1. 02 Apr, 2014 2 commits
  2. 01 Apr, 2014 3 commits
    • Aaron Wells's avatar
      Check that account is valid before logging in via password reset · 3475f03a
      Aaron Wells authored
      Bug1284876: Without this, a suspended user can log in via a password
      reset email
      
      Change-Id: I5cb8f2978cdc2c6c0a6975a3fbfd2dfdc1d9bcc5
      3475f03a
    • Ghada El-Zoghbi's avatar
      Bug1075760: reporting objectional material with no message doesn't get sent to... · 8c7a5e68
      Ghada El-Zoghbi authored
      Bug1075760: reporting objectional material with no message doesn't get sent to admin with digest emails
      
      Email digest table has a not null contraint for the message field:
      1. Force the user to enter something in the objectionable comment.
      2. Other areas: if a user enteres a message (i.e. in a forum)
      which is made up of html (i.e. a smiley face),
      the message gets 'cleaned' by stripping html tags.
      This leaves it empty and fails when trying to insert into the
      email digest table.
      Clean the message with html2text instead of str_shorten_html.
      3. As a last resort, before inserting into the email digest table,
      make sure there is at least a space in the message field (if it's empty).
      
      Change-Id: I05a77e0682017839b34e74241eefb98fb788eab5
      Signed-off-by: default avatarGhada El-Zoghbi <ghada@catalyst-au.net>
      8c7a5e68
    • Robert Lyon's avatar
      Getting mysql not to use CAST() (bug #1081947) · e35d3ea8
      Robert Lyon authored
      In the 1.8+ codebase there are only two places where both mysql and
      postgres use CAST(). So I've tried altering the calls so that mysql
      doens't need to use CAST().
      
      This will probably need to be tested with a large data mysql db site
      to see if any speed gains are made, and also the calls are still
      working correctly.
      
      All other places it is being used by postgres only
      Signed-off-by: Robert Lyon's avatarRobert Lyon <robertl@catalyst.net.nz>
      
      Change-Id: I9eaf196d062ef2a62bfdae0df179281f3411c392
      e35d3ea8
  3. 25 Mar, 2014 1 commit
  4. 25 Feb, 2014 1 commit
  5. 14 Jan, 2014 2 commits
  6. 06 Jan, 2014 1 commit
    • Aaron Wells's avatar
      Override MySQL's check for accidental large queries · f4e4b44f
      Aaron Wells authored
      Bug 1070046: MySQL has an optional server config option, "MAX_JOIN_SIZE",
      which throws an error if you try to run a SQL query that MySQL's strategizer
      thinks will require it to evaluate more than MAX_JOIN_SIZE rows. This is
      intended to prevent the user from accidentally running giant queries that
      will never finish, but some Mahara queries (which are large but will finish)
      can trip it. Adding SQL_BIG_SELECTS=1 tels it that our queries are *not*
      accidentally large.
      
      Also has order change for bug 1184450
      
      Change-Id: I6db4699ea765d3213d13eb93b8de098914db24e0
      f4e4b44f
  7. 23 Dec, 2013 3 commits
  8. 12 Dec, 2013 1 commit
    • Aaron Wells's avatar
      Writing a helpfile for "generate sitemap" · 6ad43a71
      Aaron Wells authored
      Bug 974855: It's not great that the helpfile doesn't actually contain the URL for your sitemap,
      but we'd need to implement the ability to put parameters or variables into help files to make that happen.
      
      Change-Id: I7cc414510ffe78432a4e21d61a829f67ff1d9929
      6ad43a71
  9. 10 Dec, 2013 2 commits
  10. 05 Dec, 2013 1 commit
  11. 26 Nov, 2013 1 commit
  12. 21 Nov, 2013 1 commit
  13. 28 Oct, 2013 3 commits
  14. 25 Oct, 2013 1 commit
  15. 24 Oct, 2013 2 commits
  16. 22 Oct, 2013 1 commit
    • Robert Lyon's avatar
      Allowing pieform error text to not be escaped if needed (Bug 1239539) · bd33b9c8
      Robert Lyon authored
      Currently if there is html in an error message used by pieforms it
      escapes the html so the link becomes not usable.
      
      I have made a change where you can tell pieforms not to escape the
      error message.
      
      So instead of using:
      $form->set_error($field, $message);
      
      you can use:
      $form->set_error($field, $message, false);
      
      Where false means do not escape the message.
      
      As the terms and conditions are displayed on the page already I've
      updated the link to jump to the terms section
      
      Change-Id: Ia8650a9f2284fb007cbe81a4a94223f127c4f6cd
      Signed-off-by: Robert Lyon's avatarRobert Lyon <robertl@catalyst.net.nz>
      bd33b9c8
  17. 08 Oct, 2013 1 commit
    • Aaron Wells's avatar
      Update session-cached display name when deleting it · 6ecbe067
      Aaron Wells authored
      Bug 1223063: ArtefactTypeCachedProfileField was only updating
      the session cache when you updated a value, not when you deleted it.
      Of course, the only one that can get deleted and that is shown
      anywhere is the PreferredName (aka display name) so only this
      one shows the problem.
      
      Change-Id: I55f9c96b59c91ced5cba3cf6443ba2e222201ef7
      Signed-off-by: Aaron Wells's avatarAaron Wells <aaronw@catalyst.net.nz>
      6ecbe067
  18. 02 Oct, 2013 5 commits
  19. 01 Oct, 2013 3 commits
    • Kristina Hoeppner's avatar
      Add alt and title tag for blocks (Bug #1218684) · 971fa738
      Kristina Hoeppner authored
      IE only picks up the alt and not the title
      tag. I added both so that users will see the
      description.
      
      Change-Id: I2f1c9342363d3372e5aa1549da7fcfc3086177b1
      Signed-off-by: Kristina Hoeppner's avatarKristina D.C. Hoeppner <kristina@catalyst.net.nz>
      971fa738
    • Kristina Hoeppner's avatar
      Add missing lang string for warning (Bug #1227372) · e147f3c9
      Kristina Hoeppner authored
      Lang string was missing for "Allowed iframe sources"
      
      Change-Id: I1cab612134a334fac7f0ca54fcf406b4a08f3226
      Signed-off-by: Kristina Hoeppner's avatarKristina D.C. Hoeppner <kristina@catalyst.net.nz>
      e147f3c9
    • Hugh Davenport's avatar
      Fix permissions of group area (Bug #1034180) · f5cebdef
      Hugh Davenport authored
      A user should not be able to view/publish an artefact if
      - they don't have view/publish permission of that artefact
      - they don't have view permission of all parents of that artefact
      
      A user should not be able to edit an artefact if
      - they don't have edit permission of that artefact
      - they don't have edit permission of the immediate parent of that artefact
      - they don't have view permission of any parents below the immediate
      
      This is similar to the UNIX permissions, you shouldn't be able to view
      a directory unless all directories below have read (r) and executeable (x)
      bits set. The same for editing, you need write (w) permissions of the
      immediate parent, and rx for all parents.
      
      In Mahara, there are no executeable bits, but it can be assumed
      that view is basically the same as rw for container artefacts, and the same
      as r for non container artefacts.
      
      Change-Id: I4f84aca05dd08d02b05fbe084e4724f78c8681a0
      Signed-off-by: default avatarHugh Davenport <hugh@catalyst.net.nz>
      f5cebdef
  20. 24 Sep, 2013 1 commit
  21. 22 Sep, 2013 1 commit
  22. 19 Sep, 2013 1 commit
  23. 16 Sep, 2013 1 commit
  24. 02 Sep, 2013 1 commit