- 15 Jan, 2013 2 commits
-
-
bonnie authored
Changed the limit of the amount of members shown so that a maximum 100 can be shown at once on the group home page instead of a maximum of 40 Change-Id: If0b8a8ddd3a8e1d23bc4cf55ba1d9b527c7ad076 Signed-off-by:bonnie <kurousagiwasugoi@gmail.com>
-
bonnie authored
On the 'Suspended and Expired Users' page I have changed the colour of the 'Delete Users' button from green to red. Change-Id: Ie8c02bfcc5e31667439a59b4494d319cfb3ab7b4 Signed-off-by:
-
- 27 Dec, 2012 1 commit
-
-
Son Nguyen authored
-
- 14 Dec, 2012 1 commit
-
-
Son Nguyen authored
Make sure the string '&' does NOT passed to 'url' of a pagination. All values of 'url' passed to build_pagination were well investigated and fixed. All strings of '&' were also well investigated Change-Id: Id35837459e9dcfc42d2d6133720123e85758aac1 Signed-off-by:Son Nguyen <son.nguyen@catalyst.net.nz>
-
- 13 Dec, 2012 1 commit
-
-
Son Nguyen authored
(Bug #1089730) Change-Id: Ia244fa6fafdf32b0d8423646871a815c4397f1aa Signed-off-by:
-
- 12 Dec, 2012 1 commit
-
-
Ruslan Kabalin authored
Change-Id: Iee6a362c264eed24dea92ea7b86b9b29fab2e9ee Signed-off-by:Ruslan Kabalin <r.kabalin@lancaster.ac.uk>
-
- 30 Nov, 2012 5 commits
-
-
Hugh Davenport authored
Added form entries Added strings Fixed links for non-js enabled browsers Added function for js enabled browsers Change-Id: I24887725d0be67c1bfab30338fb3cadf96ec362e Signed-off-by:Hugh Davenport <hugh@catalyst.net.nz>
-
Hugh Davenport authored
Uses the constraints system, added to the internal plugin. Third party search libraries will need to be altered Change-Id: Ib3a0e64eedbf8a57f449e749c97a805dcc1d49c5 Signed-off-by: -
Son Nguyen authored
-
Son Nguyen authored
-
Son Nguyen authored
-
- 28 Nov, 2012 2 commits
-
-
Francois Marier authored
The default value is 2 in most versions of PHP so this change should have no effect. However, if it were set to anything else than that, the certificate verification would be meaningless since you could create a MITM attack easily by swapping in a valid cert for any hostname. Change-Id: I86156bad43507d9393f06b1f821a050e720b353f Signed-off-by:Francois Marier <francois@mozilla.com>
-
Hugh Davenport authored
-
- 27 Nov, 2012 3 commits
-
-
Melissa Draper authored
-
Melissa Draper authored
Due to an override for moodle sites in Firefox 17 the useragent in moodle and mahara cannot match, therefore jumping is broken. This does not remove the useragent data storage, just the check when the query for the sessions occurs in transfer and logout. Change-Id: I59a2e3fb1aea20027ce6cf24338440c866b56f58 Signed-off-by:Melissa Draper <melissa@catalyst.net.nz>
-
Hugh Davenport authored
Change-Id: I947acea1d79f22b3fca796153afd898d0f317b37
-
- 23 Nov, 2012 1 commit
-
-
Hugh Davenport authored
-
- 22 Nov, 2012 6 commits
-
-
Hugh Davenport authored
Currently, the url of a pagination (used for the prev/next links as well as the numbered pages, and also the POST action in the form tag used for selecting a variable limit, added in the commit listed below) was not santized on output. This was discovered from the group member search page which passed in the query as a GET paramter in the URL for the pages. This uses slightly different code to some of the newer paginations, but it may affect other places that use similar era pagination setup. The commit introducing the new selector for a variable limit was f3162f80 This patch fixes this by sanitizing the url on output, in both the form tag and the prev/next and numbered links. CVE-2012-2253 Signed-off-by:
-
Son Nguyen authored
-
Hugh Davenport authored
Change-Id: I62c48bfc55e7bc80dca97a34592d6e8fbd00a465 Signed-off-by: -
Hugh Davenport authored
* changes: Makefile: Add a test for security keywords to securitycheck Add security target for Makefile
-
Hugh Davenport authored
Currently checks for cve or security. Change-Id: I69ae3a2a721bf0179d7b914c8f40f612e71a6204 Signed-off-by: -
Hugh Davenport authored
It will push a draft patch, and add the security team to the reviewers list. Change-Id: Icdc4672abaae327db2066c74ff7b484623de5a4f Signed-off-by:
-
- 21 Nov, 2012 1 commit
-
-
Ruslan Kabalin authored
User can't join them directly or via site request. Change-Id: I870011d42e6c6513fec33790739b3c58e375e456 Signed-off-by:
-
- 20 Nov, 2012 2 commits
-
-
Ruslan Kabalin authored
Change-Id: I77df774a700ad846a02762bcf4e2fa75609f7f04 Signed-off-by: -
Melissa Draper authored
Was broken by commit 544c62b7 for (Bug #941551) Change-Id: I5ef546564677927e96541791ca3bbee1869e544b
-
- 19 Nov, 2012 1 commit
-
-
Son Nguyen authored
split() will be replaced by explode() if using a string as a delimiter and by preg_split() if using regular expression Change-Id: I93a84150197fb290f89a04f10d5f0fd1e380f0da Signed-off-by:
-
- 15 Nov, 2012 1 commit
-
-
Gregor Anzelj authored
When not escaped, the adodb abstraction layer did not use the prefix Change-Id: Id44f520e2331be7f3e322f2084412d0b3545701c Signed-off-by:Gregor Anzelj <gregor.anzelj@gmail.com>
-
- 29 Oct, 2012 1 commit
-
-
Hugh Davenport authored
It used to only check javascript or PHP files. Now it will check for conflicts in all files. In future, we should change the test to cover all file types, as described in the following, though still only PHP and JS has been written. https://wiki.mahara.org/index.php/Developer_Area/Coding_guidelines Change-Id: I7051eedbf2691ca1dc51ccbffd1da3c7f613f351 Signed-off-by:
-
- 19 Oct, 2012 1 commit
-
-
Melissa Draper authored
-
- 18 Oct, 2012 3 commits
-
-
Hugh Davenport authored
-
Melissa Draper authored
-
Hugh Davenport authored
Bug #1067921 Adds an extra 10px to the "guessed" width. Currently done with javascript, we should fix this for 1.7 to not depend on javascript and style attributes and instead use css Change-Id: I715147fdecb31a1cc0f659f7d4dcc9321ec997e1 Signed-off-by:
-
- 17 Oct, 2012 1 commit
-
-
Hugh Davenport authored
Bug #1067551 When using the default theme, and a full screen tinymce window is used. The full screen only took 1/3 of page, and wouldn't scroll. When viewport size changed, it went to true full screen but still didn't scroll. Change-Id: I5b4e02d459e3345a00ff24aa64f99ac76c605ce5 Signed-off-by:
-
- 16 Oct, 2012 1 commit
-
-
Hugh Davenport authored
Related to bug #1047111 That bug fixed the XXE attack by setting the following to true libxml_disable_entity_loader This caused issues with the leap2a importer used by mnet, which used the simplexml_load to load the xml which relies on file based remote entities. For this situation, a the following flag is used, which stops network based XXE attacks LIBXML_NONET Change-Id: I3d95ebc9c38374d339d66a80feaa39f5c15f1022 Signed-off-by:
-
- 15 Oct, 2012 4 commits
-
-
Hugh Davenport authored
Now allows for null, and more comparison operators Change-Id: I4ab9cb8161a346a7a4d5e79f96421cf360b71e4c Signed-off-by: -
Hugh Davenport authored
Make links work the same as javascript version Change-Id: I4bd2b7158ed8be5a2951a21c6262958003996932 Signed-off-by: -
Hugh Davenport authored
Now stores all the parameters together, and allows the initials to use the javascript 'speedup' Change-Id: Ie707c2b73852dcb34e9372658b86aa1ad70ba8cc Signed-off-by: -
Hugh Davenport authored
Turns out that the refs/for/ syntax is deprecated for refs/publish/ which was brought in when drafts were. Change-Id: I80fe5c6ccad090aab6fb9c426285c5d49c0b8082 Signed-off-by:
-
- 10 Oct, 2012 1 commit
-
-
Hugh Davenport authored
Bug #1063480 CVE-2012-2243 If a user modifies a form in such as way that an error is caused based on their input there is a possible XSS avenue. This was displayed in the user/group CSV uploads, with a malicious script in the header which causes a CSV parsing error and was then passed back to the user verbatim. This patch escapes all error messages in the pieform error output. Change-Id: I136546266115faa92b727317d6539518d73aea55 Signed-off-by:
-
