1. 15 Jun, 2015 1 commit
  2. 15 Apr, 2015 1 commit
    • Robert Lyon's avatar
      Stopping SWF files XSS exploitation (Bug #1190788) · 8df9bdfa
      Robert Lyon authored
      By doing two things:
      
      1) Getting the embedded SWF object to set the
       allowscriptaccess = "never" and allownetworking = "never"
      
      2) By forcing a 'download file' link to actually download file
      - this goes for all files now that don't have embedded=1
      in their url.
      
      I've done it this way, having the embedded item have extra url param
      so that if a user tries to manipulate a url by removing params it
      will default to force download.
      
      I've merged the changes I'd done here https://reviews.mahara.org/#/c/3522/2
      
      
      and I've also cleaned up places where the download=1 was used as that is
      not needed now. Now if there are places where we need to embed rather
      than download we add the embedded=1 to the url.
      
      Change-Id: If5290a7c571d06d4178ef2ae5c4c09ed287403b4
      Signed-off-by: Robert Lyon's avatarRobert Lyon <robertl@catalyst.net.nz>
      8df9bdfa
  3. 30 Mar, 2015 1 commit
  4. 12 Mar, 2015 1 commit
  5. 05 Feb, 2015 1 commit
  6. 04 Feb, 2015 1 commit
  7. 28 Jan, 2015 1 commit
    • Robert Lyon's avatar
      Don't expand the comment lists on page edit screen (Bug #1317343) · 1b663910
      Robert Lyon authored
      
      
      This was causing some problems with tagged posts
      - also hiding the 'add comment' link on page edit screen.
      
      And making the comments info show when no comments were on item and
      allow comments for artefact was enabled. This is an issue with newer
      versions of php.
      
      Also placing some of the template files in the new correct location
      
      Change-Id: I599e16b0899559a3ebcdf68cff53220b1d83f2d6
      Signed-off-by: Robert Lyon's avatarRobert Lyon <robertl@catalyst.net.nz>
      1b663910
  8. 03 Dec, 2014 1 commit
  9. 16 Nov, 2014 1 commit
  10. 29 Sep, 2014 1 commit
  11. 09 Sep, 2014 1 commit
  12. 01 Sep, 2014 1 commit
  13. 06 May, 2014 1 commit
    • Aaron Wells's avatar
      Upgrade flowplayer.audio to version 3.2.11 · 97e807a7
      Aaron Wells authored
      Bug 1316372: Also removing the flowplayer.audio source files, because
      they're not necessary to run Mahara, and we don't build it ourselves
      anyway.
      
      Change-Id: Ib64dbec723092486860a2fb37099b7918cfcb6a4
      97e807a7
  14. 16 Oct, 2013 1 commit
    • Robert Lyon's avatar
      Overlay problems in block edit mode (bug 1240307) · 5665edfb
      Robert Lyon authored
      
      
      In Chrome - when editing a block when there is a nearby embedded media video
      block can cause the video part of the block to display over the config
      form making it hard to do editing.
      
      From what the interweb says this is a problem with wmode needing to be
      set.
      
      Change-Id: I8cd2a9c20ac2e14fe52274aeafeead96a7e94c17
      Signed-off-by: Robert Lyon's avatarRobert Lyon <robertl@catalyst.net.nz>
      5665edfb
  15. 14 Oct, 2013 1 commit
  16. 07 Oct, 2013 1 commit
  17. 15 Feb, 2013 2 commits
  18. 30 Sep, 2011 1 commit
  19. 20 Sep, 2011 1 commit
  20. 12 Aug, 2011 1 commit
  21. 13 May, 2011 1 commit
  22. 08 Mar, 2011 1 commit
  23. 27 Jan, 2011 1 commit
  24. 26 Jan, 2011 1 commit
  25. 11 Jan, 2011 1 commit
  26. 04 Nov, 2010 1 commit
  27. 19 Oct, 2010 1 commit
  28. 08 Oct, 2010 1 commit
  29. 10 Sep, 2010 1 commit
  30. 31 Aug, 2010 2 commits
  31. 19 Jul, 2010 1 commit
  32. 26 May, 2010 1 commit
  33. 18 Nov, 2009 1 commit
  34. 28 Oct, 2009 1 commit
  35. 22 Sep, 2009 1 commit
  36. 15 Sep, 2009 1 commit
  37. 01 Jul, 2009 1 commit
  38. 23 Jun, 2009 1 commit