1. 14 Dec, 2015 1 commit
    • Aaron Wells's avatar
      Rename $CFG->siteclosed to $CFG->siteclosedforupgrade · 1404fe80
      Aaron Wells authored
      Bug 1526101: This should help make it clearer what's going
      on in init.php and the related auth code, by making the
      distinction between $CFG->siteclosed and $CFG->siteclosedbyadmin
      clearer.
      
      behatnotneeded: Covered by existing tests
      
      Change-Id: I8bc728622ae965ce25b55ee4b55278771fc1eedc
      1404fe80
  2. 12 Dec, 2015 1 commit
  3. 25 Nov, 2015 1 commit
  4. 11 Nov, 2015 1 commit
    • Jono Mingard's avatar
      Remove unused and superfluous JavaScript (Bug #1323920) · a4dc90b3
      Jono Mingard authored
      Some of these files aren't loaded on any pages, some (ie. debug.js)
      are no longer necessary with modern debugging tools, and some have
      been replaced by Bootstrap functionality
      
      behatnotneeded: should be functionally identical
      
      Change-Id: I6d1b3874de5d42ccc00a8c0d2bb0e8bc162747d4
      a4dc90b3
  5. 23 Sep, 2015 1 commit
  6. 20 Jun, 2015 1 commit
  7. 15 Jun, 2015 4 commits
  8. 19 May, 2015 1 commit
  9. 27 Mar, 2015 1 commit
    • Aaron Wells's avatar
      Bug 1427901: Performance improvements for cron · b4c1755f
      Aaron Wells authored
      - Cron doesn't need to run auth_setup()
      - Don't run cron when site is closed for upgrade
      - Get rid of forcelocalupgrade() option because it's no longer needed
      
      Change-Id: I1718b13337c50fadc0573d04f5b3d6b20bc842c2
      b4c1755f
  10. 02 Mar, 2015 1 commit
  11. 04 Dec, 2014 1 commit
  12. 03 Dec, 2014 1 commit
  13. 30 Oct, 2014 1 commit
  14. 15 Oct, 2014 1 commit
    • Aaron Wells's avatar
      Removing the redundant new local function for style overrides · 20da6bf8
      Aaron Wells authored
      Bug 1346926: This bug replicates the functionality of the
      newly enhanced (in bug 1328310) local/theme directory. I'm
      updating the documentation of local/theme at the same time,
      to try to avoid this kind of replication in future.
      
      Change-Id: Ia36442ac264f5e0740278592e734ddc0838bb80f
      20da6bf8
  15. 22 Jul, 2014 1 commit
  16. 30 Jun, 2014 1 commit
  17. 16 Jun, 2014 1 commit
  18. 04 Jun, 2014 1 commit
  19. 29 Jan, 2014 1 commit
  20. 21 Jan, 2014 1 commit
  21. 13 Jan, 2014 1 commit
    • Aaron Wells's avatar
      Silence most E_STRICT errors · 8d17e071
      Aaron Wells authored
      Bug 1268746: In PHP 5.4 E_ALL changed to include E_STRICT, causing Mahara to throw
      a lot of strict standards errors. This should silence most of them.
      
      HOWEVER, because most strict standards happen at compile-time, this will have no
      effect on strict standards errors caused in the files that have already been
      loaded by the time we call error_reporting() and set_error_handler(), which includes:
       - The file invoked directly by the URL
       - init.php
       - errors.php
       - config.php
       - config-defaults.php
      
      Change-Id: I7a7fdf7facb1f30e186a0e8a27f1c3b7473200da
      8d17e071
  22. 15 Dec, 2013 1 commit
  23. 12 Nov, 2013 1 commit
  24. 06 Nov, 2013 1 commit
  25. 14 Oct, 2013 1 commit
  26. 23 Sep, 2013 1 commit
  27. 18 Jun, 2013 1 commit
    • Aaron Wells's avatar
      Making links to directory index.php files more explicit · 1c56a922
      Aaron Wells authored
      Bug #1150831: Some links to directory index.php files left off the
      trailing slash,
      i.e. "{$WWWROOT}/view". This caused unnecessary redirects and greater
      potential for
      errors in users' web server setups. While I was at it, for all links to
      directories
      other than $WWWROOT itself, I changed them to be explicitly links to
      "index.php".
      
      Also fixed the Windows-style line endings in homeinfo.tpl
      
      Fix all implicit links
      
      Change-Id: I87b285713e5cb1cfe785ceedd2702e5c2578058b
      1c56a922
  28. 01 May, 2013 1 commit
  29. 15 Apr, 2013 1 commit
  30. 03 Feb, 2013 1 commit
  31. 10 Oct, 2012 2 commits
    • Hugh Davenport's avatar
      Fix Click-Jacking attack on account deletion page · b480b81a
      Hugh Davenport authored
      This attack has been mitigated by adding a HTTP header
      of X-Frame-Options to every page in Mahara.
      
      Bug #1057240
      CVE-2012-2246
      
      Change-Id: Ia15bb43c83054ffa5540d71fcc932266b92d288f
      Signed-off-by: default avatarHugh Davenport <hugh@catalyst.net.nz>
      b480b81a
    • Hugh Davenport's avatar
      Fix saved file permissions · e85c165f
      Hugh Davenport authored
      Bug #1057238
      CVE-2012-2244
      
      Currently, files that are saved by Mahara use the
      directorypermissions config option, which defaults to
      0700, which allows execution.
      
      This allows users to potentially upload files with
      executable bits set, and if they have control of the
      config options pathtoclam, pathtozip, or pathtounzip
      then they could run this command when one of those
      commands are invocated.
      
      This patch bitwise-AND's the directory permissions
      config with 0666, which removes any executable bit
      and sets the result as a new config option
      filepermissions.
      
      A change the upload code to use this new option is made
      
      Change-Id: I088d9873de7797d5a9aefc2401301f8b855ed592
      Signed-off-by: default avatarHugh Davenport <hugh@catalyst.net.nz>
      e85c165f
  32. 27 Sep, 2012 1 commit
  33. 25 Sep, 2012 1 commit
    • Hugh Davenport's avatar
      Add option to disable device detection · 109eb4a5
      Hugh Davenport authored
      Also add a few theme changes that allow some more
      features on small devices.
      - Printing links
      - Settings link in top right corner
      - Create/copy page/collection link
      - Edit/delete buttons
      - Remove group members button
      - Help icons
      - Administration link
      
      Also made the admin link show in full
      
      The items that are disabled when device detection is on
      and user is on a mobile device are:
      - TinyMCE editor
      - Adding new blocks to pages, this is now a non-js version
      - Dropdown menu's
      - Export functionality
      
      Bug #1052060
      
      Change-Id: I5a8fe3cf136bb0c3e76e50a2b3bc48179c675b6a
      Signed-off-by: default avatarHugh Davenport <hugh@catalyst.net.nz>
      109eb4a5
  34. 19 Sep, 2012 3 commits