GitLab

In other places we check the LOWER(username) but for some reason
in find_by_username() we don't. We should do it here as well for
consistency.

behatnotneeded

Change-Id: Ie692aeace0c8aa2f6989683e094ac6625f153b98
Signed-off-by: Robert Lyon <robertl@catalyst.net.nz>
(cherry picked from commit fb330e38)

Signed-off-by: Aaron Wells <aaronw@catalyst.net.nz>

Signed-off-by: Aaron Wells <aaronw@catalyst.net.nz>

Robert Lyon authored Apr 20, 2016 and Aaron Wells committed Apr 22, 2016

And tidying up a hardcoded string

behatnotneeded

Change-Id: I6f42d57adf414c94b6522602742c4f36d4d7367f
Signed-off-by: Robert Lyon <robertl@catalyst.net.nz>

Robert Lyon authored Apr 20, 2016 and Aaron Wells committed Apr 21, 2016

behatnotneeded - unable to test other languages

Change-Id: I417b1b1bd8fd8dcddcd1c7277d2da83d2c3c6f8e
Signed-off-by: Robert Lyon <robertl@catalyst.net.nz>
(cherry picked from commit 8d58e3a6)

Robert Lyon authored Apr 15, 2016 and Aaron Wells committed Apr 21, 2016

When looping through all auth to see if a user can login

behatnotneeded

Change-Id: I51693fac3c650ff529ccfc98586c50f4d185f591
Signed-off-by: Robert Lyon <robertl@catalyst.net.nz>
(cherry picked from commit 4993ce1c)

Rather than having an increasing list of specific parameters
that we know to have passwords, this patch censors the content
of any parameter with a name that contains the string "password"
or "pw".

behatnotneeded: Can't test with Behat

Change-Id: Ifaa2ec10cf749c173b1a8d0928c6cc052124a83f

Robert Lyon authored Mar 29, 2016 and Aaron Wells committed Apr 21, 2016

An oversight when making the change to remove group_homepage_url()
from templates.

behatnotneeded

Change-Id: Icf1eefe1f8e97e4040c61ac7321d944f02a62df1
Signed-off-by: Robert Lyon <robertl@catalyst.net.nz>
(cherry picked from commit 45329751)

Liam Sharpe authored Apr 15, 2016 and Robert Lyon committed Apr 21, 2016

behatnotneeded

Change-Id: I7f4f040abb6e9989eac6077ed28f946c44813927
(cherry picked from commit 9c0cb45a)

We have existing code that tries to regenerate your
session ID when you log in. But it stopped working
in PHP 15.04 because the session has usually been
closed when it gets called.

Change-Id: I5f99cdf355892040866bb0113fd934e3d37bf33c
behatnotneeded: Can't be tested by behat
(cherry picked from commit a923f51b)

Aaron Wells authored Apr 18, 2016 and Robert Lyon committed Apr 20, 2016

Bug 1570744: Accidentally used set_cookie() instead of
setcookie(). This makes the cookie break if you use
the $cfg->cookieprefix setting.

behatnotneeded: Covered by existing tests

Change-Id: Idec3676222e3ff4eb22f7925de6bec10cfa35755

Aaron Wells authored Apr 15, 2016 and Robert Lyon committed Apr 20, 2016

This patch does 2 things:

1. It loads the session much earlier during init.php. We wind
up creating one on *every* script load anyway, due to LiveUser's
constructor. Sometimes it gets created earlier if other code
tries to use it before then, which adds some unpredictability
to things. Moving it up to the top of init.php reduces that
unpredictability.

2. It turns out that in PHP 5.3, using header_remove('Set-Cookie')
to only doesn't remove session headers. But header_remove()
(with no params) to remove *all* cookies does remove them. So
I'm changing remove_duplicate_cookies() to use that instead.

3. Also in PHP 5.3, session headers are visible in headers_list().
In situations where your session id changes (due to session_destroy()
and session_regenerate_id()), our use of array_unique() meant we
would preserve the old and new session IDs and send both back
to the browser. This patch makes remove_duplicate_cookies() aware
of the current session ID, and it only preserves that one.

Change-Id: I7a90b8692a5f97429415aa9a17451a44cd2109dd
behatnotneeded: Covered by existing tests
(cherry picked from commit 83ec33f2)

Tobias Zeuch authored Apr 18, 2016 and Robert Lyon committed Apr 19, 2016

Bug 1571421: In the exists-subquery the join-condition contains a reference to an outer table alias, which is not supported in MySql (though it seems to work in Postgres). This leads to a "site unavailable" e.g. when searching on the "shared with me" page.
The solution is to move the condition into the WHERE-part. This might actually improve performance because it allows the database engine to precalculate the join one single time and reuse it for each Exists-subquery

behatnotneeded

Change-Id: I5097154d939bf7ddba01d5845af7e8cbb42681b8
Signed-off-by: Tobias Zeuch <tobias.zeuch@rwth-aachen.de>
(cherry picked from commit 65c21985)

Liam Sharpe authored Apr 15, 2016 and Robert Lyon committed Apr 19, 2016

behatnotneeded

Change-Id: Ic839970344a7b09d742f3f609ef2a80e6ea500af
(cherry picked from commit 6fa397e3)

Liam Sharpe authored Nov 12, 2015 and Robert Lyon committed Apr 19, 2016

- Fixed 'Remove' button for existing attachments
- Fixed reloading of modal popup for 'Add a file' if form reloads with
error

behatnotneeded

Change-Id: Ib68e6a33beb6f85701281fcdf337fafd079c9528
(cherry picked from commit 17190a62)

Liam Sharpe authored Apr 14, 2016 and Robert Lyon committed Apr 19, 2016

behatnotneeded

Change-Id: I19e0890d0129f5e77cc2f73bfc65a4d3e9c16ce1
(cherry picked from commit d16343fd)

Charlie authored Apr 05, 2016 and Robert Lyon committed Apr 19, 2016

Change-Id: I2f6bea69724c660724bc7b44fd6f6530ee6c5d0c
(cherry picked from commit 3f677782)

Kristina Hoeppner authored Apr 02, 2016 and Robert Lyon committed Apr 19, 2016

Making all elements named "tags" use ANY.tags.html
by default.

Also add a tag help file when viewing a note
under "Content" -> "Notes" and for "Plans" and
"Tasks" under "Plans".

behatnotneeded

Change-Id: Ib71b04d65507cc3b2c38ac9db87db2727521cb82
(cherry picked from commit 52efd247)

Kristina Hoeppner authored Apr 17, 2016 and Robert Lyon committed Apr 19, 2016

Make it clearer that changes are saved automatically
and shorten 2nd sentence.

behatnotneeded

Change-Id: I875afae34d950e77e43bf3b4ece895d42c23e1ec
(cherry picked from commit 5e0c27ac)

Pat Kira authored Apr 14, 2016 and Robert Lyon committed Apr 15, 2016

behatnotneeded

Change-Id: I15041cdfbaf3f8cd3519794dd1102928201c7551
(cherry picked from commit 8d7dae80)

Both from the block config and the extensions -> plugin config

behatnotneeded

Change-Id: I91413422b0416683898d9742f00936a806ea723e
signed-off-by: Robert Lyon <robertl@catalyst.net.nz>
(cherry picked from commit ba5fb5b6)

behatnotneeded

Change-Id: Id81a439cf2166ed04663099331540e579feec13c
Signed-off-by: Robert Lyon <robertl@catalyst.net.nz>
(cherry picked from commit 3b193503)

Liam Sharpe authored Apr 14, 2016 and Robert Lyon committed Apr 15, 2016

behatnotneeded

Change-Id: I10dc5393b078efa3661d710809cdadf9721c0f43
(cherry picked from commit 83202741)

And not record the constraint also

behatnotneeded - existing tests will do

Change-Id: Ia0ec5c9d6c99d2560bb5186b905e98ec47f04407
Signed-off-by: Robert Lyon <robertl@catalyst.net.nz>
(cherry picked from commit c5d61fcb)

Aaron Wells authored Apr 12, 2016 and Robert Lyon committed Apr 13, 2016

This setting kills your Mahara session whenever you navigate
to Mahara from a link or redirect on another page. This totally
prevents SAML and other redirect-based auth methods from working,
makes it annoying to use links in email, and while it is mentioned
on the PHP manual's "Securing Sessions" page, it's only
recommended there if you also have "session.use_trans_id" enabled,
which we do not.

Change-Id: I8b3b14bae8043c5004cc8f36766f2db9422eac1c
behatnotneeded: Can't be tested by behat
(cherry picked from commit 91807920)

Pat Kira authored Apr 04, 2016 and Robert Lyon committed Apr 11, 2016

behatnotneeded

Change-Id: I2525b475e8857f8e5f56d3e84759fcf56093f5c5
(cherry picked from commit ec28b054)

Pat Kira authored Apr 04, 2016 and Robert Lyon committed Apr 11, 2016

behatnotneeded

Change-Id: Id08d4da5523f57b296d6135e521526e3c7c6faf0
(cherry picked from commit e4760942)

Pat Kira authored Apr 05, 2016 and Robert Lyon committed Apr 11, 2016

Allowing the select button to appear on group/institution places

behatnotneeded

Change-Id: Ie58ff61b915753c2de5e9f60cf8d17b345b0b6e4
(cherry picked from commit 6d204758)

Aaron Wells authored Apr 05, 2016 and Robert Lyon committed Apr 07, 2016

Bug 1566127

Change-Id: I8e249a93fbff7c3bf914099e53f1f29068a36a15
behatnotneeded: Covered by existing tests
(cherry picked from commit d5aef398)

Change-Id: I2bea376b7d403171a306c31fdc69e26a4aa1644b

behatnotneeded

Change-Id: Ic0e1a800a36134036ddd85e439e7270087775131
Signed-off-by: Robert Lyon <robertl@catalyst.net.nz>

Signed-off-by: Robert Lyon <robertl@catalyst.net.nz>

Signed-off-by: Robert Lyon <robertl@catalyst.net.nz>

This is a slimmer / stripped down system for doing jquery ratings.

Instead of relying on styling radio buttons it relies on bootstrap
glyphs and a hidden input field.

The code is also controlled by a pieform element

See lib/form/elements/ratings.php for more info about that part

It also has some new settings in the Extensions -> artefact -> comment
config form. They include settign the colour for the star icon, or
using a different icon, eg hearts/thumbs up, and the number of ratings
to show (3 - 12)

behatnotneeded

Change-Id: Ibf529efcb9a665c9f303242ed12d0c7b3dee2356
Signed-off-by: Robert Lyon <robertl@catalyst.net.nz>
(cherry picked from commit d1bf622a)

Change-Id: I924c883da4dc431452e706973c9710172d22a5dc
Signed-off-by: Robert Lyon <robertl@catalyst.net.nz>