1. 14 Oct, 2013 1 commit
  2. 11 Oct, 2013 1 commit
  3. 30 Sep, 2013 1 commit
  4. 25 Sep, 2013 2 commits
  5. 24 Sep, 2013 1 commit
  6. 19 Sep, 2013 2 commits
  7. 22 Aug, 2013 1 commit
  8. 21 Aug, 2013 1 commit
  9. 20 Aug, 2013 1 commit
  10. 19 Jul, 2013 1 commit
  11. 12 Jul, 2013 1 commit
    • Robert Lyon's avatar
      Drop-down navigation overridden at institutional level (Bug #1194672) · cd08104c
      Robert Lyon authored
      
      
      Create the ability for Institutions to override the site default for
      displaying drop-down navigation instead of tabs for main menu.
      
      Can now: Set drop-down navigation option on Administer institutions
      screen /admin/users/institutions.php
      
      Users who are in more than one institution will have drop-down setting
      of the institution whose theme they are using as their theme.
      
      If $cfg->sitethemeprefs = true, where a user can pick any theme then
      for those themes associated with an institution they will use the
      institution's setting otherwise they will use the site's setting for
      drop-down navigation.
      
      Can not do: Have user make their own choice for whether they see drop
      down or not for any particular theme
      
      Change-Id: I580953c62b35cbc8169d47781c8bf88cc94d9fe8
      Signed-off-by: Robert Lyon's avatarRobert Lyon <robertl@catalyst.net.nz>
      cd08104c
  12. 27 Jun, 2013 1 commit
  13. 18 Apr, 2013 1 commit
  14. 15 Feb, 2013 1 commit
  15. 05 Feb, 2013 1 commit
    • Jiri Baum's avatar
      License metadata - schema change. (Bug #1095499) · a827e1c9
      Jiri Baum authored
      
      
      This feature adds standard license metadata fields on every artefact and every
      artefact edit page. This allows users to specify the license for the content
      they create or upload. For content originating elsewhere, the users can also
      enter the name of the licensor and original URL.
      
      Previously, adding license metadata to an artefact or page was achievable in an
      ad hoc fashion using a block on a page, but had many limitations.
      
      See also bug #1095499.
      
      This commit changes the database schema and the artefact abstract data type.
      
      Change-Id: Icf9143864a252b43fa91294825b24e5a65c0b4d5
      Signed-off-by: default avatarJiri Baum <jiri@catalyst-au.net>
      a827e1c9
  16. 21 Jan, 2013 2 commits
    • Jiri Baum's avatar
      Masquerading auditability - log events. (Bug #1027574) · 7a6d1f34
      Jiri Baum authored
      
      
      Log events, including both user IDs when masquerading is in progress. The log
      can be configured to log all events or only those while masquerading is in
      progress or none. The log is expired after a configurable delay.
      
      Note that this logs all events (or all masquerading events) even though this
      feature only includes one report of one type of event.
      
      Change-Id: I7a59d98b84b0527a55363b4d01448b9b1809aa9e
      Signed-off-by: default avatarJiri Baum <jiri@catalyst-au.net>
      7a6d1f34
    • Jiri Baum's avatar
      Masquerading auditability - ask for reason, notify, emit event. (Bug #900983) · 40517fde
      Jiri Baum authored
      
      
      Masquerading (aka Loginas) is a useful and sometimes indispensable function.
      However, previously it was rather too powerful, because admins can do anything
      as the target user, with no indication that it is not the user themselves doing
      so.
      
      This feature adds some auditability to masquerading, by logging and reporting
      who, when, why and (partially) what, as well as notifying the affected user.
      
      See also bugs: #900983 and #1027574
      
      This commit changes the masquerading feature itself to request a reason from
      the admin masquerading, notify the user, and emit an event (for logging by the
      next commit).
      
      Change-Id: I066e9fdeb4d2e00679b2aa9b0b839cb4b78629a8
      Signed-off-by: default avatarJiri Baum <jiri@catalyst-au.net>
      40517fde
  17. 17 Jan, 2013 1 commit
  18. 10 Oct, 2012 1 commit
    • Hugh Davenport's avatar
      Fix saved file permissions · e85c165f
      Hugh Davenport authored
      
      
      Bug #1057238
      CVE-2012-2244
      
      Currently, files that are saved by Mahara use the
      directorypermissions config option, which defaults to
      0700, which allows execution.
      
      This allows users to potentially upload files with
      executable bits set, and if they have control of the
      config options pathtoclam, pathtozip, or pathtounzip
      then they could run this command when one of those
      commands are invocated.
      
      This patch bitwise-AND's the directory permissions
      config with 0666, which removes any executable bit
      and sets the result as a new config option
      filepermissions.
      
      A change the upload code to use this new option is made
      
      Change-Id: I088d9873de7797d5a9aefc2401301f8b855ed592
      Signed-off-by: default avatarHugh Davenport <hugh@catalyst.net.nz>
      e85c165f
  19. 06 Aug, 2012 2 commits
    • Darrin Hodges and Nathan Mares and Jiri Baum's avatar
      Date limits for groups (bug #1017354) - add fields · 8ccabebd
      
      
      Add date limits (from-until) to groups; members will only be able to make
      changes in the group during the specified time period.
      
      This commit adds the date limit fields to the database schema.
      
      Change-Id: I9feb44b247a8614020540102a30e595308f96f00
      Signed-off-by: default avatarJiri Baum <jiri@catalyst-au.net>
      8ccabebd
    • Hugh Davenport's avatar
      Add cron job to poll an imap mailbox for bounces · ed5e91ab
      Hugh Davenport authored
      Bug #993018
      
      Checks an imap mailbox, assumes that you have set up a
      seperate mailbox for recieving the mailbounces.
      
      To enable this change, the php imap extension must be loaded
      
      This uses 9b9b2a5c
      
       for the
      mail bounce checking. It also adds a few extra config.php
      settings that need to be set for this cronjob to work.
      
      The config settings that need to be set are:
      $cfg->bounces_handle = true
      $cfg->bouncedomain
      $cfg->imapserver
      
      There are also some other options shown in lib/config-defaults.php
      for power users.
      
      By default, email will only be disabled when more than 4 bounces
      have been received, and the ratio between bounces and emails sent
      to the user is above 0.2
      
      Change-Id: I0bbc4cae26fd5284e4cbdc25b01ea4b566dd045a
      Signed-off-by: default avatarHugh Davenport <hugh@catalyst.net.nz>
      ed5e91ab
  20. 03 Aug, 2012 1 commit
  21. 02 Aug, 2012 1 commit
  22. 01 Aug, 2012 1 commit
  23. 04 Jul, 2012 1 commit
  24. 02 Jul, 2012 1 commit
  25. 29 Jun, 2012 3 commits
  26. 20 Jun, 2012 1 commit
  27. 01 Jun, 2012 1 commit
  28. 15 May, 2012 1 commit
    • Hugh Davenport's avatar
      Add ability to register with a BrowserID (bug #986004) · a5a97f21
      Hugh Davenport authored
      
      
      When a user clicks on "BrowserID Login", one of three things will happen
      1- If they have an account, they will login
      2- If they don't but there is one authinstance with browserid is present
          AND it has weautocreateusers enabled, then they will get an account
          in that institution, and login
      3- If none of the above is true, they will get redirected to a register
          page, which follows same self registration pattern as the internal
          authentication with the "confirm email" step removed.
      
      Change-Id: Idde3166e0664bf2acdc1da32271125e91d43af9c
      Signed-off-by: default avatarHugh Davenport <hugh@catalyst.net.nz>
      a5a97f21
  29. 07 May, 2012 1 commit
  30. 26 Apr, 2012 1 commit
    • Richard Mansfield's avatar
      Change version of safe iframe sources upgrade (bug #971282) · ab160d78
      Richard Mansfield authored
      
      
      We have just committed to master a database upgrade with a version
      number less than the current version number of the 1.5 branch.  This
      means that an upgrade from the current 1.5 to master will not add the
      safeiframe tables.
      
      This patch changes the version number on master to ensure the upgrade
      is applied.
      
      This occurred because the 1.5_STABLE branch's version leapfrogged over
      the master version during the release candidate stage.  This will be
      fixed in the release script (see bug #988682).
      
      Change-Id: Ic2929fa9f17719a6068494ab63e7f00558c2fdcc
      Signed-off-by: default avatarRichard Mansfield <richard.mansfield@catalyst.net.nz>
      ab160d78
  31. 24 Apr, 2012 1 commit
  32. 12 Apr, 2012 1 commit
    • Richard Mansfield's avatar
      Move the list of safe iframe sources to the database (bug #971282) · 4b8c5170
      Richard Mansfield authored
      
      
      Builds the htmlpurifier safe iframe regexp from a list of sites stored
      in the database, instead of a hardcoded array.
      
      Each site in the safe iframe list is associated with a name.  This
      will allow several regexp items to be grouped together under the same
      name when they're matching urls from the same site.
      
      Additionally, the domain part of each site is stored in a second list
      along with the names, so that it will be easy to fetch the favicon for
      display in places such as the external media block configuration form.
      
      Change-Id: I7fd2bfefbff0881e70b94beb9e8d3efb43f0f9e7
      Signed-off-by: default avatarRichard Mansfield <richard.mansfield@catalyst.net.nz>
      4b8c5170
  33. 21 Feb, 2012 1 commit
  34. 20 Feb, 2012 1 commit