GitLab

Bug 1465107: Use Bootstrap CSS Framework

Change-Id: I1f631d6f2637b22e00ea9e0972f0447a52304f4c

Bug 1465107: Use Bootstrap CSS Framework

Change-Id: I2b5928352dc8675162e6f5e00b3424b82456e382

In case the site has port specified in its server['HOST'].

Change-Id: Ia033270487a14a537dada5697b8c2d3848d490fa
Signed-off-by: Robert Lyon <robertl@catalyst.net.nz>

- Cron doesn't need to run auth_setup()
- Don't run cron when site is closed for upgrade
- Get rid of forcelocalupgrade() option because it's no longer needed

Change-Id: I1718b13337c50fadc0573d04f5b3d6b20bc842c2

We seem to be calling it on every page load - so for a page with lots
of blocks it means a lot of calls.

When really we should call it once when a user first arrives as they
won't be switching devices during their session.

Change-Id: Id939ad83c5acfdbcdd358691def25bd2e5f5a592
Signed-off-by: Robert Lyon <robertl@catalyst.net.nz>

Changing the value from postgres7 to postgres as we are really only
supporting postgres 8.3+

Also updated the list of reserved keywords to contain all the reserved keywords
that exist in postgres 8.3.
And added new postgres 9.3 reserved words to end of list

Change-Id: Ia233b8f21bff9983cf6918691283886467a607e4
Signed-off-by: Robert Lyon <robertl@catalyst.net.nz>

Change-Id: I7a1f7d42d9739a9ab1507d56aaf3a51ee0e7ef1a

Bug 1387903

Change-Id: I369d58f85c944f4be2bc2965c080b2c4c86dadc1

Bug 1346926: This bug replicates the functionality of the
newly enhanced (in bug 1328310) local/theme directory. I'm
updating the documentation of local/theme at the same time,
to try to avoid this kind of replication in future.

Change-Id: Ia36442ac264f5e0740278592e734ddc0838bb80f

Bug 1268746

Change-Id: I438629b7bb03590b4f5875c07381f500569c80d1

Bug 547932: The module bootstrap code relies on the existence of the
module_installed table, which isn't present until after you upgrade.

Change-Id: I34075dec8e4d8671b71b3023774b44343a5d50ca

Change-Id: I5558449a0d5c4911bfaec166d185ebd1da863f1c
Signed-off-by: Valerii Kuznetsov <valerii.kuznetsov@totaralms.com>

As vetted in the May 2014 dev meeting
http://meetbot.mahara.org/mahara-dev/2014/mahara-dev.2014-05-01-08.01.log.html

Change-Id: I353ed74d69a5346fbe4e8e521e5c349dbe8dcbac

- TO DO: will need to make sure that the results returned by public
search are allowed to be seen by the public

Change-Id: I1787bd1ba0f26d5f7ea86d5d7f1562987f98381c
Signed-off-by: Robert Lyon <robertl@catalyst.net.nz>

This reverts commit 1cdc0486.

The JSDetector class has caused three regressions so far (Bug 1270846,
Bug 1261610, and Bug 1268788). Since it's been buggy and it's not
actively in use anywhere in the site, I think we should revert it.

Change-Id: If32d5adf8733ce3f455aab09a5d138c7707ae95d

Bug 1268746: In PHP 5.4 E_ALL changed to include E_STRICT, causing Mahara to throw
a lot of strict standards errors. This should silence most of them.

HOWEVER, because most strict standards happen at compile-time, this will have no
effect on strict standards errors caused in the files that have already been
loaded by the time we call error_reporting() and set_error_handler(), which includes:
 - The file invoked directly by the URL
 - init.php
 - errors.php
 - config.php
 - config-defaults.php

Change-Id: I7a7fdf7facb1f30e186a0e8a27f1c3b7473200da

1. Add the begining of PHP file, call
JavascriptDetector::check_javascript();

2. Call JavascriptDetector::is_javascript_activated()
 or $SESSION->get('javascriptenabled') to get the current status.

3. Call JavascriptDetector::reset() when users logout.

Change-Id: Ia12e1678ae2f3f74f3b8e5fb2c0bfdd20d5ae906
Signed-off-by: Son Nguyen <son.nguyen@catalyst.net.nz>

Bug 1250256

Change-Id: Iefd489adb4f7d458d1e8b45727fab5509c61398b

Bug1247715: The mysqli driver doesn't support sending "hostname:port" but it and
the others do support setting a $db->port field manually.

Change-Id: I4f145d8a424717dbb9bed53f78cfc01f521c9dae

- have updated copyright for the pages that had existing copyright
notices (except for the lib/pieforms/ section as i'm not too sure if
that needs changing as it is a different Catalyst IT product)

Change-Id: I11c65ad26cb9cd856cf16b1dccbd4223ba086645
Signed-off-by: Robert Lyon <robertl@catalyst.net.nz>
Signed-off-by: Aaron Wells <aaronw@catalyst.net.nz>

Upgrade our ADODB driver from the long-obsolete mysql driver to the actively developed mysqli driver

Bug 1187964: The biggest improvement is that the ADODB mysqli driver actually supports transactions!

Change-Id: I8e55ea28cd6e6b8ed5c883646c1172d318af5554

Bug #1150831: Some links to directory index.php files left off the
trailing slash,
i.e. "{$WWWROOT}/view". This caused unnecessary redirects and greater
potential for
errors in users' web server setups. While I was at it, for all links to
directories
other than $WWWROOT itself, I changed them to be explicitly links to
"index.php".

Also fixed the Windows-style line endings in homeinfo.tpl

Fix all implicit links

Change-Id: I87b285713e5cb1cfe785ceedd2702e5c2578058b

Bug1047111

Change-Id: I850603dbc1d85f4360ce227d2658e5abb51af1aa

Change-Id: I9b1b992516f5f1005e9a5a1ec89c84777fe7b242
Signed-off-by: Aaron Wells <aaronw@catalyst.net.nz>

Currently does the following:
 - Displays logging to screen as well as errorlog
 - Turn on debugjs, debugcss, and don't pack js
 - Print performance statistics to foot
 - Disable caching

Change-Id: I4571838ffea6b1510124bc14165eba8b3cc915c4
Signed-off-by: Hugh Davenport <hugh@catalyst.net.nz>

This attack has been mitigated by adding a HTTP header
of X-Frame-Options to every page in Mahara.

Bug #1057240
CVE-2012-2246

Change-Id: Ia15bb43c83054ffa5540d71fcc932266b92d288f
Signed-off-by: Hugh Davenport <hugh@catalyst.net.nz>

Bug #1057238
CVE-2012-2244

Currently, files that are saved by Mahara use the
directorypermissions config option, which defaults to
0700, which allows execution.

This allows users to potentially upload files with
executable bits set, and if they have control of the
config options pathtoclam, pathtozip, or pathtounzip
then they could run this command when one of those
commands are invocated.

This patch bitwise-AND's the directory permissions
config with 0666, which removes any executable bit
and sets the result as a new config option
filepermissions.

A change the upload code to use this new option is made

Change-Id: I088d9873de7797d5a9aefc2401301f8b855ed592
Signed-off-by: Hugh Davenport <hugh@catalyst.net.nz>

#1057226)

Before get the user's account preferences, make sure Mahara site has
been installed.

Change-Id: I49c8b12d5ed0b88c5856488ac9a11500c0cd6824
Signed-off-by: Son Nguyen <son.nguyen@catalyst.net.nz>

Also add a few theme changes that allow some more
features on small devices.
- Printing links
- Settings link in top right corner
- Create/copy page/collection link
- Edit/delete buttons
- Remove group members button
- Help icons
- Administration link

Also made the admin link show in full

The items that are disabled when device detection is on
and user is on a mobile device are:
- TinyMCE editor
- Adding new blocks to pages, this is now a non-js version
- Dropdown menu's
- Export functionality

Bug #1052060

Change-Id: I5a8fe3cf136bb0c3e76e50a2b3bc48179c675b6a
Signed-off-by: Hugh Davenport <hugh@catalyst.net.nz>

This reverts commit 303409a1.

This reverts commit c416b976.

Change-Id: I56d983658fcf3ceb64b45657ace446276177abf5

Bug #1052060

Change-Id: I5a8fe3cf136bb0c3e76e50a2b3bc48179c675b6a
Signed-off-by: Hugh Davenport <hugh@catalyst.net.nz>

Change-Id: I1b67268996515858a797e54adfff6d6fb6cafc9c
Signed-off-by: Melissa Draper <melissa@catalyst.net.nz>

Bug #1041645

Change-Id: I5b7b65e7335529ccd1949b3d1ea94e4f3b1efa42
Signed-off-by: Hugh Davenport <hugh@catalyst.net.nz>

When user subdomain urls are enabled, parts of the site are at
subdomains under wwwroot, and we need to ensure that cookies are set
with the main site domain to ensure users stay logged in when they go
to profile pages.

Change-Id: I8c8ac4e01078ff926ade7d28ff8d15566d3391e1

Three new hooks are added:

local_init_user() - called after $USER is initialised.  This is useful
for changing the user's theme before $THEME is initialised.

local_register_submit() - called when the registration form is
successfully submitted, but before the submitted values are saved to
usr_registration.  This is useful for remembering the properties or
preferences of the logged-out user when the form was submitted.

local_post_register() - called after a user has successfully been
created and logged in during registration.  This is useful when
properties of the user (which may have been saved to usr_registration
by local_register_submit()) need to be transferred to the newly
registered user.

Change-Id: Ifcb19737bdcecb550185624f2fd78e541690a337
Signed-off-by: Richard Mansfield <richard.mansfield@catalyst.net.nz>

Earlier versions of postgres are now unsupported, and this change will
fix the upgrade failure in bug #961728.

Change-Id: I2b7ea46515142d0d3fc601cf8ec99e15a85bc933
Signed-off-by: Richard Mansfield <richard.mansfield@catalyst.net.nz>

This changes the internal authentication plugin to use
bcrypt instead of sha1.

It also introduces a fast hash (SHA512) for bulk operations.
This hash is updated on user login to the bcrypt hash.

Bug #843568

See https://wiki.mahara.org/index.php/Developer_Area/Specifications_in_Development/Improve_Password_Storage

Change-Id: Ibf2f71bb5b5a5279dbc16ccda781ad99e81c59b8
Signed-off-by: Hugh Davenport <hugh@catalyst.net.nz>

This commit adds a Command Line Interface install and upgrade mechanism.
This should provide for unattended installations and upgrades.

Change-Id: I7eaff22f76e30345102405b302bb12fdbd897d4c
Signed-off-by: Andrew Robert Nicols <andrew.nicols@luns.net.uk>