GitLab

Aaron Wells authored Apr 15, 2016 and Robert Lyon committed Apr 20, 2016

This patch does 2 things:

1. It loads the session much earlier during init.php. We wind
up creating one on *every* script load anyway, due to LiveUser's
constructor. Sometimes it gets created earlier if other code
tries to use it before then, which adds some unpredictability
to things. Moving it up to the top of init.php reduces that
unpredictability.

2. It turns out that in PHP 5.3, using header_remove('Set-Cookie')
to only doesn't remove session headers. But header_remove()
(with no params) to remove *all* cookies does remove them. So
I'm changing remove_duplicate_cookies() to use that instead.

3. Also in PHP 5.3, session headers are visible in headers_list().
In situations where your session id changes (due to session_destroy()
and session_regenerate_id()), our use of array_unique() meant we
would preserve the old and new session IDs and send both back
to the browser. This patch makes remove_duplicate_cookies() aware
of the current session ID, and it only preserves that one.

Change-Id: I7a90b8692a5f97429415aa9a17451a44cd2109dd
behatnotneeded: Covered by existing tests
(cherry picked from commit 83ec33f2)

Liam Sharpe authored Apr 15, 2016 and Robert Lyon committed Apr 20, 2016

behatnotneeded

Change-Id: Ic839970344a7b09d742f3f609ef2a80e6ea500af
(cherry picked from commit 6fa397e3)
(cherry picked from commit d1ebeaab)

Tobias Zeuch authored Apr 18, 2016 and Robert Lyon committed Apr 19, 2016

Bug 1571421: In the exists-subquery the join-condition contains a reference to an outer table alias, which is not supported in MySql (though it seems to work in Postgres). This leads to a "site unavailable" e.g. when searching on the "shared with me" page.
The solution is to move the condition into the WHERE-part. This might actually improve performance because it allows the database engine to precalculate the join one single time and reuse it for each Exists-subquery

behatnotneeded

Change-Id: I5097154d939bf7ddba01d5845af7e8cbb42681b8
Signed-off-by: Tobias Zeuch <tobias.zeuch@rwth-aachen.de>
(cherry picked from commit 65c21985)

Pat Kira authored Apr 14, 2016 and Robert Lyon committed Apr 15, 2016

behatnotneeded

Change-Id: I15041cdfbaf3f8cd3519794dd1102928201c7551
(cherry picked from commit 8d7dae80)
(cherry picked from commit a5e32554)

behatnotneeded

Change-Id: Id81a439cf2166ed04663099331540e579feec13c
Signed-off-by: Robert Lyon <robertl@catalyst.net.nz>
(cherry picked from commit 3b193503)
(cherry picked from commit 62744917)

Aaron Wells authored Apr 12, 2016 and Robert Lyon committed Apr 13, 2016

This setting kills your Mahara session whenever you navigate
to Mahara from a link or redirect on another page. This totally
prevents SAML and other redirect-based auth methods from working,
makes it annoying to use links in email, and while it is mentioned
on the PHP manual's "Securing Sessions" page, it's only
recommended there if you also have "session.use_trans_id" enabled,
which we do not.

Change-Id: I8b3b14bae8043c5004cc8f36766f2db9422eac1c
behatnotneeded: Can't be tested by behat
(cherry picked from commit 91807920)

Sarah Cotton authored Nov 13, 2015 and Robert Lyon committed Apr 11, 2016

behatnotneeded

Change-Id: Iffe40a00d119efca936a40500b762a625e5f348a

Pat Kira authored Apr 05, 2016 and Robert Lyon committed Apr 11, 2016

Allowing the select button to appear on group/institution places

behatnotneeded

Change-Id: Ie58ff61b915753c2de5e9f60cf8d17b345b0b6e4

Aaron Wells authored Apr 05, 2016 and Robert Lyon committed Apr 07, 2016

Bug 1566127

Change-Id: I8e249a93fbff7c3bf914099e53f1f29068a36a15
behatnotneeded: Covered by existing tests
(cherry picked from commit d5aef398)

Change-Id: I2bea376b7d403171a306c31fdc69e26a4aa1644b

Liam Sharpe authored Mar 10, 2016 and Robert Lyon committed Mar 31, 2016

When there is no 'replayall' footer link present

behatnotneeded

Change-Id: Ifa1f2a3487c8ab568a8465a48b87fd817c7e1a07
(cherry picked from commit 2a357b58)

David Ligne authored Mar 22, 2016 and Aaron Wells committed Mar 31, 2016

behatnotneeded: Changes on database columns types only.

Change-Id: I0e80fe7b4ca7552c854f3496db6496e984bbdd53

Son Nguyen authored Oct 22, 2015 and Robert Lyon committed Mar 31, 2016

see more at http://php.net/manual/en/session.security.php

behatnotneeded

Change-Id: I70b427daa1ee29c233339ba245f56a02c1a8b3a5
(cherry picked from commit 38bfb5cf)

* changes:
  Move WebService "markTestSkipped" to setup (Bug 1515473)
  Call parent::setUp() in WebServiceTestBase (Bug 1515473)

Signed-off-by: Aaron Wells <aaronw@catalyst.net.nz>

Signed-off-by: Aaron Wells <aaronw@catalyst.net.nz>

Robert Lyon authored Mar 17, 2016 and Aaron Wells committed Mar 24, 2016

It got merged before I noticed the comment about needing a behat test

Change-Id: I1fd5bbdd88bc88cbde17992b9d7c9709f44b8e6f
Signed-off-by: Robert Lyon <robertl@catalyst.net.nz>
(cherry picked from commit d78df1b8)

behatnotneeded

Change-Id: Ie1b754da7d1cd1beaeadc0579890639e7d2623b7
Signed-off-by: Robert Lyon <robertl@catalyst.net.nz>
(cherry picked from commit d846632a)

Bug 1558361

behatnotneeded

Change-Id: Ic7186f35eb38cf79e76dcd8347df18178ccc5a32

behatnotneeded - should be covered by existing tests

Change-Id: Ia4592c9bd261c978dc911999e81f906fa0b13450

Also setting the note block's form change checker state to
"dirty" by default, so that users will get a warning before
navigating away to the other page.

Change-Id: I20f586781df63e942a7a1c82e5e74fd5214c233f

Bug 1558361

behatnotneed

Change-Id: Idc3f0a010fef76a0908f65ce88bf52ae870170d3

Bug 1558361: Deleting this because it has some target="_blank"
links in it, and we're not using it anyway.

Change-Id: I270e9b4928488715c6c3fff1728e8060a575379b

Bug 1558361

Change-Id: Ifb0dba0d91a0ea2ba2b2dfc2daeda39b679c0397

Bug 1558361

behatnotneeded

Change-Id: I4bebbcca92bd9cbd594ca7d8d83030f6f3e0388b

Bug 1558361

behatnotneeded

Change-Id: Idc139a671137cbde6958fdc8406bc56f8c395f08

Bug 1558361: TinyMCE will filter them out on the editing
side, and HTMLPurifier will filter them out on the display
side.

behatnotneeded: Would require non-trivial new Behat step to
check whether links have "target" attribute.

Change-Id: If27462b2ca1a382ceeaadb374aade1f795f261bd

Aaron Wells authored Mar 23, 2016 and Robert Lyon committed Mar 23, 2016

Bug 1560730: In 15.10, where there are combined text
field & filter-dropdown fields, we use Bootstrap
magic to combine them into one succinct little thing

Change-Id: I8c9756194a60d4505ebb2840718e6b114dd8aaa5
behatnotneeded: Covered by existing tests
(cherry picked from commit b6c6044b)

Bug 1560739: As a temporary workaround to our apparent
incompatibility with gulp-bless 3.1.0 and/or bless
4.0, pinning gulp-bless to 3.0.1 fixes the problem.

Liam Sharpe authored Jan 11, 2016 and Robert Lyon committed Mar 23, 2016

Comprises two fixes:
1. Icon in profile sidebar next to the Moodle instance's
name
2. Mentioning of the Moodle instance in the "Online users"
sidebar

behatnotneeded

Change-Id: I3c1c09df9156834dc79313b8c30e5264dda2e6ad

Aaron Wells authored Nov 13, 2015 and Robert Lyon committed Mar 23, 2016

... so that we don't bother doing setup just to get
to testRun() and realize we're skipping this test

behatnotneeded: phpunit, not behat

Change-Id: I0c96e364129435f9eca3f0cb3bb44beaf9db4701

Aaron Wells authored Nov 13, 2015 and Robert Lyon committed Mar 23, 2016

behatnotneeded: This is phpunit, not behat. ;)

Change-Id: I906089c82c6e5ca521007359006b49381c537f2b
(cherry picked from commit b8957909)

Aaron Wells authored Mar 15, 2016 and Robert Lyon committed Mar 22, 2016

Change-Id: I71c3afc2b3a4e07f4bbba1bb356d86911ab4b332