- 30 Nov, 2017 1 commit
-
-
Robert Lyon authored
When the site is an https site behatnotneeded Change-Id: Ic10204bc19f0dd729ac7a884423be4783a59749e Signed-off-by:
Robert Lyon <robertl@catalyst.net.nz>
-
- 19 Nov, 2017 1 commit
-
-
Ilya Tregubov authored
behatnotneeded Enables Mahara to save files to an external file system - object storage (such as AWS's S3) - which can reduce the cost of storage Change-Id: I76822612f2922ba0ef2a0b7a4efb9cd2b96979a6
-
- 30 Mar, 2017 1 commit
-
-
Kristina Hoeppner authored
Some string IDs changed so that they are picked up by the translators while others aren't changed when they are just changes for English. behatnotneeded Change-Id: I9afb8980492937f361e6e35361245c689b5a4413
-
- 22 Dec, 2016 1 commit
-
-
Cecilia Vela Gurovic authored
mysql php module is not supported any more. mysqli should be used instead and show an error if not. behatnotneeded Change-Id: I018b5117f33ed6788be45a756b045870156833da
-
- 08 Aug, 2016 1 commit
-
-
Aaron Wells authored
The best way to prevent sensitive data from being printed to the logs is to avoid printing the value of *any* parameter. For instance, a password parameter may have an unusual name, or it may be passed through a general-purpose function like "strlen()". Since parameter values are useful for debugging, we can still print them when not in production mode (although with known password params still scrubbed out). Note this patch both scrubs likely password params, and hides their scrubbed value. That's mostly because I'm lazy, but it also obscures the password's actual length. Change-Id: I4a1ab4c89a169c6b29a7b63384c2412cee761ab7 behatnotneeded: Can't test with behat
-
- 05 Jul, 2016 1 commit
-
-
Dmitrii Metelkin authored
behatnotneeded Change-Id: Ia73346aa5a71952ee01d4955b864c7f2573d4a03
-
- 08 Jun, 2016 1 commit
-
-
Aaron Wells authored
The session init code relies on $CFG->session_timeout, which is normally defined in the config table. So, we need to start the session after opening the database connection. (In the event that there's an earlier session start, for instance due to an error message, this will cause the session for that page load to disregard any database config values. But that's not a show-stopper, and there's no easy way to fix it.) Change-Id: Iffbeebc8e92929970a558ff0fbc726719bb92741 behatnotneeded: Covered by existing tests
-
- 12 May, 2016 1 commit
-
-
Robert Lyon authored
When trying to start behat test without setting behat config vars behatnotneeded Change-Id: I47b4e741aacbfe794339ef6771b0c0aee948fe45 Signed-off-by:
Robert Lyon <robertl@catalyst.net.nz>
-
- 21 Apr, 2016 1 commit
-
-
Robert Lyon authored
1) Allowing $CFG to accept json encoded strings and to be decoded back to php 2) Making the $cfg->openbadgedisplayer_source a json encoded string 3) Allowing the openbadges have the defaults only on one place and warn when they are missing behatnotneeded Change-Id: Ica0349d6343d9f608b2272117d7412b288799278 Signed-off-by:
Robert Lyon <robertl@catalyst.net.nz>
-
- 18 Apr, 2016 1 commit
-
-
Aaron Wells authored
This patch does 2 things: 1. It loads the session much earlier during init.php. We wind up creating one on *every* script load anyway, due to LiveUser's constructor. Sometimes it gets created earlier if other code tries to use it before then, which adds some unpredictability to things. Moving it up to the top of init.php reduces that unpredictability. 2. It turns out that in PHP 5.3, using header_remove('Set-Cookie') to only doesn't remove session headers. But header_remove() (with no params) to remove *all* cookies does remove them. So I'm changing remove_duplicate_cookies() to use that instead. 3. Also in PHP 5.3, session headers are visible in headers_list(). In situations where your session id changes (due to session_destroy() and session_regenerate_id()), our use of array_unique() meant we would preserve the old and new session IDs and send both back to the browser. This patch makes remove_duplicate_cookies() aware of the current session ID, and it only preserves that one. Change-Id: I7a90b8692a5f97429415aa9a17451a44cd2109dd behatnotneeded: Covered by existing tests
-
- 21 Mar, 2016 1 commit
-
-
Son Nguyen authored
Add behat tests Change-Id: I905af729d2cda76d5c6ff31b29b9d21c3dc67505
-
- 28 Feb, 2016 1 commit
-
-
Aaron Wells authored
X-XSS-Protection: Tells the browser not to disable XSS protection X-Content-Type-Options: Tells the browser not to try to guess at mimetypes of downloads X-Permitted-Cross-Domain-Policies: Tells Flash & PDF not to trust alternate crossdomain.xml files (which set the permissions on whether this site allows itself to be accessed by scripts in Flash & PDF). Prevents an attacker from uploading a more permissive crossdomain.xml X-Powered-By: PHP by default sends this header with the current full PHP version. behatnotneeded: Selenium can't examine HTTP response headers Change-Id: Ia2a6de971fc62b7d8806ad010aa0fbe37c1a7357
-
- 18 Feb, 2016 1 commit
-
-
Son Nguyen authored
Fix behat step definitions, features Change-Id: I2bf4e94804b9e86c4e54e5f9e66af233b3f86abf
-
- 10 Jan, 2016 2 commits
-
-
Son Nguyen authored
This reverts commit a8289074. Change-Id: I36b8754a592c98b0b1a81964028870283931029c
-
Son Nguyen authored
behatnotnedded Change-Id: Iaffc0dca9c98ee96c38c1ad9ecb060faa543f76d
-
- 15 Dec, 2015 1 commit
-
-
Aaron Wells authored
Bug 1526076: I believe the initial intent was that Mahara core, and/or each plugin, could add a value to its version.php file indicating "disablelogin" true or false. And in this way, an upgrade could indicate whether it was a small enough upgrade that users did not need to log out for it. However, in practice this is not practical because we don't know what version of Mahara the user is upgrading from, and that is what determines whether or not it's a "stable" upgrade. Additionally, the core disablelogin has been set to true for the past 7 years, and the plugin disablelogin setting no longer has any effect. Removing disablelogin should hopefully make our maze of init.php auth_setup() login stuff a little bit easier to follow. behatnotneeded: Covered by existing tests Change-Id: I5f8a2b4faa95b9225bb926de6a54a622ea1a9618
-
- 14 Dec, 2015 1 commit
-
-
Aaron Wells authored
Bug 1526101: This should help make it clearer what's going on in init.php and the related auth code, by making the distinction between $CFG->siteclosed and $CFG->siteclosedbyadmin clearer. behatnotneeded: Covered by existing tests Change-Id: I8bc728622ae965ce25b55ee4b55278771fc1eedc
-
- 12 Dec, 2015 1 commit
-
-
Robert Lyon authored
Phpunit tests cannot run if Mahara is not installed but doesn't give any warning to this fact Change-Id: Ie8aecf35fef730adbb42856da13ff712ed8505d5 Signed-off-by:
Robert Lyon <robertl@catalyst.net.nz>
-
- 25 Nov, 2015 1 commit
-
-
Robert Lyon authored
Set the state of the libxml entity loader & use internal errors settings, back to what they were before we called them, as a workaround to https://bugs.php.net/bug.php?id=64938, which causes them to be shared by all threads in a single process. behatnotneeded Change-Id: I0720146b1e91c24095a18636e09981830ef4ce8f Signed-off-by:
Robert Lyon <robertl@catalyst.net.nz>
-
- 11 Nov, 2015 1 commit
-
-
Jono Mingard authored
Some of these files aren't loaded on any pages, some (ie. debug.js) are no longer necessary with modern debugging tools, and some have been replaced by Bootstrap functionality behatnotneeded: should be functionally identical Change-Id: I6d1b3874de5d42ccc00a8c0d2bb0e8bc162747d4
-
- 23 Sep, 2015 1 commit
-
-
Aaron Wells authored
Change-Id: I5c147bf0ab19e02718666d16ee52f58a74e926b7 behatnotneeded: Covered by existing tests
-
- 20 Jun, 2015 1 commit
-
-
Aaron Wells authored
Change-Id: Iae1f93c0129c1396aca633756b271fb41360836f
-
- 15 Jun, 2015 4 commits
-
-
Naomi Guyer authored
Bug 1465107: Use Bootstrap CSS Framework EG: '10.0.19' < '5.0.25' evaluates as false Change string check to check float value instead. Change-Id: I27809e38a176e0f6b5182f878904c28a772cda6e
-
Naomi Guyer authored
Bug 1465107: Use Bootstrap CSS Framework Change-Id: I9441f1f0fd89623e1cf5c84d888b0d4b5358e20c
-
Naomi Guyer authored
Bug 1465107: Use Bootstrap CSS Framework Change-Id: I1f631d6f2637b22e00ea9e0972f0447a52304f4c
-
Naomi Guyer authored
Bug 1465107: Use Bootstrap CSS Framework Change-Id: I2b5928352dc8675162e6f5e00b3424b82456e382
-
- 19 May, 2015 1 commit
-
-
Robert Lyon authored
In case the site has port specified in its server['HOST']. Change-Id: Ia033270487a14a537dada5697b8c2d3848d490fa Signed-off-by:
Robert Lyon <robertl@catalyst.net.nz>
-
- 27 Mar, 2015 1 commit
-
-
Aaron Wells authored
- Cron doesn't need to run auth_setup() - Don't run cron when site is closed for upgrade - Get rid of forcelocalupgrade() option because it's no longer needed Change-Id: I1718b13337c50fadc0573d04f5b3d6b20bc842c2
-
- 02 Mar, 2015 1 commit
-
-
Robert Lyon authored
We seem to be calling it on every page load - so for a page with lots of blocks it means a lot of calls. When really we should call it once when a user first arrives as they won't be switching devices during their session. Change-Id: Id939ad83c5acfdbcdd358691def25bd2e5f5a592 Signed-off-by:
Robert Lyon <robertl@catalyst.net.nz>
-
- 04 Dec, 2014 1 commit
-
-
Robert Lyon authored
Changing the value from postgres7 to postgres as we are really only supporting postgres 8.3+ Also updated the list of reserved keywords to contain all the reserved keywords that exist in postgres 8.3. And added new postgres 9.3 reserved words to end of list Change-Id: Ia233b8f21bff9983cf6918691283886467a607e4 Signed-off-by:
Robert Lyon <robertl@catalyst.net.nz>
-
- 03 Dec, 2014 1 commit
-
-
Son Nguyen authored
Change-Id: I7a1f7d42d9739a9ab1507d56aaf3a51ee0e7ef1a
-
- 30 Oct, 2014 1 commit
-
-
Aaron Wells authored
Bug 1387903 Change-Id: I369d58f85c944f4be2bc2965c080b2c4c86dadc1
-
- 15 Oct, 2014 1 commit
-
-
Aaron Wells authored
Bug 1346926: This bug replicates the functionality of the newly enhanced (in bug 1328310) local/theme directory. I'm updating the documentation of local/theme at the same time, to try to avoid this kind of replication in future. Change-Id: Ia36442ac264f5e0740278592e734ddc0838bb80f
-
- 22 Jul, 2014 1 commit
-
-
Aaron Wells authored
Bug 1268746 Change-Id: I438629b7bb03590b4f5875c07381f500569c80d1
-
- 30 Jun, 2014 1 commit
-
-
Aaron Wells authored
Bug 547932: The module bootstrap code relies on the existence of the module_installed table, which isn't present until after you upgrade. Change-Id: I34075dec8e4d8671b71b3023774b44343a5d50ca
-
- 16 Jun, 2014 1 commit
-
-
Valerii Kuznetsov authored
Change-Id: I5558449a0d5c4911bfaec166d185ebd1da863f1c Signed-off-by:
Valerii Kuznetsov <valerii.kuznetsov@totaralms.com>
-
- 04 Jun, 2014 1 commit
-
-
Aaron Wells authored
As vetted in the May 2014 dev meeting http://meetbot.mahara.org/mahara-dev/2014/mahara-dev.2014-05-01-08.01.log.html Change-Id: I353ed74d69a5346fbe4e8e521e5c349dbe8dcbac
-
- 29 Jan, 2014 1 commit
-
-
Robert Lyon authored
- TO DO: will need to make sure that the results returned by public search are allowed to be seen by the public Change-Id: I1787bd1ba0f26d5f7ea86d5d7f1562987f98381c Signed-off-by:
Robert Lyon <robertl@catalyst.net.nz>
-
- 21 Jan, 2014 1 commit
-
-
Aaron Wells authored
This reverts commit 1cdc0486. The JSDetector class has caused three regressions so far (Bug 1270846, Bug 1261610, and Bug 1268788). Since it's been buggy and it's not actively in use anywhere in the site, I think we should revert it. Change-Id: If32d5adf8733ce3f455aab09a5d138c7707ae95d
-
- 13 Jan, 2014 1 commit
-
-
Aaron Wells authored
Bug 1268746: In PHP 5.4 E_ALL changed to include E_STRICT, causing Mahara to throw a lot of strict standards errors. This should silence most of them. HOWEVER, because most strict standards happen at compile-time, this will have no effect on strict standards errors caused in the files that have already been loaded by the time we call error_reporting() and set_error_handler(), which includes: - The file invoked directly by the URL - init.php - errors.php - config.php - config-defaults.php Change-Id: I7a7fdf7facb1f30e186a0e8a27f1c3b7473200da
-