1. 15 Jun, 2015 17 commits
  2. 03 Jun, 2015 1 commit
    • Robert Lyon's avatar
      Lazy-load list of textboxes when opening textbox form (Bug 1393734). · 0a1e5e0e
      Robert Lyon authored
      
      
      The query to load other textboxes when displaying textbox config. forms
      is very heavy in a large instance of Mahara. This patch postpones the
      listing of other textboxes in the textbox config. form, until the link
      to display them is clicked.
      This enables the textbox config. form to load and display quickly.
      
      TODO: optimise loading speed of list of textboxes. This process is still
      as slow as it was before - all this patch does is defer it until it's
      actually required!
      
      Change-Id: I92c77e22753882a2b9ed5be3738b8d26b7f5709d
      Signed-off-by: default avatarMike Kelly <m.f.kelly@arts.ac.uk>
      0a1e5e0e
  3. 02 Jun, 2015 1 commit
  4. 28 May, 2015 1 commit
  5. 11 May, 2015 1 commit
  6. 07 May, 2015 1 commit
  7. 04 May, 2015 2 commits
  8. 03 May, 2015 1 commit
  9. 29 Apr, 2015 1 commit
  10. 28 Apr, 2015 2 commits
  11. 24 Apr, 2015 1 commit
  12. 21 Apr, 2015 1 commit
  13. 15 Apr, 2015 2 commits
    • Robert Lyon's avatar
      Stopping SWF files XSS exploitation (Bug #1190788) · 8df9bdfa
      Robert Lyon authored
      By doing two things:
      
      1) Getting the embedded SWF object to set the
       allowscriptaccess = "never" and allownetworking = "never"
      
      2) By forcing a 'download file' link to actually download file
      - this goes for all files now that don't have embedded=1
      in their url.
      
      I've done it this way, having the embedded item have extra url param
      so that if a user tries to manipulate a url by removing params it
      will default to force download.
      
      I've merged the changes I'd done here https://reviews.mahara.org/#/c/3522/2
      
      
      and I've also cleaned up places where the download=1 was used as that is
      not needed now. Now if there are places where we need to embed rather
      than download we add the embedded=1 to the url.
      
      Change-Id: If5290a7c571d06d4178ef2ae5c4c09ed287403b4
      Signed-off-by: Robert Lyon's avatarRobert Lyon <robertl@catalyst.net.nz>
      8df9bdfa
    • Aaron Wells's avatar
      Explicitly tell the template to use the AJAX block loader · 29053d1b
      Aaron Wells authored
      Bug 1444229: It was hacky to rely on the block content being empty
      to signal the AJAX block loader. We should tell it to do so explicitly.
      
      Change-Id: I9816c43c96ffed85282ac0d874fa5bfe1ca62e00
      29053d1b
  14. 07 Apr, 2015 1 commit
  15. 01 Apr, 2015 1 commit
  16. 31 Mar, 2015 1 commit
  17. 26 Mar, 2015 1 commit
  18. 24 Mar, 2015 1 commit
  19. 23 Mar, 2015 2 commits
  20. 19 Mar, 2015 1 commit