1. 23 Sep, 2015 1 commit
  2. 16 Apr, 2015 1 commit
    • Robert Lyon's avatar
      Stopping SWF files XSS exploitation (Bug #1190788) · 91f15848
      Robert Lyon authored
      By doing two things:
      
      1) Getting the embedded SWF object to set the
       allowscriptaccess = "never" and allownetworking = "never"
      
      2) By forcing a 'download file' link to actually download file
      - this goes for all files now that don't have embedded=1
      in their url.
      
      I've done it this way, having the embedded item have extra url param
      so that if a user tries to manipulate a url by removing params it
      will default to force download.
      
      I've merged the changes I'd done here https://reviews.mahara.org/#/c/3522/2
      and I've also cleaned up places where the download=1 was used as that is
      not needed now. Now if there are places where we need to embed rather
      than download we add the embedded=1 to the url.
      
      Change-Id: If5290a7c571d06d4178ef2ae5c4c09ed287403b4
      Signed-off-by: Robert Lyon's avatarRobert Lyon <robertl@catalyst.net.nz>
      91f15848
  3. 08 Oct, 2014 1 commit
  4. 16 Oct, 2013 1 commit
    • Robert Lyon's avatar
      Overlay problems in block edit mode (bug 1240307) · 5665edfb
      Robert Lyon authored
      In Chrome - when editing a block when there is a nearby embedded media video
      block can cause the video part of the block to display over the config
      form making it hard to do editing.
      
      From what the interweb says this is a problem with wmode needing to be
      set.
      
      Change-Id: I8cd2a9c20ac2e14fe52274aeafeead96a7e94c17
      Signed-off-by: Robert Lyon's avatarRobert Lyon <robertl@catalyst.net.nz>
      5665edfb
  5. 14 Oct, 2013 1 commit
  6. 07 Oct, 2013 1 commit
  7. 15 Feb, 2013 2 commits
  8. 30 Sep, 2011 1 commit
  9. 20 Sep, 2011 1 commit
  10. 12 Aug, 2011 1 commit
  11. 13 May, 2011 1 commit
  12. 08 Mar, 2011 1 commit
  13. 27 Jan, 2011 1 commit
  14. 26 Jan, 2011 1 commit
  15. 11 Jan, 2011 1 commit
  16. 04 Nov, 2010 1 commit
  17. 19 Oct, 2010 1 commit
  18. 08 Oct, 2010 1 commit
  19. 10 Sep, 2010 1 commit
  20. 31 Aug, 2010 2 commits
  21. 19 Jul, 2010 1 commit
  22. 26 May, 2010 1 commit
  23. 18 Nov, 2009 1 commit
  24. 28 Oct, 2009 1 commit
  25. 22 Sep, 2009 1 commit
  26. 15 Sep, 2009 1 commit
  27. 01 Jul, 2009 1 commit
  28. 23 Jun, 2009 1 commit
  29. 11 Jun, 2009 1 commit
  30. 09 Jun, 2009 1 commit
  31. 04 Jun, 2009 1 commit
  32. 02 Jun, 2009 1 commit
  33. 19 Apr, 2009 1 commit
  34. 13 Feb, 2009 1 commit
  35. 05 Feb, 2009 1 commit
  36. 29 Jan, 2009 1 commit
    • Nigel McNie's avatar
      (#3063) Make blocktype configuration forms change if they are in a template. · d9f2144b
      Nigel McNie authored
      Now they do things like not making it compulsory to choose an artefact
      if it's a template (as the creator might just want to put the block
      there), and removing some options that only make sense in Views.
      
      There's a parameter for instance_config_form and artefactchooser_element
      to allow the Blocktype to detemine whether it's in a template easily.
      d9f2144b
  37. 18 Nov, 2008 1 commit
  38. 20 Oct, 2008 1 commit