1. 02 Apr, 2014 2 commits
  2. 01 Apr, 2014 2 commits
    • Ghada El-Zoghbi's avatar
      Bug1075760: reporting objectional material with no message doesn't get sent to... · 8c7a5e68
      Ghada El-Zoghbi authored
      Bug1075760: reporting objectional material with no message doesn't get sent to admin with digest emails
      
      Email digest table has a not null contraint for the message field:
      1. Force the user to enter something in the objectionable comment.
      2. Other areas: if a user enteres a message (i.e. in a forum)
      which is made up of html (i.e. a smiley face),
      the message gets 'cleaned' by stripping html tags.
      This leaves it empty and fails when trying to insert into the
      email digest table.
      Clean the message with html2text instead of str_shorten_html.
      3. As a last resort, before inserting into the email digest table,
      make sure there is at least a space in the message field (if it's empty).
      
      Change-Id: I05a77e0682017839b34e74241eefb98fb788eab5
      Signed-off-by: default avatarGhada El-Zoghbi <ghada@catalyst-au.net>
      8c7a5e68
    • Robert Lyon's avatar
      Getting mysql not to use CAST() (bug #1081947) · e35d3ea8
      Robert Lyon authored
      In the 1.8+ codebase there are only two places where both mysql and
      postgres use CAST(). So I've tried altering the calls so that mysql
      doens't need to use CAST().
      
      This will probably need to be tested with a large data mysql db site
      to see if any speed gains are made, and also the calls are still
      working correctly.
      
      All other places it is being used by postgres only
      Signed-off-by: Robert Lyon's avatarRobert Lyon <robertl@catalyst.net.nz>
      
      Change-Id: I9eaf196d062ef2a62bfdae0df179281f3411c392
      e35d3ea8
  3. 25 Feb, 2014 1 commit
  4. 14 Jan, 2014 1 commit
  5. 06 Jan, 2014 1 commit
    • Aaron Wells's avatar
      Override MySQL's check for accidental large queries · f4e4b44f
      Aaron Wells authored
      Bug 1070046: MySQL has an optional server config option, "MAX_JOIN_SIZE",
      which throws an error if you try to run a SQL query that MySQL's strategizer
      thinks will require it to evaluate more than MAX_JOIN_SIZE rows. This is
      intended to prevent the user from accidentally running giant queries that
      will never finish, but some Mahara queries (which are large but will finish)
      can trip it. Adding SQL_BIG_SELECTS=1 tels it that our queries are *not*
      accidentally large.
      
      Also has order change for bug 1184450
      
      Change-Id: I6db4699ea765d3213d13eb93b8de098914db24e0
      f4e4b44f
  6. 23 Dec, 2013 1 commit
  7. 21 Nov, 2013 1 commit
  8. 28 Oct, 2013 2 commits
  9. 25 Oct, 2013 1 commit
  10. 22 Oct, 2013 1 commit
    • Robert Lyon's avatar
      Allowing pieform error text to not be escaped if needed (Bug 1239539) · bd33b9c8
      Robert Lyon authored
      Currently if there is html in an error message used by pieforms it
      escapes the html so the link becomes not usable.
      
      I have made a change where you can tell pieforms not to escape the
      error message.
      
      So instead of using:
      $form->set_error($field, $message);
      
      you can use:
      $form->set_error($field, $message, false);
      
      Where false means do not escape the message.
      
      As the terms and conditions are displayed on the page already I've
      updated the link to jump to the terms section
      
      Change-Id: Ia8650a9f2284fb007cbe81a4a94223f127c4f6cd
      Signed-off-by: Robert Lyon's avatarRobert Lyon <robertl@catalyst.net.nz>
      bd33b9c8
  11. 02 Oct, 2013 3 commits
  12. 24 Sep, 2013 1 commit
  13. 29 Aug, 2013 1 commit
  14. 22 Aug, 2013 1 commit
    • Aaron Wells's avatar
      Correct Mahara 1.6 version number · cf3deb95
      Aaron Wells authored
      The patch for Bug #1207140 erroneously raised the Mahara 1.6 version number too high.
      Mahara versioning policy says that version numbers within a stable branch should only
      increment by 1.
      
      Change-Id: Iedcca7281494f4826df60621fe48df0cba4f36e1
      cf3deb95
  15. 20 Aug, 2013 1 commit
  16. 24 Jul, 2013 2 commits
  17. 12 Jul, 2013 1 commit
    • Robert Lyon's avatar
      Fix for bulk user change auth method problem (Bug #1180194) · 7d6ab3e3
      Robert Lyon authored
      The auth_remote_user db table was not being updated correctly when
      users were being moved from one auth method to another in bulk.
      Fix adds in the correct lines to that table. Code similar to what
      is used in admin/users/edit.php for single user update.
      
      Moved some things around to improve performance and fixed a mistake
      
      Change-Id: Ieb2d453bc06646444aadaff92ea5b42af4246411
      Signed-off-by: Robert Lyon's avatarRobert Lyon <robertl@catalyst.net.nz>
      7d6ab3e3
  18. 01 Jul, 2013 2 commits
    • Aaron Wells's avatar
      Bug #1132370 Remove create_function() from dml.php to save memory · 2ba43bfd
      Aaron Wells authored
      Functions created by create_function() don't ever get deallocated,
      which contributes to scripts running out of memory.
      
      Change-Id: Ifd78bf05bab67a9b1593a7d9722dd2433e7ad7ca
      Signed-off-by: Aaron Wells's avatarAaron Wells <aaronw@catalyst.net.nz>
      2ba43bfd
    • Aaron Wells's avatar
      Making links to directory index.php files more explicit · 9b440fec
      Aaron Wells authored
      Bug #1150831: Some links to directory index.php files left off the
      trailing slash,
      i.e. "{$WWWROOT}/view". This caused unnecessary redirects and greater
      potential for
      errors in users' web server setups. While I was at it, for all links to
      directories
      other than $WWWROOT itself, I changed them to be explicitly links to
      "index.php".
      
      Also fixed the Windows-style line endings in homeinfo.tpl
      
      Fix all implicit links
      
      Change-Id: I82b2cb51d5af161e1b41c272178476e156991032
      9b440fec
  19. 10 Jun, 2013 1 commit
  20. 02 May, 2013 4 commits
  21. 15 Apr, 2013 3 commits
  22. 15 Feb, 2013 2 commits
  23. 30 Dec, 2012 1 commit
  24. 12 Dec, 2012 1 commit
  25. 23 Nov, 2012 2 commits
  26. 22 Nov, 2012 1 commit
    • Hugh Davenport's avatar
      Bug #1079498: Fix XSS in pagination URL · 15555335
      Hugh Davenport authored
      Currently, the url of a pagination (used for the prev/next links as
      well as the numbered pages, and also the POST action in the form tag
      used for selecting a variable limit, added in the commit listed below)
      was not santized on output. This was discovered from the group member
      search page which passed in the query as a GET paramter in the URL for
      the pages. This uses slightly different code to some of the newer
      paginations, but it may affect other places that use similar era
      pagination setup.
      
      The commit introducing the new selector for a variable limit was
       f3162f80
      
      This patch fixes this by sanitizing the url on output, in both the form
      tag and the prev/next and numbered links.
      
      CVE-2012-2253
      Signed-off-by: default avatarHugh Davenport <hugh@catalyst.net.nz>
      Change-Id: Id9ed08ef5e61b12580e28f4b18975b2c409b594d
      15555335