Signed-off-by: Richard Mansfield <richardm@catalyst.net.nz>

Signed-off-by: Richard Mansfield <richardm@catalyst.net.nz>

Signed-off-by: Richard Mansfield <richardm@catalyst.net.nz>

(cherry picked from commit 4b67fc500857aeb5ff03cb0f4f94fccebd4b9c99)

Signed-off-by: Richard Mansfield <richardm@catalyst.net.nz>

Signed-off-by: Lorena Paoletti <lorena.paoletti@gmail.com>

Signed-off-by: Richard Mansfield <richardm@catalyst.net.nz>

Absolutely any institution admin was granted editing permisions to artefacts
that use 'can_edit_artefact' method to check editing permision ("Comments" in
particular).
Signed-off-by: Ruslan Kabalin <ruslan.kabalin@luns.net.uk>

Signed-off-by: Richard Mansfield <richardm@catalyst.net.nz>

Signed-off-by: Richard Mansfield <richardm@catalyst.net.nz>

Signed-off-by: Richard Mansfield <richardm@catalyst.net.nz>

Signed-off-by: Richard Mansfield <richardm@catalyst.net.nz>

Signed-off-by: Richard Mansfield <richardm@catalyst.net.nz>

Signed-off-by: Richard Mansfield <richardm@catalyst.net.nz>

Signed-off-by: Richard Mansfield <richardm@catalyst.net.nz>

Signed-off-by: Richard Mansfield <richardm@catalyst.net.nz>

Signed-off-by: Richard Mansfield <richardm@catalyst.net.nz>

Signed-off-by: Richard Mansfield <richardm@catalyst.net.nz>

Signed-off-by: Richard Mansfield <richardm@catalyst.net.nz>

Signed-off-by: Richard Mansfield <richardm@catalyst.net.nz>

Signed-off-by: Richard Mansfield <richardm@catalyst.net.nz>

Allow specification of path to openssl.cnf file - helps those running Mahara under windows to enable networking. This patch also removes bad array passed into openssl_csr_new (Bug #548233)
Signed-off-by: Dan Marsden <dan@catalyst.net.nz>

Signed-off-by: Richard Mansfield <richardm@catalyst.net.nz>

Signed-off-by: Richard Mansfield <richardm@catalyst.net.nz>

Signed-off-by: Richard Mansfield <richardm@catalyst.net.nz>

Signed-off-by: Richard Mansfield <richardm@catalyst.net.nz>

Signed-off-by: Richard Mansfield <richardm@catalyst.net.nz>

Signed-off-by: Dan Marsden <dan@catalyst.net.nz>

Signed-off-by: Dan Marsden <dan@catalyst.net.nz>

Signed-off-by: Dan Marsden <dan@catalyst.net.nz>

Signed-off-by: Richard Mansfield <richardm@catalyst.net.nz>

Signed-off-by: ¨Lorena <lorena.paoletti@gmail.com>
(cherry picked from commit 3fccdaa6ddb13526084b195e7fcf9b8ec12bf01e)

This is not exploitable because validation of the shortname field
prevents admins from adding quotes to an institution's name.
Signed-off-by: Francois Marier <francois@catalyst.net.nz>

This was not exploitable, but will reduce the risk that a SQL injection
will be accidentally introduced in the future.
Signed-off-by: Francois Marier <francois@catalyst.net.nz>

This is not a security fix but rather a cleanup to harden this code
and make it harder to accidentally introduce a SQL injection in the
future.
Signed-off-by: Francois Marier <francois@catalyst.net.nz>

This is not a security fix but rather a cleanup to harden this code
and make it harder to accidentally introduce a SQL injection in the
future.
Signed-off-by: Francois Marier <francois@catalyst.net.nz>

Signed-off-by: Francois Marier <francois@catalyst.net.nz>

Signed-off-by: Francois Marier <francois@catalyst.net.nz>

Signed-off-by: Francois Marier <francois@catalyst.net.nz>