- 17 Nov, 2011 1 commit
-
-
Hugh Davenport authored
This will delete the current mnet key and regenerate a new one Bug #890583 Change-Id: Ic07fc3f2e772fc26c959cd00a74bd88da9277a92 Signed-off-by:
Hugh Davenport <hugh@catalyst.net.nz>
-
- 15 Nov, 2011 4 commits
-
-
Hugh Davenport authored
-
Hugh Davenport authored
Bug #890528 Change-Id: Ie2197d6d77e3125247f40a16809b1f6e1dc61d6d Signed-off-by:
Hugh Davenport <hugh@catalyst.net.nz>
-
Hugh Davenport authored
-
Francois Marier authored
This is based on an OWASP recommendation and corresponds to 128 bits of entropy. https://www.owasp.org/index.php/Session_Management_Cheat_Sheet#Session_ID_Properties Change-Id: Ie47779d586c39bc339728e4772467407fac90ee4 Signed-off-by:
Francois Marier <francois@catalyst.net.nz>
-
- 14 Nov, 2011 3 commits
-
-
Richard Mansfield authored
* changes: Replace "parent folder" text in file browser with an up arrow (bug #889975) Up arrow icon for parent folder in the files area (bug #889975) Allow files to be dropped on folder names in the navigation (bug #889975) Move folder navigation below the create folder form (bug #889975)
-
Francois Marier authored
* changes: Sanitize personal details coming from LDAP server (bug #888840) Refactor firstname, lastname, email validation into functions Remove lies in comment
-
Richard Mansfield authored
Change-Id: I4738d80982c7c0679e165c8ae930c7783ea218a3 Signed-off-by:
Richard Mansfield <richard.mansfield@catalyst.net.nz>
-
- 13 Nov, 2011 4 commits
-
-
Richard Mansfield authored
Change-Id: Ica2d2736db0a0ed4f5ed635ecc1a45ecb84984e9 Signed-off-by:
Richard Mansfield <richard.mansfield@catalyst.net.nz>
-
Evonne Cheung authored
Change-Id: Ib92e18fe0d7de9e588c835a0fb7d1d690287174c Signed-off-by:
Richard Mansfield <richard.mansfield@catalyst.net.nz>
-
Richard Mansfield authored
This allows files and folders to be moved up more than one level in a single action. Change-Id: Ib0d20cf5030a127dc113e35d7690be911ddbe0ae Signed-off-by:
Richard Mansfield <richard.mansfield@catalyst.net.nz>
-
Richard Mansfield authored
Improves usability by making the navigation appear more as a heading above the list of files contained in it. Change-Id: Ibe40c6f3d65c98b4245598f0e128ec5fff2c1258 Signed-off-by:
Richard Mansfield <richard.mansfield@catalyst.net.nz>
-
- 11 Nov, 2011 4 commits
-
-
Hugh Davenport authored
-
Francois Marier authored
This prevents cookies from being stolen by tricking browsers into sending them unencrypted. Bug #843573 Change-Id: I5dfe45e3721fc85ad2d289cea59c5ad1f4eae91b Signed-off-by:
Francois Marier <francois@catalyst.net.nz>
-
Francois Marier authored
This will standardize the way that Mahara sanitizes these personal details. PHPMailer is no longer necessary since in PHP 5.2, it's just a call to filter_var(). Change-Id: I151fe4f91c9731cfa24b5a6e9d0cebeabfcd1a77 Signed-off-by:
Francois Marier <francois@catalyst.net.nz>
-
Francois Marier authored
Change-Id: Ic3571a960228078af2bd3a600c5320146f5824aa Signed-off-by:
Francois Marier <francois@catalyst.net.nz>
-
- 10 Nov, 2011 3 commits
-
-
Francois Marier authored
These CA checks prevent the use of self-signed certificates with MNet despite the fact that we wrap everything inside public key crypto. This change makes the Mahara implementation match the way that this is done in Moodle. Change-Id: Ia190cd4d40da5e7a5acf3c0fe2104f80c6df9f78 Signed-off-by:
Francois Marier <francois@catalyst.net.nz>
-
Richard Mansfield authored
-
Christopher Tombleson authored
The html filter will now parse links with dashes in them. Also will now parse links with parameters in them. Bug #882499 Bug #884438 Change-Id: I96c17381e67488bb2b2eefc4106474b454fa40fd Signed-off-by:
Christopher Tombleson <christopher@catalyst.net.nz>
-
- 09 Nov, 2011 1 commit
-
-
Rich Trott authored
Bug #888255 Change-Id: I2aa2e9c37695fe6f5c1f4794a06eea4a52c9b815 Signed-off-by:
Rich Trott <rtrott@gmail.com>
-
- 08 Nov, 2011 3 commits
-
-
Richard Mansfield authored
When a plugin config value has not been set, multiple calls to get_config_plugin always trigger a db query. But if it's already queried once and found a null result, it should remember that for next time. Change-Id: Id955e0953131b83eba4e36face26bfb4ef828d26 Signed-off-by:
Richard Mansfield <richard.mansfield@catalyst.net.nz>
-
Richard Mansfield authored
get_config_plugin only pulls in records from the given plugin, but it might as well read the entire (tiny) table, so that for example the following two calls result in one query rather than two: get_plugin_config('artefact', 'internal', 'profilemandatory') get_plugin_config('artefact', 'file', 'defaultquota') Change-Id: I28d74179330178a40d4787bdb9e8e4ed1e0a0e60 Signed-off-by:
Richard Mansfield <richard.mansfield@catalyst.net.nz>
-
Richard Mansfield authored
-
- 07 Nov, 2011 3 commits
-
-
Hugh Davenport authored
-
Hugh Davenport authored
Bug #885545 Change-Id: Ieb255923f5b8796109afa060cbffd31c9603f0cc Signed-off-by:
Hugh Davenport <hugh@catalyst.net.nz>
-
Richard Mansfield authored
The $dying variable mentioned in the comment being deleted in this patch is not necessary because checking the value of $group stops a 2nd exception being thrown. The return value of group_current_group is only checked in the smarty function to stop a "Trying to get property of non-object" warning from being logged. Change-Id: Ic78458bbe6ebe52fc4cb82cc661949d97ed450b4 Signed-off-by:
Richard Mansfield <richard.mansfield@catalyst.net.nz>
-
- 05 Nov, 2011 1 commit
-
-
Iñaki Arenaza authored
Bug #886581 As the viewid is not added to the URL for the images, images are considered not published and we don't have permission to see them. In fact, if we right click on the image place holder and click on 'Display image' (or equivalent browser option), we are presented with a login screen, even if we are logged in. Just make sure the viewid is passed to ArtefactTypeBlogpost::get_posts() too as part of the configdata, to include it in the image access URL. Change-Id: I23138180fbd771755407c39a9669860e4ecef762 Signed-off-by:
Iñaki Arenaza <iarenaza@mondragon.edu>
-
- 03 Nov, 2011 5 commits
-
-
Melissa Draper authored
It is currently possible for URLs in the rss parser to be exploited with XSS. sanitize_url has been added to sanitize RSS URL values before they are published. Change-Id: Idacecbce0c3fc33dd2921df9b580acd1251929e6 Signed-off-by:
Richard Mansfield <richard.mansfield@catalyst.net.nz>
-
Ruslan Kabalin authored
Change-Id: I4f0ea5d4818f66937c5fb2c36edd7b49b338b84b Signed-off-by:
Ruslan Kabalin <ruslan.kabalin@luns.net.uk>
-
Richard Mansfield authored
Change-Id: I473d816454baec0dc4a4304fcabdb917eca5f3b7 Signed-off-by:
Richard Mansfield <richard.mansfield@catalyst.net.nz>
-
Hugh Davenport authored
-
Hugh Davenport authored
-
- 02 Nov, 2011 2 commits
-
-
Hugh Davenport authored
When landing from another application, if being redirected to a page in mahara, remove the leading slashes as the wwwroot already has a trailing slash. Change-Id: I34f8cc290c5819f79a9fe15dc4a87d43f479ece1 Signed-off-by:
Hugh Davenport <hugh@catalyst.net.nz>
-
Hugh Davenport authored
Change-Id: Ic9cd7011225cb235e4d3ca039519506be154cfa4 Signed-off-by:
Hugh Davenport <hugh@catalyst.net.nz>
-
- 01 Nov, 2011 4 commits
-
-
Hugh Davenport authored
-
Melissa Draper authored
URLs should be checked before use to prevent misbehaviour. This patch adds a function for that purpose. None of these fixes are believed to be exploitable. Change-Id: Idaf8da739c344b925c7ea3644591a230589eb6e3 Signed-off-by:
Melissa Draper <melissa@catalyst.net.nz>
-
Francois Marier authored
-
Melissa Draper authored
Change-Id: I2a2ba2a54de22fb82c36ffd8ca807f7e237ceff1 Signed-off-by:
Melissa Draper <melissa@catalyst.net.nz>
-
- 31 Oct, 2011 2 commits
-
-
Francois Marier authored
As described in bug #884223, if an administator is masquerading as another user, they should be prevented from jumping as that other user. Change-Id: Ie07f3b807a61bbbb94c9051fb7c4b8df03d19f24 Signed-off-by:
Andrew Robert Nicols <andrew.nicols@luns.net.uk> Signed-off-by:
Francois Marier <francois@catalyst.net.nz>
-
Andrew Robert Nicols authored
Change-Id: I49e29567840682838a2b759c806023106dcdc9ce Signed-off-by:
Andrew Robert Nicols <andrew.nicols@luns.net.uk>
-