoc
Merge commit from fork
f57f54b 
* login redirect fix

* url redirect - string and trim
Merge remote-tracking branch 'aces/27.0-release' into Merge27To28
c9ffd02
@github-actions github-actions bot added Language: PHP PR or issue that update PHP code Language: Javascript PR or issue that update Javascript code Module: document_repository PR or issue related to documen_repository module Module: electrophysiology_uploader PR or issue related to electrophysiology_uploader Module: help_editor PR or issue related to help_editor module Module: login PR or issue related to login module Module: media PR or issue related to media module Module: publication PR or issue related to the publication module Module: survey_accounts PR or issue related to the survey_accounts module labels Apr 8, 2026
@driusan driusan merged commit c9bb7c8 into aces:28.0-release Apr 8, 2026
18 of 21 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

Language: Javascript PR or issue that update Javascript code Language: PHP PR or issue that update PHP code Module: document_repository PR or issue related to documen_repository module Module: electrophysiology_uploader PR or issue related to electrophysiology_uploader Module: help_editor PR or issue related to help_editor module Module: login PR or issue related to login module Module: media PR or issue related to media module Module: publication PR or issue related to the publication module Module: survey_accounts PR or issue related to the survey_accounts module

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@driusan @cmadjar @racostas @jeffersoncasimir @skarya22 @regisoc