Changes for 3.3
- A new menu for joining (concatenating) columns has been added (#2109)
- Commonly used fields in dialogs now have autofocus (#2130)
- The Wikidata extension now supports adding dates with custom calendars (#2136)
- Calling reconciliation services via CORS is now supported (#2260)
- All columns can be blanked down or filled down at once (#2280)
- New "Blank values per column" and "Blank records per column" facets were added (#2220)
- A cross-site scripting vulnerability in the database extension was fixed (#2151)
- Cross-Site Request Forgery (CSRF) protection was added to POST API endpoints. If you rely on OpenRefine's server API you will need to adapt your calls accordingly, see below (#2164)
- The scatterplot facet was fixed (#2117)
- Clustering no longer returns clusters with single values (#2152)
- Changing the UI language works again (#2158)
- A bug in the reconciliation dialog which discarded property identifiers when a custom type was selected after them was fixed (#2166)
- OpenRefine now sends the selected reconciliation type as part of the suggest API instead of the default Freebase type (#2168)
- The data extension dialog uses the correct view URL pattern to generate URLs for reconciled entities (#2177)
- Spell checking in expression editors has been disabled (#1970)
- Layout of the table header for more verbose languages has been fixed (#2183)
- OpenRefine incorrectly saved to Wikidata statements with a value over 2,147,483,647 (#2244)
- Creation of wikidata items pointing to other new wikidata items was fixed (#2206)
- Wikidata editing is more robust to network failures (#2211)
- The localization fallback in the UI was fixed (#2209, #1350)
- Export to Google Sheets was fixed (#2123)
- Import of private Google Sheets was fixed (#2223)
- Handling of large quantity values in Wikidata schema was fixed (#2244)
- Wikidata login is correctly remembered again in the same session (#2228)
- The localization of the UI was fixed for cases where no language has been set in the preferences (#2227)
- Support for Google Fusion tables has been removed (#2113)
- A bug in the expression history was fixed (#2086)
- An alert related to reconciliation could pop up when working with unrelated features, this has been fixed (#1665)
- A bug in XLSX export for cells containing URLs was fixed (#2213)
- The "Sort" button is now translatable. (#2233)
- The translation of the interface was improved via Weblate
- HTTP calls in data extension tests are now mocked (#1904)
- Tests were reogranized into their correct packages (the same as the class being tested) (#2133)
- Jackson has been updated to the latest version 2.9.10 (#2181)
- The embedded Maven, downloaded when no Maven is available on the system, has been updated (#2286)
- A contributor code of conduct has been adopted (#2102)
To protect users from alteration of their workspace by other websites and other exploits, we have added Cross-Site Request Forgery (CSRF) protection to API commands which use the POST method. This means that before calling these POST methods, you need to obtain a CSRF token using the dedicated command:
GET command/core/get-csrf-token
This returns a token in a JSON response:
{
"token": "WdzF1oUsK3KyIQYaWLJVar35mHndRrO7"
}
This token must then be added as csrf_token
parameter to any POST request which performs a state change in the backend or perform other side-effects:
POST command/core/open-workspace-dir
csrf_token=WdzF1oUsK3KyIQYaWLJVar35mHndRrO7
This applies to the following commands (where the csrf_token
can be supplied either as GET or POST parameter):
-
add-column-by-fetching-urls
; -
add-column
; -
apply-operations
; -
annotate-one-row
; -
annotate-rows
; -
blank-down
; -
cancel-processes
; -
cancel-importing-job
; -
create-importing-job
; -
delete-project
; -
denormalize
; -
edit-one-cell
; -
extend-data
; -
fill-down
; -
guess-types-of-columns
; -
join-multi-value-cells
; -
key-value-columnize
; -
log-expression
; -
mass-edit
; -
move-column
; -
open-workspace-dir
; -
preview-expression
; -
preview-extend-data
; -
reconcile
; -
recon-clear-one-cell
; -
recon-clear-similar-cells
; -
recon-copy-across-columns
; -
recon-discard-judgments
; -
recon-judge-one-cell
; -
recon-judge-similar-cells
; -
recon-mark-new-topics
; -
recon-match-best-candidates
; -
recon-match-specific-topic
; -
recon-use-values-as-identifiers
; -
rename-project
; -
remove-column
; -
remove-rows
; -
reorder-columns
; -
reorder-rows
; -
set-preference
; -
set-project-metadata
(previously known asset-metaData
); -
set-project-tags
; -
split-column
; -
split-multi-value-cells
; -
text-transform
; -
toggle-starred-expression
; -
transpose-columns-into-rows
; -
transpose-rows-into-columns
; -
undo-redo
.
The following commands only accept csrf_token
as GET parameter:
-
create-project
; -
importing-controller
and subcommands; -
import-project
.
The following commands can still be used with POST but do not require CSRF tokens (although supplying one will not fail), as they do not incur a state change in the backend:
-
compute-clusters
; -
compute-facets
; -
export-project
; -
export-rows
; -
get-all-preferences
; -
get-importing-configuration
; -
get-importing-job-status
; -
get-rows
; -
load-language
.
The following commands used to be accessible with both POST and GET, they are now GET-only:
-
get-languages
.