1. 31 Mar, 2016 1 commit
  2. 23 Mar, 2016 9 commits
  3. 22 Mar, 2016 1 commit
  4. 21 Mar, 2016 1 commit
    • Aaron Wells's avatar
      Adding some HTTP headers for security (Bug 1531987) · ef64adaa
      Aaron Wells authored
      X-XSS-Protection: Tells the browser not to disable XSS protection
      X-Content-Type-Options: Tells the browser not to try to guess at
      mimetypes of downloads
      X-Permitted-Cross-Domain-Policies: Tells Flash & PDF not to trust
      alternate crossdomain.xml files (which set the permissions on whether
      this site allows itself to be accessed by scripts in Flash & PDF).
      Prevents an attacker from uploading a more permissive crossdomain.xml
      X-Powered-By: PHP by default sends this header with the current full
      PHP version.
      behatnotneeded: Selenium can't examine HTTP response headers
      Change-Id: Ia2a6de971fc62b7d8806ad010aa0fbe37c1a7357
      (cherry picked from commit 29656f03)
  5. 18 Mar, 2016 1 commit
    • Aaron Wells's avatar
      Use $CFG->cacheversion for HTMLPurifier cache version · 1c654e04
      Aaron Wells authored
      Bug 1558387
      With this, we don't have to remember to bump HTML.DefinitionRev in
      html_clean(), or clear the htmlpurifier directory in dataroot.
      behatnotneeded: API change only
      Change-Id: I15cd291fd8e5d7d5c357f1595a89f34f44236e7d
  6. 16 Mar, 2016 1 commit
  7. 14 Mar, 2016 1 commit
    • Robert Lyon's avatar
      Fix bug in xmlrpc + $cfg->usersuniquebyusername · d22c3042
      Robert Lyon authored
      Bug 1556692: When used together, these can cause problems when
      the ID field from Moodle gets truncated to the default
      get_new_username() length of "30", when being inserted into
      usr.username in Mahara.
      behatnotneeded: Can't test Mnet in Behat
      Change-Id: Icdeb78b5298e7d63a0610987b0d8fad34e58d036
  8. 08 Mar, 2016 1 commit
  9. 03 Mar, 2016 1 commit
  10. 10 Feb, 2016 1 commit
  11. 18 Dec, 2015 1 commit
  12. 11 Dec, 2015 2 commits
  13. 10 Dec, 2015 6 commits
  14. 30 Nov, 2015 1 commit
    • Aaron Wells's avatar
      Make get_record warn instead of dying, by default · 59b55846
      Aaron Wells authored
      Bug 1515929: Usually when we use get_record(), we're
      querying against a record that has a uniqueness constraint
      guaranteeing that it is unique, in which case the PHP
      code that dies on non-uniqueness is redundant.
      In the remaining cases, we're dealing with records
      that for some reason can't have a uniqueness constraint,
      and the dying just causes the site to entirely stop
      working, when it would be more useful to have it continue
      to work but throw a warning message to the logs.
      behatnotneeded: Covered by existing test cases
      Change-Id: I264f72e3a8904293d78909410f68b29f2c78db3c
  15. 26 Nov, 2015 3 commits
  16. 25 Nov, 2015 3 commits
  17. 23 Nov, 2015 1 commit
    • Robert Lyon's avatar
      Bug 1517228: perf_to_log function amd misisng data · 296fe519
      Robert Lyon authored
      Because some systems may not have all the available data we should
      check if the data exists before trying to display it.
      To test:
      Before patch change the line in lib/mahara.php
       if (function_exists('posix_times')) {
       if (!function_exists('posix_times')) {
      and make sure the 'perf_to_log' config option is set to true
      This will cause the errors we are trying to deal with to show up
      Change-Id: If9610fa0eaf4c8bb036b21c1c75e10d828de7934
      Signed-off-by: Robert Lyon's avatarRobert Lyon <robertl@catalyst.net.nz>
      (cherry picked from commit e9584a54)
  18. 22 Nov, 2015 1 commit
  19. 20 Nov, 2015 1 commit
  20. 12 Nov, 2015 1 commit
  21. 27 Oct, 2015 2 commits