1. 03 Mar, 2019 1 commit
  2. 26 Sep, 2018 1 commit
  3. 15 Feb, 2018 1 commit
  4. 08 Dec, 2017 1 commit
  5. 04 Dec, 2017 1 commit
  6. 02 Nov, 2017 1 commit
  7. 24 Sep, 2017 1 commit
  8. 03 Jul, 2016 1 commit
    • Robert Lyon's avatar
      Bug 1594579: Copy view artefacts only once · baac44f1
      Robert Lyon authored
      Rather than copy the same artefact once per page we should only copy
      it once per copy of page(s) transaction. Eg if we are to copy a
      collection of 5 pages and they all have a block pointing to the same
      image we should copy that image only once not 5 times.
      behatnotneeded - behat file to come
      Change-Id: Iecdde53515cdd9d5ee02918252b486aa0f662fab
      Signed-off-by: Robert Lyon's avatarRobert Lyon <robertl@catalyst.net.nz>
  9. 21 Jun, 2016 1 commit
  10. 08 Jun, 2016 1 commit
    • Aaron Wells's avatar
      Bug 1590293: Correcting inconsistencies in session expiration · 4bed19a1
      Aaron Wells authored
      1. Add some documentation to session.php explaining what
      the session.gc_maxlifetime ini setting does.
      2. If we can't access $CFG->session_timeout, use a timeout of
      an hour instead of the PHP default of 24 minutes.
      3. Limit $CFG->session_timeout to 30 days, because we're already
      enforcing that limit in session.php
      4. Add "usr_session.mtime" column so that we can delete old sessions
      based on inactivity instead of creation date.
      5. Make the cron delete old session files as soon as they've expired,
      rather than padding that an additional two days.
      Change-Id: I9da2b26217774566b1131e997724359715edb2fe
      behatnotneeded: Covered by existing tests
  11. 18 Apr, 2016 3 commits
    • Aaron Wells's avatar
      Correcting typoes in cookie-issuing code · abd93f7c
      Aaron Wells authored
      Bug 1570744: Accidentally used set_cookie() instead of
      setcookie(). This makes the cookie break if you use
      the $cfg->cookieprefix setting.
      behatnotneeded: Covered by existing tests
      Change-Id: Idec3676222e3ff4eb22f7925de6bec10cfa35755
    • Aaron Wells's avatar
      Bug 1567784: session_regenerate_id() not working · a923f51b
      Aaron Wells authored
      We have existing code that tries to regenerate your
      session ID when you log in. But it stopped working
      in PHP 15.04 because the session has usually been
      closed when it gets called.
      Change-Id: I5f99cdf355892040866bb0113fd934e3d37bf33c
      behatnotneeded: Can't be tested by behat
    • Aaron Wells's avatar
      Bug 1570744: Fixing session bugs · 83ec33f2
      Aaron Wells authored
      This patch does 2 things:
      1. It loads the session much earlier during init.php. We wind
      up creating one on *every* script load anyway, due to LiveUser's
      constructor. Sometimes it gets created earlier if other code
      tries to use it before then, which adds some unpredictability
      to things. Moving it up to the top of init.php reduces that
      2. It turns out that in PHP 5.3, using header_remove('Set-Cookie')
      to only doesn't remove session headers. But header_remove()
      (with no params) to remove *all* cookies does remove them. So
      I'm changing remove_duplicate_cookies() to use that instead.
      3. Also in PHP 5.3, session headers are visible in headers_list().
      In situations where your session id changes (due to session_destroy()
      and session_regenerate_id()), our use of array_unique() meant we
      would preserve the old and new session IDs and send both back
      to the browser. This patch makes remove_duplicate_cookies() aware
      of the current session ID, and it only preserves that one.
      Change-Id: I7a90b8692a5f97429415aa9a17451a44cd2109dd
      behatnotneeded: Covered by existing tests
  12. 12 Apr, 2016 1 commit
    • Aaron Wells's avatar
      Remove session.referer_check (Bug 1566366) · 91807920
      Aaron Wells authored
      This setting kills your Mahara session whenever you navigate
      to Mahara from a link or redirect on another page. This totally
      prevents SAML and other redirect-based auth methods from working,
      makes it annoying to use links in email, and while it is mentioned
      on the PHP manual's "Securing Sessions" page, it's only
      recommended there if you also have "session.use_trans_id" enabled,
      which we do not.
      Change-Id: I8b3b14bae8043c5004cc8f36766f2db9422eac1c
      behatnotneeded: Can't be tested by behat
  13. 30 Mar, 2016 1 commit
  14. 15 Jun, 2015 1 commit
    • Pat Kira's avatar
      Form styling (bootstrap) · 737386ee
      Pat Kira authored
      Bug 1465107: Use Bootstrap CSS Framework
      Change-Id: Ic24bdd78f9207c4f09adce6b20ca55583c1403b8
  15. 23 Apr, 2015 1 commit
  16. 06 Mar, 2015 1 commit
  17. 05 Mar, 2015 1 commit
  18. 03 Mar, 2015 1 commit
    • Nigel Cunningham's avatar
      (Bug1352028) Add a JSON progress bar for bulk operations. · 55a8deb8
      Nigel Cunningham authored
      This patch adds a JSON progress meter (I'll call it that to avoid confusion
      with progress bars) to the bulk uploading of users, groups and group
      memberships and the bulk export and import of users (LEAP), so the user can see
      the progress of the operation and not just the submit button changed to
      'Processing..' and whatever indication their browser gives while waiting for
      The bulk export and import are minor rewrites, replacing the old iframe based
      progress bar and the associated multiple pages and additional template file in
      the case of the bulk export, and the recursive redirect-to-self of the bulk
      To accomplish the display of the progress bar during the operation, we make the
      PHP session be closed (read only) except when changes need to be made. This is
      for the most part a straightforward change in session.php as it's the only
      direct accessor. In other places, we replace direct accessing of the session
      variable ($_SESSION) with use of the session class ($SESSION) so that it can
      reopen the session, make the change and close the session again.
      There is one more aspect to all of this: with previous behaviour, multiple
      requests for the same session would queue, taking the session lock in turn.
      After this patch is applied, they can proceed in parallel, allowing greater
      throughput. There is no additional locking requirement because the issues are
      the same as those already dealt with in allowing multiple PHP threads to
      process requests from different sessions at the same time.
      I have sought to make the progress meter nice and generic, so it can be used in
      the other bulk imports and exports too.
      Paradoxically, these changes don't just make the import seem to be faster, it
      actually is.. at least in the case of users and groups.
      Times for importing 1000 users, groups and memberships, averaged over 3 runs
      each (Wall time, not CPU time - but the relationship is the same).
                      Without Progress     With Progress
      Users                166s               155s
      Groups                85s                78s
      Memberships           20s                19s
      Change-Id: Iec15c57db32c77994edb80c71d65591de51a95e4
      Signed-off-by: default avatarNigel Cunningham <nigelc@catalyst-au.net>
  19. 09 Feb, 2014 1 commit
  20. 12 Nov, 2013 1 commit
  21. 07 Nov, 2013 2 commits
  22. 05 Nov, 2013 1 commit
    • Robert Lyon's avatar
      Allowing for SESSION messages to have render position (bug #1248318) · c1be6b9d
      Robert Lyon authored
      - the add_ok_msg, add_error_msg, and add_info_msg functions now take a
      'placement' parameter. When set it will only display the message at that
      location. Defaults to 'messages', the current place they are displayed.
      $SESSION->add_ok_msg('hello world!', false, 'loginbox');
      - to get the message to display at new location one needs to add to
      the relevant template
       {dynamic}{insert_messages placement=[placement]}{/dynamic}
      where [placement] = the placement parameter you are after
       {dynamic}{insert_messages placement='loginbox'}{/dynamic}
      Change-Id: I202d7e3e8d86ca1c74c4488f30e6c25686ac32e0
      Signed-off-by: Robert Lyon's avatarRobert Lyon <robertl@catalyst.net.nz>
  23. 14 Oct, 2013 1 commit
  24. 28 Aug, 2013 1 commit
  25. 12 Aug, 2013 1 commit
  26. 18 Jun, 2012 1 commit
  27. 30 Nov, 2011 1 commit
    • Richard Mansfield's avatar
      Revert "Remove temporary session folder code (bug #817940)" · b5277b71
      Richard Mansfield authored
      This reverts commit 8e8132fb.
      That commit was not ready to be merged.  As it says in the commit
      message, "if the session directory goes away somehow between updates,
      there is currently _no_ way to restore it without one of these two
      options. This may need to be considered before merging in this
      We can revert this revert when we have a good alternative for creating
      the session directories.
      Change-Id: I5141832da3225e202feef19dccabfea9ff35beeb
  28. 11 Nov, 2011 1 commit
  29. 26 Aug, 2011 1 commit
    • Melissa Draper's avatar
      Remove temporary session folder code (bug #817940) · 8e8132fb
      Melissa Draper authored
      This patch removes the 'temporary' code that was checking for the
      existance of the session directories at each session creation. This
      check is performed at install and at update, however if the session
      directory goes away somehow between updates, there is currently
      _no_ way to restore it without one of these two options. This may
      need to be considered before merging in this change.
      Change-Id: Ia6020c0b73ce9e172e718c9638a312b1f0162295
      Signed-off-by: default avatarMelissa Draper <melissa@catalyst.net.nz>
  30. 13 May, 2011 1 commit
  31. 06 May, 2011 2 commits
  32. 22 Dec, 2010 1 commit
  33. 08 Jun, 2010 1 commit
  34. 04 Jun, 2010 1 commit
  35. 15 Sep, 2009 1 commit
  36. 10 Jul, 2009 1 commit