GitLab

to delete superfluous words in the menu where
they aren't necessary.

Change-Id: Iaac0adc12aa14a5b86c8b6541173a3d06bd3eb90
Signed-off-by: Kristina D.C. Hoeppner <kristina@catalyst.net.nz>

The pluralrule string is used to generate plural forms in javascript,
so % signs should not be replaced.  Using get_raw_string rather than
get_string reads the string as-is, without running it through sprintf.

Change-Id: I709b8ef623cdc4df24828866dc62dd229107ef60
Signed-off-by: Richard Mansfield <richard.mansfield@catalyst.net.nz>

When a new user registers for an institution that requires approval,
allow the institutional admin assign staff permissions during the
approval process, based on the user's (confirmed) email address.

This is done by adding an 'extra' field to usr_registration containing
serialised data, so that more user settings can be added to the
approval form in future.

Change-Id: Ie381f1341e43109340479f06f448ece11ebb561d
Signed-off-by: Richard Mansfield <richard.mansfield@catalyst.net.nz>

to account for partial running of cron.

Change-Id: I3bd0a4de55408a4d4626de8cb6f85e72558056ed
Signed-off-by: Kristina D.C. Hoeppner <kristina@catalyst.net.nz>

Replace it with a '-' character

Change-Id: I92dff41a592748695c59582f69c00f000f555832
Signed-off-by: Hugh Davenport <hugh@catalyst.net.nz>

Change-Id: Id57f5df8aff6bdc89480acc1e99cd15dc2ac5bf5
Signed-off-by: Hugh Davenport <hugh@catalyst.net.nz>

* changes:
  Don't require reason for registering with weautocreate
  Split the registration form into js and form
  Move the registration form into a library function
  Remove email verification in registration with approval (bug #918431)
  Move registration reason field to register form (bug #918431)

Change-Id: Ic491cff6936a0a6ef3c0e8c3da14d4777a5bbc95
Signed-off-by: Hugh Davenport <hugh@catalyst.net.nz>

* changes:
  Call pieform before smarty on the register page
  Apply element classes to description line in pieform table renderer.

This allows us to alter the form definition directly
before the pieform is created

Change-Id: I3810d3dc4f30bc82dc567fad9338b76bc5296891
Signed-off-by: Hugh Davenport <hugh@catalyst.net.nz>

This will allow other auth methods (such as browserid) to use the
same form.

Change-Id: I8325696c5162aa2db485de6fd72706617c09bdc1
Signed-off-by: Richard Mansfield <richard.mansfield@catalyst.net.nz>

When an institution requires approval before registration, treat the
approval email as address verification.  After filling in the
registration form with an institution that requires approval, the user
is simply asked to wait, rather than clicking on an email link to
verify their email address.  After approval, clicking on the link from
the approval email both verifies the email & creates the account.

Change-Id: I43c28510665b6f2bf9302099b6bd294a3715a85d
Signed-off-by: Richard Mansfield <richard.mansfield@catalyst.net.nz>

Also indicates which institutions require confirmation, and hides the
reason field for those that don't.

Change-Id: I81cfa60332c921e6818e0d9329ee8319d5ea8d6c
Signed-off-by: Richard Mansfield <richard.mansfield@catalyst.net.nz>

This currently has no effect, but if we want to add a pieform element
that needs javascript to the registration form, this will allow the
element's javascript to be included on the page.

Change-Id: Ib9a5fc2848c21ef80e9bcd83fc8ad4527919f73f
Signed-off-by: Richard Mansfield <richard.mansfield@catalyst.net.nz>

The pieforms 'table' renderer applies classes supplied in the
configuration to the title row, but not to the description row.  It's
useful to add the class to the description row as well, so that you
can for example, hide both the title and description at once using
javascript.

Change-Id: Ie3e0ff413353d39548e9daeab6670d32c7625b5f
Signed-off-by: Richard Mansfield <richard.mansfield@catalyst.net.nz>

+ Add text description: "Between 1 and 100" in configuration of
'watchlist', 'recent journal entries', and 'tagged journal entries'
+ Add rule for checking the number of items to be displayed min=1,
max=100

Change-Id: Ia1016bc1cd084c855b16b7264136e83bc7a6959f
Signed-off-by: Son Nguyen <son.nguyen@catalyst.net.nz>

We have just committed to master a database upgrade with a version
number less than the current version number of the 1.5 branch.  This
means that an upgrade from the current 1.5 to master will not add the
safeiframe tables.

This patch changes the version number on master to ensure the upgrade
is applied.

This occurred because the 1.5_STABLE branch's version leapfrogged over
the master version during the release candidate stage.  This will be
fixed in the release script (see bug #988682).

Change-Id: Ic2929fa9f17719a6068494ab63e7f00558c2fdcc
Signed-off-by: Richard Mansfield <richard.mansfield@catalyst.net.nz>

* changes:
  Add voki.com to the list of allowed iframe sources
  Hide URL-processing mediasources when iframe output is not allowed
  Use htmlpurifier in external media block (bug #971289)
  Remove unused function and debugging from voki mediasources
  Admin page to manage SafeIframe sites (bug #971282)
  Move the list of safe iframe sources to the database (bug #971282)

Because iframe code generated in the external media block is now
filtered by htmlpurifier, voki.com should be added to the default list
of safe iframe sources.

Change-Id: I60e8a0312d8a940b7e74baeb58fd73e6088a0b84
Signed-off-by: Richard Mansfield <richard.mansfield@catalyst.net.nz>

The various mediasource icons in the external media block should not
be displayed when their output will be stripped by htmlpurifier.

Change-Id: I1ecfd3865b0063055c3c3b1bd66bb90cab317931
Signed-off-by: Richard Mansfield <richard.mansfield@catalyst.net.nz>

In MySQL, the collation for string literals in SQL expressions is
defined by the connection collation, which can be different from the
column collations inside the database.  When comparing string literals
to values selected from the database, this can result in an "Illegal
mix of collations" error, even if both the connection and the database
use the same character set.

Mahara already requires the column and connection character sets to be
utf8, but doesn't care about the collations, so we can fix this with
the MySQL "SET CHARACTER SET" statement, which sets the connection
collation to match the database collation.

Change-Id: Ied6fcf7062fae5aa315a43ec9ce80883e6ef5b2e
Signed-off-by: Richard Mansfield <richard.mansfield@catalyst.net.nz>

In small headers mode, the breadcrumbs should be visible at all time.

Change-Id: Icca3254d19949d88f74256a7177745c0c278ccc4
Signed-off-by: Son Nguyen <ngson2000@yahoo.com>

Error messages about cron and not installed plugins also are red

Change-Id: I898e954e60c8e085884c60322ec69cd81fac7504
Signed-off-by: Son Nguyen <son.nguyen@catalyst.net.nz>

In commit 647a99fd

 (see bug #914490),
the sitemaps were made available from the download.php script, but
this script is not publicly accessible, so crawlers would not be able
to download them.

Making the script public is okay here, because whenever a non-sitemap
file is requested, there is already an exception thrown if the user is
not logged in.

Change-Id: Ia9c62940ee7dada05f4f1b448ead0c146171535c
Signed-off-by: Richard Mansfield <richard.mansfield@catalyst.net.nz>

Now that SafeEmbed and SafeIframe options of htmlpurifier are enabled,
the external media block can make use of them, rather than always
trying to parse and generate iframe and embed code for the supported
sites.

Any html pasted into the block configuration form is now allowed to
fall through to be sanitised by htmlpurfier, so the site-wide list of
allowed iframe sites will be used rather than the existing list of
supported sites in the external media block.

Valid URLs pasted into the configuration form are still processed by
the various media_sources regular expressions in
blocktype/externalvideo/media_sources/*/mediasource.php, but the
regexes that were previously designed to operate on embed/iframe code
have been removed, and the remaining ones have been modified to match
at the beginning of a url only.

When a URL is entered, and the block saved, the embed/iframe code to
be used when rendering the block is generated immediately, and
subsequent edits of the block will reveal only the generated
embed/iframe html.  The render_instance function will still generate
the required embed code for old blocks that haven't been reconfigured
yet.

The glogster scraping code is also tightened slightly to ensure that a
URL is returned.

See https://wiki.mahara.org/index.php/Developer_Area/Specifications_in_Development/External_media_block_extension



Change-Id: I7024ab946f8a6965e78730eb1daa3441f220a10b
Signed-off-by: Richard Mansfield <richard.mansfield@catalyst.net.nz>

Change-Id: If3d1fe26f6baebb6f2939c8eeb0c8d2a69e622d2
Signed-off-by: Richard Mansfield <richard.mansfield@catalyst.net.nz>

Adds a new page for Site admins to manage the list of sites for which
iframes are allowed by htmlpurifier.  Whenever an item is added,
edited, or deleted, the regex used by HTMLPurifier is updated.  Sites
are identified by favicon, and by a string entered by the Admin to be
used as the alt/title text for the favicon image.  The source of the
favicon image can be modified in config.php, but the google service is
used by default.

Change-Id: I4117de82691a002bf250ea71622eccfad4d5f8df
Signed-off-by: Richard Mansfield <richard.mansfield@catalyst.net.nz>

Builds the htmlpurifier safe iframe regexp from a list of sites stored
in the database, instead of a hardcoded array.

Each site in the safe iframe list is associated with a name.  This
will allow several regexp items to be grouped together under the same
name when they're matching urls from the same site.

Additionally, the domain part of each site is stored in a second list
along with the names, so that it will be easy to fetch the favicon for
display in places such as the external media block configuration form.

Change-Id: I7fd2bfefbff0881e70b94beb9e8d3efb43f0f9e7
Signed-off-by: Richard Mansfield <richard.mansfield@catalyst.net.nz>