Signed-off-by: ¨Lorena <lorena.paoletti@gmail.com>
(cherry picked from commit 3fccdaa6ddb13526084b195e7fcf9b8ec12bf01e)

This is not exploitable because validation of the shortname field
prevents admins from adding quotes to an institution's name.
Signed-off-by: Francois Marier <francois@catalyst.net.nz>

This was not exploitable, but will reduce the risk that a SQL injection
will be accidentally introduced in the future.
Signed-off-by: Francois Marier <francois@catalyst.net.nz>

This is not a security fix but rather a cleanup to harden this code
and make it harder to accidentally introduce a SQL injection in the
future.
Signed-off-by: Francois Marier <francois@catalyst.net.nz>

This is not a security fix but rather a cleanup to harden this code
and make it harder to accidentally introduce a SQL injection in the
future.
Signed-off-by: Francois Marier <francois@catalyst.net.nz>

Signed-off-by: Francois Marier <francois@catalyst.net.nz>

Signed-off-by: Francois Marier <francois@catalyst.net.nz>

Signed-off-by: Francois Marier <francois@catalyst.net.nz>

Signed-off-by: Francois Marier <francois@catalyst.net.nz>

These parameters were already sanitised.
Signed-off-by: Francois Marier <francois@catalyst.net.nz>

(based on http://www.petefreitag.com/tools/sql_reserved_words_checker/

)
Signed-off-by: Francois Marier <francois@catalyst.net.nz>

This is a cleanup only, both orders work fine.
Signed-off-by: Francois Marier <francois@catalyst.net.nz>

Signed-off-by: Francois Marier <francois@catalyst.net.nz>

Signed-off-by: Richard Mansfield <richardm@catalyst.net.nz>

Signed-off-by: Richard Mansfield <richardm@catalyst.net.nz>

The only change is the license. This i now dual license under the
PHP license and the LGPL v2.1 or later.

We do not have any customisations to this file.
Signed-off-by: Francois Marier <francois@catalyst.net.nz>

This reverts commit 40a877c4.

As of a5aa41991d903856a50a0a276cb717de05f87dd3, these modules are
no longer used in Mahara.
Signed-off-by: Francois Marier <francois@catalyst.net.nz>

This will remove a dependency on a badly licensed module.
Signed-off-by: Francois Marier <francois@catalyst.net.nz>

This prevents a fatal error in the require_once() call just below.
Signed-off-by: Francois Marier <francois@catalyst.net.nz>

We don't use this and the directory is full of executable PHP files.
Signed-off-by: Francois Marier <francois@catalyst.net.nz>

When running under nginx, these files are somehow recognised as
application/javascript.
Signed-off-by: Francois Marier <francois@catalyst.net.nz>

Signed-off-by: Richard Mansfield <richardm@catalyst.net.nz>

Both upstream authors agreed to the license change.

From Jason Lotito <jasonlotito@gmail.com>:

  "Any code I contributed can be released under the LGPL 2.1, or later,
  as needed to make it compatible with Image_Graph and Image_Canvas.

  Jason"

and from Andrew Morton <drewish@katherinehouse.com>:

  "Sounds like Jason's on board and since he's contributed the majority
  of code, I'd be happy to relicense any code I contributed to the
  project.

  andrew"
Signed-off-by: Francois Marier <francois@catalyst.net.nz>

Signed-off-by: Francois Marier <francois@catalyst.net.nz>

See Eduforge #2318 or LP #547951.

(cherry picked from commit 4bdafccb

)
Signed-off-by: Francois Marier <francois@catalyst.net.nz>

And implicit count() of the array keys/columns. This shaves a good 5%
of the exec time of get_records('config')

(cherry picked from commit 4652e561

)
Signed-off-by: Francois Marier <francois@catalyst.net.nz>

This was reported in the forums by Bruce Ellis:

  http://mahara.org/interaction/forum/topic.php?id=131

and corresponds to Eduforge #3159 and LP #547934.

(cherry picked from commit d2b9a10c

)
Signed-off-by: Francois Marier <francois@catalyst.net.nz>

The only security issue fixed since 4.92 has to do with those sites
where magic_quotes_sybase is turned ON, so it's not an issue for us.

This will most likely help with LP #572189.
Signed-off-by: Francois Marier <francois@catalyst.net.nz>

The main difference in this version is the license which is now
compatible with the GPL.

The Exception class has zero code changes.
Signed-off-by: Francois Marier <francois@catalyst.net.nz>

Signed-off-by: Francois Marier <francois@catalyst.net.nz>

Nothing worth mentioning, just keeping up with upstream versions...
Signed-off-by: Francois Marier <francois@catalyst.net.nz>

This version fixes a security bug which is not relevant to existing
Mahara installations since it has to do with auto_escape=on (which
is still off by default in Mahara).
Signed-off-by: Francois Marier <francois@catalyst.net.nz>

I should have removed these as part of 670ddc5a

Signed-off-by: Francois Marier <francois@catalyst.net.nz>

Signed-off-by: Francois Marier <francois@catalyst.net.nz>

To get this file, just run test/selenium/generate-testsuites.py
Signed-off-by: Francois Marier <francois@catalyst.net.nz>