1. 23 Mar, 2016 4 commits
  2. 22 Mar, 2016 1 commit
  3. 21 Mar, 2016 1 commit
    • Aaron Wells's avatar
      Adding some HTTP headers for security (Bug 1531987) · ef64adaa
      Aaron Wells authored
      X-XSS-Protection: Tells the browser not to disable XSS protection
      
      X-Content-Type-Options: Tells the browser not to try to guess at
      mimetypes of downloads
      
      X-Permitted-Cross-Domain-Policies: Tells Flash & PDF not to trust
      alternate crossdomain.xml files (which set the permissions on whether
      this site allows itself to be accessed by scripts in Flash & PDF).
      Prevents an attacker from uploading a more permissive crossdomain.xml
      
      X-Powered-By: PHP by default sends this header with the current full
      PHP version.
      
      behatnotneeded: Selenium can't examine HTTP response headers
      
      Change-Id: Ia2a6de971fc62b7d8806ad010aa0fbe37c1a7357
      (cherry picked from commit 29656f03)
      ef64adaa
  4. 18 Mar, 2016 1 commit
    • Aaron Wells's avatar
      Use $CFG->cacheversion for HTMLPurifier cache version · 1c654e04
      Aaron Wells authored
      Bug 1558387
      
      With this, we don't have to remember to bump HTML.DefinitionRev in
      html_clean(), or clear the htmlpurifier directory in dataroot.
      
      behatnotneeded: API change only
      
      Change-Id: I15cd291fd8e5d7d5c357f1595a89f34f44236e7d
      1c654e04
  5. 16 Mar, 2016 1 commit
  6. 14 Mar, 2016 1 commit
    • Robert Lyon's avatar
      Fix bug in xmlrpc + $cfg->usersuniquebyusername · d22c3042
      Robert Lyon authored
      Bug 1556692: When used together, these can cause problems when
      the ID field from Moodle gets truncated to the default
      get_new_username() length of "30", when being inserted into
      usr.username in Mahara.
      
      behatnotneeded: Can't test Mnet in Behat
      
      Change-Id: Icdeb78b5298e7d63a0610987b0d8fad34e58d036
      d22c3042
  7. 08 Mar, 2016 1 commit
  8. 03 Mar, 2016 1 commit
  9. 10 Feb, 2016 1 commit
  10. 18 Dec, 2015 1 commit
  11. 11 Dec, 2015 2 commits
  12. 10 Dec, 2015 6 commits
  13. 30 Nov, 2015 1 commit
    • Aaron Wells's avatar
      Make get_record warn instead of dying, by default · 59b55846
      Aaron Wells authored
      Bug 1515929: Usually when we use get_record(), we're
      querying against a record that has a uniqueness constraint
      guaranteeing that it is unique, in which case the PHP
      code that dies on non-uniqueness is redundant.
      
      In the remaining cases, we're dealing with records
      that for some reason can't have a uniqueness constraint,
      and the dying just causes the site to entirely stop
      working, when it would be more useful to have it continue
      to work but throw a warning message to the logs.
      
      behatnotneeded: Covered by existing test cases
      
      Change-Id: I264f72e3a8904293d78909410f68b29f2c78db3c
      59b55846
  14. 26 Nov, 2015 3 commits
  15. 25 Nov, 2015 3 commits
  16. 23 Nov, 2015 1 commit
    • Robert Lyon's avatar
      Bug 1517228: perf_to_log function amd misisng data · 296fe519
      Robert Lyon authored
      Because some systems may not have all the available data we should
      check if the data exists before trying to display it.
      
      To test:
      Before patch change the line in lib/mahara.php
       if (function_exists('posix_times')) {
      to
       if (!function_exists('posix_times')) {
      
      and make sure the 'perf_to_log' config option is set to true
      
      This will cause the errors we are trying to deal with to show up
      
      behatnotneeded
      
      Change-Id: If9610fa0eaf4c8bb036b21c1c75e10d828de7934
      Signed-off-by: Robert Lyon's avatarRobert Lyon <robertl@catalyst.net.nz>
      (cherry picked from commit e9584a54)
      296fe519
  17. 22 Nov, 2015 1 commit
  18. 20 Nov, 2015 1 commit
  19. 12 Nov, 2015 1 commit
  20. 27 Oct, 2015 3 commits
  21. 26 Oct, 2015 3 commits
  22. 21 Oct, 2015 1 commit
  23. 15 Oct, 2015 1 commit