1. 02 Apr, 2014 2 commits
  2. 01 Apr, 2014 3 commits
    • Aaron Wells's avatar
      Check that account is valid before logging in via password reset · 3475f03a
      Aaron Wells authored
      Bug1284876: Without this, a suspended user can log in via a password
      reset email
      Change-Id: I5cb8f2978cdc2c6c0a6975a3fbfd2dfdc1d9bcc5
    • Ghada El-Zoghbi's avatar
      Bug1075760: reporting objectional material with no message doesn't get sent to... · 8c7a5e68
      Ghada El-Zoghbi authored
      Bug1075760: reporting objectional material with no message doesn't get sent to admin with digest emails
      Email digest table has a not null contraint for the message field:
      1. Force the user to enter something in the objectionable comment.
      2. Other areas: if a user enteres a message (i.e. in a forum)
      which is made up of html (i.e. a smiley face),
      the message gets 'cleaned' by stripping html tags.
      This leaves it empty and fails when trying to insert into the
      email digest table.
      Clean the message with html2text instead of str_shorten_html.
      3. As a last resort, before inserting into the email digest table,
      make sure there is at least a space in the message field (if it's empty).
      Change-Id: I05a77e0682017839b34e74241eefb98fb788eab5
      Signed-off-by: default avatarGhada El-Zoghbi <ghada@catalyst-au.net>
    • Robert Lyon's avatar
      Getting mysql not to use CAST() (bug #1081947) · e35d3ea8
      Robert Lyon authored
      In the 1.8+ codebase there are only two places where both mysql and
      postgres use CAST(). So I've tried altering the calls so that mysql
      doens't need to use CAST().
      This will probably need to be tested with a large data mysql db site
      to see if any speed gains are made, and also the calls are still
      working correctly.
      All other places it is being used by postgres only
      Signed-off-by: Robert Lyon's avatarRobert Lyon <robertl@catalyst.net.nz>
      Change-Id: I9eaf196d062ef2a62bfdae0df179281f3411c392
  3. 25 Mar, 2014 1 commit
  4. 25 Feb, 2014 1 commit
  5. 14 Jan, 2014 2 commits
  6. 06 Jan, 2014 1 commit
    • Aaron Wells's avatar
      Override MySQL's check for accidental large queries · f4e4b44f
      Aaron Wells authored
      Bug 1070046: MySQL has an optional server config option, "MAX_JOIN_SIZE",
      which throws an error if you try to run a SQL query that MySQL's strategizer
      thinks will require it to evaluate more than MAX_JOIN_SIZE rows. This is
      intended to prevent the user from accidentally running giant queries that
      will never finish, but some Mahara queries (which are large but will finish)
      can trip it. Adding SQL_BIG_SELECTS=1 tels it that our queries are *not*
      accidentally large.
      Also has order change for bug 1184450
      Change-Id: I6db4699ea765d3213d13eb93b8de098914db24e0
  7. 23 Dec, 2013 3 commits
  8. 12 Dec, 2013 1 commit
    • Aaron Wells's avatar
      Writing a helpfile for "generate sitemap" · 6ad43a71
      Aaron Wells authored
      Bug 974855: It's not great that the helpfile doesn't actually contain the URL for your sitemap,
      but we'd need to implement the ability to put parameters or variables into help files to make that happen.
      Change-Id: I7cc414510ffe78432a4e21d61a829f67ff1d9929
  9. 10 Dec, 2013 2 commits
  10. 05 Dec, 2013 1 commit
  11. 26 Nov, 2013 1 commit
  12. 21 Nov, 2013 1 commit
  13. 28 Oct, 2013 3 commits
  14. 25 Oct, 2013 1 commit
  15. 24 Oct, 2013 2 commits
  16. 22 Oct, 2013 1 commit
    • Robert Lyon's avatar
      Allowing pieform error text to not be escaped if needed (Bug 1239539) · bd33b9c8
      Robert Lyon authored
      Currently if there is html in an error message used by pieforms it
      escapes the html so the link becomes not usable.
      I have made a change where you can tell pieforms not to escape the
      error message.
      So instead of using:
      $form->set_error($field, $message);
      you can use:
      $form->set_error($field, $message, false);
      Where false means do not escape the message.
      As the terms and conditions are displayed on the page already I've
      updated the link to jump to the terms section
      Change-Id: Ia8650a9f2284fb007cbe81a4a94223f127c4f6cd
      Signed-off-by: Robert Lyon's avatarRobert Lyon <robertl@catalyst.net.nz>
  17. 08 Oct, 2013 1 commit
    • Aaron Wells's avatar
      Update session-cached display name when deleting it · 6ecbe067
      Aaron Wells authored
      Bug 1223063: ArtefactTypeCachedProfileField was only updating
      the session cache when you updated a value, not when you deleted it.
      Of course, the only one that can get deleted and that is shown
      anywhere is the PreferredName (aka display name) so only this
      one shows the problem.
      Change-Id: I55f9c96b59c91ced5cba3cf6443ba2e222201ef7
      Signed-off-by: Aaron Wells's avatarAaron Wells <aaronw@catalyst.net.nz>
  18. 02 Oct, 2013 5 commits
  19. 01 Oct, 2013 3 commits
    • Kristina Hoeppner's avatar
      Add alt and title tag for blocks (Bug #1218684) · 971fa738
      Kristina Hoeppner authored
      IE only picks up the alt and not the title
      tag. I added both so that users will see the
      Change-Id: I2f1c9342363d3372e5aa1549da7fcfc3086177b1
      Signed-off-by: Kristina Hoeppner's avatarKristina D.C. Hoeppner <kristina@catalyst.net.nz>
    • Kristina Hoeppner's avatar
      Add missing lang string for warning (Bug #1227372) · e147f3c9
      Kristina Hoeppner authored
      Lang string was missing for "Allowed iframe sources"
      Change-Id: I1cab612134a334fac7f0ca54fcf406b4a08f3226
      Signed-off-by: Kristina Hoeppner's avatarKristina D.C. Hoeppner <kristina@catalyst.net.nz>
    • Hugh Davenport's avatar
      Fix permissions of group area (Bug #1034180) · f5cebdef
      Hugh Davenport authored
      A user should not be able to view/publish an artefact if
      - they don't have view/publish permission of that artefact
      - they don't have view permission of all parents of that artefact
      A user should not be able to edit an artefact if
      - they don't have edit permission of that artefact
      - they don't have edit permission of the immediate parent of that artefact
      - they don't have view permission of any parents below the immediate
      This is similar to the UNIX permissions, you shouldn't be able to view
      a directory unless all directories below have read (r) and executeable (x)
      bits set. The same for editing, you need write (w) permissions of the
      immediate parent, and rx for all parents.
      In Mahara, there are no executeable bits, but it can be assumed
      that view is basically the same as rw for container artefacts, and the same
      as r for non container artefacts.
      Change-Id: I4f84aca05dd08d02b05fbe084e4724f78c8681a0
      Signed-off-by: default avatarHugh Davenport <hugh@catalyst.net.nz>
  20. 24 Sep, 2013 1 commit
  21. 22 Sep, 2013 1 commit
  22. 19 Sep, 2013 1 commit
  23. 16 Sep, 2013 1 commit
  24. 02 Sep, 2013 1 commit