1. 23 May, 2017 1 commit
    • Robert Lyon's avatar
      Bug 1692749: Security: Stop event log having plain text passwords · 433ab8e6
      Robert Lyon authored
      This patch only deals with:
      1) removing passwords from existing event_log table data
      2) stopping the recording of passwords into the event_log table
      3) sets the reset password on next login for those users
      
      It doesn't deal with removing the unnecessary cruft information
      that will be handled by the bug 1692385
      
      behatnotneeded
      
      Change-Id: Id29148f78fa6918f5f5afcb89d211ccb3b60c95b
      Signed-off-by: Robert Lyon's avatarRobert Lyon <robertl@catalyst.net.nz>
      433ab8e6
  2. 11 May, 2017 1 commit
  3. 31 Mar, 2017 1 commit
  4. 16 Mar, 2017 1 commit
  5. 15 Mar, 2017 1 commit
  6. 10 Mar, 2017 1 commit
  7. 24 Feb, 2017 1 commit
  8. 15 Feb, 2017 1 commit
  9. 14 Feb, 2017 1 commit
    • Robert Lyon's avatar
      Bug 1650995: Auth saml idp metadata fix · 8665b925
      Robert Lyon authored
      This patch allows the dataroot/metadata/*.xml file to be named after
      the idp rather than the Mahara institution.
      
      Also added
      - A select dropdown so that institution can pick existing auth to be
      paired to
      - Upgrade to rename the dataroot/metadata/*.xml file
      - Check to stop being able to add blank metadata field
      - An alert for user when updating metadata if other institutions are also being effected
      - Delete the metadata if deleted institution is only one using it
      
      behatnotneeded
      
      Change-Id: Ie3f5cdc523404b1081352ede67aab591e79b6dbb
      Signed-off-by: Robert Lyon's avatarRobert Lyon <robertl@catalyst.net.nz>
      8665b925
  10. 09 Feb, 2017 1 commit
    • Cecilia Vela Gurovic's avatar
      Bug 1655456: fix shared collection not displaying · 359f3540
      Cecilia Vela Gurovic authored
      Collection shared to a group was not displaying
      in group page and shared with me page
      after first page of collection was deleted.
      Fixed by resetting the order when deleting a view.
      
      behatnotneeded
      
      Change-Id: I096114ecf50b7a3af6d1393b387073676a984006
      359f3540
  11. 26 Jan, 2017 1 commit
  12. 25 Jan, 2017 1 commit
  13. 20 Jan, 2017 1 commit
  14. 11 Dec, 2016 1 commit
  15. 09 Dec, 2016 1 commit
  16. 23 Nov, 2016 1 commit
  17. 10 Nov, 2016 1 commit
  18. 05 Nov, 2016 1 commit
  19. 20 Oct, 2016 1 commit
  20. 11 Sep, 2016 1 commit
  21. 02 Sep, 2016 1 commit
  22. 01 Sep, 2016 1 commit
  23. 30 Aug, 2016 1 commit
    • Aaron Wells's avatar
      Bug 1600099: Cleanup of the webservice admin page · ce1a97ac
      Aaron Wells authored
      This patch does a few things:
      
      1. Renames "webservice_enabled" config to "webservice_provider_enabled",
      to indicate that this config only controls Mahara's actions as
      a webservice provider, *not* a webservice client.
      
      2. Renames all the "webservice_<protocol>_enabled" configs to
      "webservice_provider_<protocol>_enabled" to indicate that they only
      control whether Mahara will provide webservices via that protocol,
      and not whether Mahara will use that protocol as a client.
      
      3. Renames "webservice_connections_enabled" config to
      "webservice_requester_enabled", to clarify that this config
      controls whether Mahara is allowed to request webservices
      from external sources.
      
      4. Updates language strings to make these changes clearer.
      
      5. Rearranges and renames the form methods in
      webservice/admin/index.php to make the flow of control more
      obvious. Now the main form method is first, followed in order
      by the methods that generate its subforms and each of their
      submit handlers.
      
      behatnotneeded: Covered by existing tests
      
      Change-Id: I58dadb352d1f1542ca67a104ebfd702b4ca90fc9
      ce1a97ac
  24. 23 Aug, 2016 1 commit
  25. 25 Jul, 2016 1 commit
    • Ghada El-Zoghbi's avatar
      Bug 1606101: usr.suspendedcusr must be non-zero · ead553ee
      Ghada El-Zoghbi authored
      It turns out a lot of existing code checks the boolean
      value of usr.suspendedcusr to determine if a user should
      be treated as suspended or not. The LDAP sync cron (and,
      indeed, any code suspending users via a cron task) was
      setting usr.suspendedcusr to 0, which is boolean false,
      so these users would be treated as not suspended.
      
      We are going to update all usr.suspendedcusr = 0
      to a valid site admin ID.
      
      Change-Id: Iecfbfd8a4cdd98d5d07149bb40c64308262ea234
      behatnotneeded: Test to come later
      ead553ee
  26. 24 Jul, 2016 1 commit
  27. 22 Jul, 2016 1 commit
  28. 14 Jul, 2016 1 commit
    • Robert Lyon's avatar
      Bug 1438894: Moving the profile introduction text to description column · e305c12a
      Robert Lyon authored
      Currently all the artefacts that save html/tinymce data do so in the
      description field - except the internal profile introduction field.
      
      Seen as we are already doing special handling of this plugin we might
      as well save the html/tinymce data into the 'description' column of
      the db for consistency sake.
      
      behatnotneeded - existing tests should suffice
      
      Change-Id: I68da79f1c9423e19218162d8315008134251c31f
      Signed-off-by: Robert Lyon's avatarRobert Lyon <robertl@catalyst.net.nz>
      e305c12a
  29. 08 Jul, 2016 1 commit
  30. 07 Jul, 2016 1 commit
  31. 05 Jul, 2016 1 commit
  32. 01 Jul, 2016 1 commit
  33. 24 Jun, 2016 1 commit
  34. 20 Jun, 2016 1 commit
  35. 10 Jun, 2016 1 commit
  36. 08 Jun, 2016 1 commit
    • Aaron Wells's avatar
      Bug 1590293: Correcting inconsistencies in session expiration · 4bed19a1
      Aaron Wells authored
      1. Add some documentation to session.php explaining what
      the session.gc_maxlifetime ini setting does.
      
      2. If we can't access $CFG->session_timeout, use a timeout of
      an hour instead of the PHP default of 24 minutes.
      
      3. Limit $CFG->session_timeout to 30 days, because we're already
      enforcing that limit in session.php
      
      4. Add "usr_session.mtime" column so that we can delete old sessions
      based on inactivity instead of creation date.
      
      5. Make the cron delete old session files as soon as they've expired,
      rather than padding that an additional two days.
      
      Change-Id: I9da2b26217774566b1131e997724359715edb2fe
      behatnotneeded: Covered by existing tests
      4bed19a1
  37. 17 May, 2016 1 commit
  38. 27 Apr, 2016 1 commit
  39. 01 Apr, 2016 1 commit
  40. 31 Mar, 2016 1 commit
    • Son Nguyen's avatar
      Enhance the openbadgedisplayer plugin. Bug 1536393 · 42c171f9
      Son Nguyen authored
      Allow loading openbadgedisplayer block via ajax.
      Dynamically load badge groups from sources.
      Cache badge details in database for one day if $fromcache is true.
      
      behatnotneeded
      
      Change-Id: I36c8054fd6daf7ca1fcf1fe3a22672c9eb009c6e
      42c171f9