1. 23 May, 2017 1 commit
    • Robert Lyon's avatar
      Bug 1692749: Security: Stop event log having plain text passwords · 433ab8e6
      Robert Lyon authored
      This patch only deals with:
      1) removing passwords from existing event_log table data
      2) stopping the recording of passwords into the event_log table
      3) sets the reset password on next login for those users
      
      It doesn't deal with removing the unnecessary cruft information
      that will be handled by the bug 1692385
      
      behatnotneeded
      
      Change-Id: Id29148f78fa6918f5f5afcb89d211ccb3b60c95b
      Signed-off-by: Robert Lyon's avatarRobert Lyon <robertl@catalyst.net.nz>
      433ab8e6
  2. 11 May, 2017 1 commit
  3. 16 Mar, 2017 1 commit
  4. 15 Mar, 2017 1 commit
  5. 13 Mar, 2017 1 commit
  6. 10 Mar, 2017 1 commit
  7. 26 Feb, 2017 1 commit
  8. 24 Feb, 2017 1 commit
  9. 15 Feb, 2017 1 commit
  10. 14 Feb, 2017 1 commit
    • Robert Lyon's avatar
      Bug 1650995: Auth saml idp metadata fix · 8665b925
      Robert Lyon authored
      This patch allows the dataroot/metadata/*.xml file to be named after
      the idp rather than the Mahara institution.
      
      Also added
      - A select dropdown so that institution can pick existing auth to be
      paired to
      - Upgrade to rename the dataroot/metadata/*.xml file
      - Check to stop being able to add blank metadata field
      - An alert for user when updating metadata if other institutions are also being effected
      - Delete the metadata if deleted institution is only one using it
      
      behatnotneeded
      
      Change-Id: Ie3f5cdc523404b1081352ede67aab591e79b6dbb
      Signed-off-by: Robert Lyon's avatarRobert Lyon <robertl@catalyst.net.nz>
      8665b925
  11. 09 Feb, 2017 1 commit
    • Cecilia Vela Gurovic's avatar
      Bug 1655456: fix shared collection not displaying · 359f3540
      Cecilia Vela Gurovic authored
      Collection shared to a group was not displaying
      in group page and shared with me page
      after first page of collection was deleted.
      Fixed by resetting the order when deleting a view.
      
      behatnotneeded
      
      Change-Id: I096114ecf50b7a3af6d1393b387073676a984006
      359f3540
  12. 26 Jan, 2017 1 commit
  13. 25 Jan, 2017 1 commit
  14. 20 Jan, 2017 1 commit
  15. 11 Dec, 2016 1 commit
  16. 09 Dec, 2016 1 commit
  17. 23 Nov, 2016 1 commit
  18. 21 Nov, 2016 1 commit
  19. 10 Nov, 2016 1 commit
  20. 05 Nov, 2016 1 commit
  21. 24 Oct, 2016 2 commits
  22. 20 Oct, 2016 1 commit
  23. 11 Sep, 2016 1 commit
  24. 01 Sep, 2016 1 commit
  25. 23 Aug, 2016 1 commit
  26. 22 Aug, 2016 1 commit
  27. 01 Aug, 2016 1 commit
  28. 25 Jul, 2016 1 commit
    • Ghada El-Zoghbi's avatar
      Bug 1606101: usr.suspendedcusr must be non-zero · ead553ee
      Ghada El-Zoghbi authored
      It turns out a lot of existing code checks the boolean
      value of usr.suspendedcusr to determine if a user should
      be treated as suspended or not. The LDAP sync cron (and,
      indeed, any code suspending users via a cron task) was
      setting usr.suspendedcusr to 0, which is boolean false,
      so these users would be treated as not suspended.
      
      We are going to update all usr.suspendedcusr = 0
      to a valid site admin ID.
      
      Change-Id: Iecfbfd8a4cdd98d5d07149bb40c64308262ea234
      behatnotneeded: Test to come later
      ead553ee
  29. 24 Jul, 2016 1 commit
  30. 22 Jul, 2016 1 commit
  31. 14 Jul, 2016 1 commit
    • Robert Lyon's avatar
      Bug 1438894: Moving the profile introduction text to description column · e305c12a
      Robert Lyon authored
      Currently all the artefacts that save html/tinymce data do so in the
      description field - except the internal profile introduction field.
      
      Seen as we are already doing special handling of this plugin we might
      as well save the html/tinymce data into the 'description' column of
      the db for consistency sake.
      
      behatnotneeded - existing tests should suffice
      
      Change-Id: I68da79f1c9423e19218162d8315008134251c31f
      Signed-off-by: Robert Lyon's avatarRobert Lyon <robertl@catalyst.net.nz>
      e305c12a
  32. 08 Jul, 2016 1 commit
  33. 07 Jul, 2016 1 commit
  34. 05 Jul, 2016 1 commit
  35. 01 Jul, 2016 1 commit
  36. 24 Jun, 2016 1 commit
  37. 20 Jun, 2016 1 commit
  38. 08 Jun, 2016 1 commit
    • Aaron Wells's avatar
      Bug 1590293: Correcting inconsistencies in session expiration · 4bed19a1
      Aaron Wells authored
      1. Add some documentation to session.php explaining what
      the session.gc_maxlifetime ini setting does.
      
      2. If we can't access $CFG->session_timeout, use a timeout of
      an hour instead of the PHP default of 24 minutes.
      
      3. Limit $CFG->session_timeout to 30 days, because we're already
      enforcing that limit in session.php
      
      4. Add "usr_session.mtime" column so that we can delete old sessions
      based on inactivity instead of creation date.
      
      5. Make the cron delete old session files as soon as they've expired,
      rather than padding that an additional two days.
      
      Change-Id: I9da2b26217774566b1131e997724359715edb2fe
      behatnotneeded: Covered by existing tests
      4bed19a1
  39. 17 May, 2016 1 commit